Deloitte Incident Response Manager in Atlanta, Georgia

Deloitte is one of the leading professional services organizations in the United States, specializing in audit, tax, consulting and financial advisory services with clients in more than 20 industries. We provide powerful business solutions to some of the world s most well-known and respected companies, including more than 75 percent of the Fortune 100.At Deloitte, you can have a rewarding career on every level. In addition to challenging and meaningful work, you ll have the chance to give back to your community, make a positive impact on the environment, participate in a range of diversity and inclusion initiatives, and find the support, coaching, and training it takes to advance your career. Our commitment to individual choice lets you customize aspects of your career path, your educational opportunities and your benefits. And our culture of innovation means your ideas on how to improve our business and your clients will be heard.Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.Manager, Cyber SecurityPreferred Location: Hermitage/Nashville, TN Job SummaryPrimary duty is to respond to threats exploiting the enclaves or data that provide services supporting the employees of Deloitte. Protects the firm, its customers, reputation, assets and the interests of stakeholders by identifying and managing threats to the achievement of our business objectives. Responding to and managing cyber security incidents that involve the systems or effect the employees of Deloitte. Uses independent judgment and discretion in identifying issues and analyzing risk to ensure systems are returned to normal operations quickly, while ensuring the security and integrity of all data under our authority.Illustrative Duties and ResponsibilitiesLead Cyber Security Incident Response (CSIR) efforts across ITS including determination the criticality of an incident, investigation of incident actions, appropriate containment, and mitigation activities. During an active incident response, prioritize advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc.Oversee the execution of the Cyber Security Incident Response Playbook by the Security Operations Center and others for minor security incidents.Improve Incident Response processes by taking advantage of and Integration with new technologies and capabilities that are implemented by Cyber Security and other areas of ITS.Communicate and document details of incidents and create status reports of tasks performed to stakeholders and provide input to communications to Deloitte leadership.Establish and maintain strong working relationships with all teams required to support incident response including, but not limited to, Messaging, Communications, SOC, Data Protection, STS, GISO, Office of Security, Talent, and OGC.Maintain and update the Cyber Security Incident Response Plan & Playbook, including the comprehensive contact list, call trees and response approaches for new incident scenarios and integration of new tools and capabilities as identified.Support alignment between the Disaster Recovery and Business Continuity programs and Cyber Security Incident Response, including participation in Disaster Recovery testing activities.Drive alignment of ITS CSIR programs with other areas of Deloitte to include: strategy, governance, risk and compliance, disaster recovery and business operations.Act as the lead for table-top exercises, which assess the effectiveness of cyber incident response capabilities across people, processes, and technology. Develop and continually improve CSIR Playbook, SOPs and alignment with Global activities.Able to build strong relationships with and lead teams and individuals without direct reporting relationships.Performs other job-related duties as assigned. Required Technical SkillsExperience leading cyber security incident response during normal daily operations or against advanced persistence threats. Knowledge of forensics, chain of custody and handling digital evidence. Understanding of incident response in a Cloud based environment. Ability to quickly analyze large amounts of information and formulate action plans based on that analysis. Experience interpreting, searching, and manipulating data within enterprise logging solutions. Experience working with network, host, and user activity data, and identifying anomalies. Familiarity with threat intelligence and applied use within incident response and forensic investigations. Excellent written and oral communications skills and able to articulate and present information to all levels of management and staff. Possess strong organizational skills to facilitate management and tracking of large numbers of incidents, events, and efforts. Ability to adapt and operate in a high-tempo, dynamic and stressful environment. Ability to travel as necessary to accomplish tasking, with normal travel requirements around 25% are expected. Required Licenses, Certifications, and Other RequirementsShould have at least one of the following certifications CISSP, CISA, CISM, CCNP Security or CEH. Education & Experience Bachelor s degree in Information Protection, Computer Forensics, Computer Information Security, Computer Science or Computer Engineering, or relevant educational or professional experience. 5 years of experience in cyber security, incident response, network and endpoint security, developing defense-in-depth strategies, log analysis, vulnerability management and forensics.

About Deloitte

As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Disclaimer: If you are not reviewing this job posting on our Careers site ( or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at

Category: Information Technology