Critical Security Incident Response Manager

The Security Incident Response Manager is an integral part of the Global Critical Security Incident Management team. You will be the operational service, managing and responding to validated critical security incidents (P1/2, VIP incidents...) both technical and non-technical, with the objective of controlling impact within acceptable levels.
Following identification of a critical security incident, the Incident Response Manager will be responsible for the execution of a Critical Security Incident Response Plan with the effective coordination of resources across DXC’s service lines and CISO team as needed to achieve a successful outcome. Collaboration with the appropriate Client Security Teams, Security Delivery Leads and Account General Managers is CRITICAL.
The successful candidate will establish strong trust relationships with primary stakeholders and be responsible for documenting and communicating the status of critical incidents in the dynamic environment of a critical security incident.
Reporting may include:
DXC running costs for management and remediation efforts
Continuing business risk/exposure
Legal implications
Regulatory impact
Law enforcement involvement
Industry suggestions
Remediation plan
Closure plans
Lessons learned


Remediation efforts will involve working closely with the Security Operations Centre (SOC), Cyber Defense Centers and Digital Forensic Investigation (DFI) technical teams and other subject matter experts to determine the root cause of incidents and identify control weaknesses, compliance breaches, operational loss events. Reports will be provided to all stakeholders to identify the root cause and make the necessary recommendations.
The team is newly forming and dynamic in nature and presents the successful candidate with an opportunity to influence the future direction of the Critical Security Incident Management Team. It will be expected that a successful candidate will help significantly in the development of this capability and ultimately the service that DXC can sell. This is not a “business as usual” position and it will challenge the successful candidate to be creative, innovative and entrepreneurial.
Key Areas of Responsibility
Effective handling and co-ordination of Critical Security Incident response activities in order to minimize impact across DXC clients
Responsibility for supervising incident response tasks and overall ownership (initial development) of the Critical Security Incident Response Plan remaining on task throughout the incident
Effective co-ordination of global resources.
Create, develop and lead the Critical Security Incident Response Team
Conduct/assist root cause analysis, identify information security weakness, develop corrective actions and risk management input as needed.
Validate, verify and report protective or countermeasure solutions, both technical and administrative
Provision of Critical Incident Response Report and lessons learnt to key stakeholders.
Deal with legal and law enforcement-related issues as required
Remain current on developments affecting information risk and advise department management
Develop and maintain a critical vulnerability management system to effectively communicate with DXC clients when a “Zero Day” vulnerability is discovered e.g., SolarWinds).



Qualifications & Experience
Qualified to degree level or equivalent experience
Professional certifications in Information Security desirable (CISSP/CISM)
Proven track record in incident management and problem solving with experience of creating and managing operational processes
Project Management/Service Management qualifications a plus
Due to the nature of some of our clients a current security clearance is preferable, or willingness to attain security clearance.



Essential Skills
A self-motivated individual with a flexible approach to working
Experience of working as an Incident Manager, or as a lead within an Information Security Response Team.
Understanding of incident handling skills – techniques, decision points and supporting tools
Ability to manage complex situations which could potentially impact the customer business both operationally and financially.
Ability to remain calm and focused in high pressure situations identifying business resources essential to recovery.
Ability to resolve customer issues with a virtual team who may work in different departments across the global.
Excellent interpersonal skills with the ability to interpret and explain technical problems to non-technical business stakeholders at all levels.
Demonstrable experience of post-incident review practices.
Develop and maintain a strong relationship and trust with the Client Security Teams and Security Delivery Leads.
Foundation technical skills – good understanding of underlying security technologies.
Strong verbal and written communication skills with experience of writing and presenting reports for audiences at all levels, especially senior management



Desirable Skills
Knowledge of types and sources of tools and equipment required to adequately equip an Incident Response Team.
Knowledge of forensic requirements for collecting and presenting evidence
An active interest in Internet Security, incident detection, network and systems security