Overview:

The Cyber Security Incident Response Manager ensures the organization is prepared to detect, analyze, contain, and recover from cyber threats and incidents while minimizing business impact. This role leads the Incident Response (IR) program, develops playbooks, manages response teams, and ensures alignment with enterprise risk management, regulatory requirements, and industry best practices. The Incident Response Manager collaborates closely with IT, Legal, Compliance, Risk, and business units to strengthen cyber resilience and improve detection, response, and recovery capabilities across the enterprise.

Responsibilities:

• Lead the Cyber Security Incident Response (CSIR) program, ensuring rapid detection, containment, eradication, and recovery of cyber incidents.
• Develop and maintain IR processes, runbooks, and playbooks for various attack scenarios (e.g., ransomware, phishing, insider threat, data breach, business email compromise).
• Serve as primary point of contact and coordinator during cyber incidents, engaging technical teams, executive leadership, and external stakeholders.
• Manage and continuously improve incident response technologies including SIEM, SOC, SOAR, EDR, threat intelligence platforms, and case management tools.
• Perform forensic analysis and root cause investigations of incidents; ensure lessons learned are documented and remediation activities are tracked.
• Conduct tabletop exercises, red team/blue team simulations, and coordinate post-incident reviews.
• Maintain an up-to-date incident escalation matrix and ensure 24/7 coverage/rotation for incident handling.
• Partner with threat intelligence, vulnerability management, and SOC teams to proactively reduce incident risk.
• Collaborate with Legal, HR, Risk, and Compliance during investigations to ensure appropriate evidence handling, reporting, and regulatory notifications.
• Track, analyze, and report on incident metrics, response times, and overall program effectiveness to senior leadership.
• Ensure incident response procedures remain aligned with frameworks such as NIST 800-61, ISO 27035, and regulatory requirements (e.g., NYDFS 500, GDPR, HIPAA).
• Engage with law enforcement and external partners as needed during significant cyber events.

Qualifications:

• Bachelor’s degree from an accredited college or university in Cyber Security, Information Technology, or a related field.
• Industry certifications preferred: GCIH, GCFA, GCIA, GNFA, CISM, or CISSP.
• Demonstrated experience leading cyber incident response in a large enterprise or highly regulated industry.
• Strong technical expertise in digital forensics, malware analysis, SIEM/EDR tools, and network intrusion detection.
• Proven ability to manage high-pressure situations and provide clear, timely communication to both technical teams and executives.
• Familiarity with legal, regulatory, and compliance requirements for cyber incidents, including breach notification laws.
• Excellent written and verbal communication skills, capable of translating complex technical findings into executive-level reports.
• Strong organizational, analytical, and problem-solving abilities.

What We Offer:

AmTrust Financial Services offers a great work environment, competitive compensation package and excellent career advancement opportunities. Our benefits include: Medical and Dental Plans, Life Insurance, Health Care Flexible Spending, Dependent Care, 401k Savings Plans, and Paid Time Off.  

AmTrust Financial Services is committed to a policy of Equal Employment Opportunity.