CrawlJobs Logo
Cr

Manager, Security Incident Response

https://www.randstad.com Logo

Randstad

Location Icon

Location:
Canada, Toronto

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

The Manager, Security Incident Response will develop, lead, and oversee the end-to-end security incident response process, including preparation, detection, analysis, containment, eradication, recovery, and post-incident review. They will act as the primary point of contact and coordinator during major security incidents, managing incident communications and escalating as needed. The role involves establishing and maintaining incident response playbooks, procedures, and runbooks aligned with industry frameworks (NIST, ISO 27035, SANS, etc.), and coordinating with the Security Operations Center (SOC) team, Threat Intelligence, and Vulnerability Management to proactively detect and respond to potential threats. The manager will also ensure incidents are properly documented, classified, and reported, and lead root cause analysis (RCA) efforts to identify lessons learned. Additionally, they will regularly conduct tabletop exercises and simulations to assess and improve the organization’s incident response readiness.

Job Responsibility:

  • Develop, lead, and oversee the end-to-end security incident response process, including preparation, detection, analysis, containment, eradication, recovery, and post-incident review
  • Act as the primary point of contact and coordinator during major security incidents, managing incident communications and escalating as needed
  • Establish and maintain incident response playbooks, procedures, and runbooks aligned with industry frameworks (NIST, ISO 27035, SANS, etc.)
  • Coordinate with the Security Operations Center (SOC) team, Threat Intelligence, and Vulnerability Management to proactively detect and respond to potential threats
  • Ensure incidents are properly documented, classified, and reported, and lead root cause analysis (RCA) efforts to identify lessons learned
  • Regularly conduct tabletop exercises and simulations to assess and improve the organization’s incident response readiness
  • Continuously enhance and refine the incident response framework to align with evolving threats, business objectives, and regulatory landscapes
  • Develop and maintain comprehensive incident response policies, standards, and guidelines that address the needs of the business while aligning with global best practices
  • Establish key performance indicators (KPIs) and metrics to measure the effectiveness and efficiency of the incident response program
  • Lead initiatives to automate and optimize incident response activities through the integration of SOAR (Security Orchestration, Automation, and Response) platforms and other tools
  • Build, mentor, and manage a team of incident responders and analysts, fostering a culture of continuous learning and collaboration
  • Provide ongoing training and development for the team to ensure they are up-to-date with the latest threat landscapes, tools, and techniques
  • Foster strong relationships with third-party incident response providers to ensure additional support when required
  • Manage and conduct security investigations to determine the cause, scope, and impact of security breaches
  • Oversee evidence gathering to support investigations, ensuring chain of custody and compliance with legal and regulatory standards
  • Work with threat intelligence team to analyze and respond to advanced persistent threats (APTs), malware outbreaks, ransomware incidents, and other cyberattacks
  • Collaborate with external partners, law enforcement, and industry groups to stay informed of emerging threats and incorporate intelligence into incident response processes
  • Act as a liaison between the Security Incident Response Team (SIRT) and business units, IT, Legal, Compliance, Risk, and external vendors
  • Work closely with internal audit, governance, and risk management teams to ensure alignment with corporate security policies and regulatory requirements
  • Communicate effectively with senior leadership during high-severity incidents, providing regular updates on impact, response activities, and mitigation plans
  • Partner with business continuity and disaster recovery teams to ensure seamless integration of incident response with overall organizational resilience

Requirements:

  • Bachelor’s degree in computer science, Information Security, or a related field
  • 5+ years of experience in cybersecurity with at least 3 years in incident response or related roles
  • Demonstrated experience leading security incident response teams and managing major incidents
  • Deep understanding of incident response frameworks (NIST 800-61, ISO 27035, MITRE ATT&CK, etc.) and industry best practices
  • Strong knowledge of threat detection, digital forensics, malware analysis, network security, and endpoint security
  • Experience in handling cloud-based incidents (Azure, AWS, GCP) and familiarity with cloud security principles
  • Proficient in SIEM (Security Information and Event Management) tools, EDR/XDR platforms, and forensic tools
  • Strong project management skills and the ability to manage multiple investigations and priorities simultaneously
  • Certifications such as GCIH, GCFA, CISSP, CISM, or CRISC are highly desirable
  • Experience in the insurance or financial services sector is a strong asset
  • Familiarity with privacy regulations (GDPR, PIPEDA, CCPA) and industry compliance requirements
  • Experience working with executive leadership and Board-level communications during incidents
  • Critical thinking and problem-solving under pressure
  • Excellent communication skills with the ability to explain technical concepts to non-technical audiences
  • Strong collaboration and interpersonal skills to work effectively across teams and business units
  • Detail-oriented with a high level of integrity and professionalism
  • Reliability Status security clearance - this is a personnel security status that is required before an employee can gain access to Protected B information, assets or work sites as outlined by the Government of Canada website

Nice to have:

  • Experience in the insurance or financial services sector
  • Certifications such as GCIH, GCFA, CISSP, CISM, or CRISC

Additional Information:

Job Posted:
May 25, 2025

Expiration:
July 03, 2025

Employment Type:
Fulltime
Work Type:
On-site work
Icon
View All Jobs In This Company
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon
Welcome to CrawlJobs.com
Your Global Job Discovery Platform
At CrawlJobs.com, we simplify finding your next career opportunity by bringing job listings directly to you from all corners of the web. Using cutting-edge AI and web-crawling technologies, we gather and curate job offers from various sources across the globe, ensuring you have access to the most up-to-date job listings in one place.
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs
Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs
Company
About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
© 2025 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy

We use cookies to enhance your experience, analyze traffic, and serve personalized content. By clicking “Accept”, you agree to the use of cookies.