About the role
Description
We are looking for a Cyber Incident Response Commander to join our team of consultants in Montreal office.
This position is remote.
Cyber Incident Response Commanders are professionals who are responsible for investigating and responding to security incidents within an organization. They are responsible for identifying, containing, and mitigating security threats and vulnerabilities. Incident Response Commanders work closely with other information security professionals to ensure that an organization's security posture is maintained.
The Incident Response Commander reports to the Incident Response Manager.
Tâches
As an Incident Response Commander within the CMA CGM group CERT, you will:
- Maintain documentation and process particularly the incident response plan (IRP):
o Maintain up to date IRP & appendix
o Maintain the Plan in relationship with other plans and policies in effect
o Refine the specific incident playbooks so that each actor is as relevant as possible
o Improve process with legal, communication departments
o Write IRPs contextualized to a specific scope (Ships, Region, Subsidiaries...)
o Regroup lessons learned and provide improvement recommendations
o Establish links between incidents
o Provide evidence to external or internal auditors
- Manage information security incidents:
o Assume the Incident Commander role, bringing business and technical units to the table
o Assess the incident severity
o Declare major incidents officially based on risk and regulation criteria
o Manage incidents according to the Plan and the included playbooks
o Ensure each team member operates within their defined responsibilities and collaborates effectively with others
o Prioritize Forensic activities
o Analyse & prioritise Incidents
o Follow mitigation & recovery
o Communicate, notify, report
- Other responsibilities:
o Participate to Cyber Defense Center transversal collaboration activities
o Participate to projects, improvements and compliance efforts related to CERT matters
These activities are non-exhaustive and can evolve according to operational needs.
Exigences
You profile corresponds to the following criteria:
- You hold relevant cybersecurity industry certifications, including:
? GCFA
? CIH
? CISSP
? CEH
? ECSA
? ITIL Foundation
- Knowledge of security tools and techniques
- Understanding of SOC and forensics techniques
- You are from a STEM, cybersecurity or equivalent academic background, focused on rigor and optimization
- You have 5 or more years of experience in a role with similar responsibilities, including CERT, SOC, SecOps or GRC
- You know how to keep your cool under pressure and think straight in moments of chaos
- You have a good understanding of information security incident management processes and methodologies (e.g.: ISO 27035, NIST framework or SANS 6-steps)
- You can convey an information security message to an organization's management/executive
- Experience in the transportation/shipping/logistics is a plus
- You master oral and written English in a professional context
Qualities
You also possess the following qualities:
- Autonomy and proactive behavior
- Excellent verbal and written communication
- Analysis and synthesis capacity
- Desire to engage with people and enable their success
- Leadership and willingness to make things evolve
- Capacity to work in an international environment with offshore personnel
- Discretion about sensitive matters
About the role
Description
We are looking for a Cyber Incident Response Commander to join our team of consultants in Montreal office.
This position is remote.
Cyber Incident Response Commanders are professionals who are responsible for investigating and responding to security incidents within an organization. They are responsible for identifying, containing, and mitigating security threats and vulnerabilities. Incident Response Commanders work closely with other information security professionals to ensure that an organization's security posture is maintained.
The Incident Response Commander reports to the Incident Response Manager.
Tâches
As an Incident Response Commander within the CMA CGM group CERT, you will:
- Maintain documentation and process particularly the incident response plan (IRP):
o Maintain up to date IRP & appendix
o Maintain the Plan in relationship with other plans and policies in effect
o Refine the specific incident playbooks so that each actor is as relevant as possible
o Improve process with legal, communication departments
o Write IRPs contextualized to a specific scope (Ships, Region, Subsidiaries...)
o Regroup lessons learned and provide improvement recommendations
o Establish links between incidents
o Provide evidence to external or internal auditors
- Manage information security incidents:
o Assume the Incident Commander role, bringing business and technical units to the table
o Assess the incident severity
o Declare major incidents officially based on risk and regulation criteria
o Manage incidents according to the Plan and the included playbooks
o Ensure each team member operates within their defined responsibilities and collaborates effectively with others
o Prioritize Forensic activities
o Analyse & prioritise Incidents
o Follow mitigation & recovery
o Communicate, notify, report
- Other responsibilities:
o Participate to Cyber Defense Center transversal collaboration activities
o Participate to projects, improvements and compliance efforts related to CERT matters
These activities are non-exhaustive and can evolve according to operational needs.
Exigences
You profile corresponds to the following criteria:
- You hold relevant cybersecurity industry certifications, including:
? GCFA
? CIH
? CISSP
? CEH
? ECSA
? ITIL Foundation
- Knowledge of security tools and techniques
- Understanding of SOC and forensics techniques
- You are from a STEM, cybersecurity or equivalent academic background, focused on rigor and optimization
- You have 5 or more years of experience in a role with similar responsibilities, including CERT, SOC, SecOps or GRC
- You know how to keep your cool under pressure and think straight in moments of chaos
- You have a good understanding of information security incident management processes and methodologies (e.g.: ISO 27035, NIST framework or SANS 6-steps)
- You can convey an information security message to an organization's management/executive
- Experience in the transportation/shipping/logistics is a plus
- You master oral and written English in a professional context
Qualities
You also possess the following qualities:
- Autonomy and proactive behavior
- Excellent verbal and written communication
- Analysis and synthesis capacity
- Desire to engage with people and enable their success
- Leadership and willingness to make things evolve
- Capacity to work in an international environment with offshore personnel
- Discretion about sensitive matters