Job Title: Cybersecurity Incident Manager Department: SVIC CSIRT China SoC Reports To: China Security Operations Manager Location: Shanghai Who we are Cisco's Security Visibility and Incident Command (SVIC) forms part of the monitoring & response branch of Cisco's Security and Trust Organization (S&TO) and is Cisco's cyber investigations and forensics team. We provide Cisco with security threat detection, compliance monitoring, vulnerability discovery and response services to protect Cisco's digital landscape from attacks, abuse, reputational harm, and loss of its intellectual assets. The primary mission of SVIC is to help ensure system and data risk management by performing comprehensive investigations into cyber security incidents, and to assist in the prevention of such incidents by engaging in dedicated threat assessment, mitigation planning, incident trend analysis, and security architecture review. We are a highly-functioning, diverse, and globally distributed group of committed professionals from various technical backgrounds. We are Open-Source Software contributors, technical authors, tool builders, DFIR (Digital Forensics & Incident Response) community members, lock pickers, makers, and breakers. Position Summary The Cybersecurity Incident Manager is a senior role responsible for managing, communicating and mitigating enterprise-level cybersecurity incidents. This is a new team focused on securing the Cisco Secure Access Service inside of China. This individual will lead the coordination and communication of incident response efforts, ensuring timely detection, containment, eradication, and recovery from cyber threats while minimizing operational disruptions. In addition to this, the right individual will also help build and develop the China Security operations Center to operate as efficiently as possible leveraging Cisco technologies. The role will report directly to the China Security Operations Manager with a dotted line into the US Incident Command team. Key Responsibilities: * Incident Response Leadership * Lead all phases of incident response, including detection, analysis, containment, eradication, recovery and communication. * Act as the primary decision-maker during cybersecurity incidents, coordinating efforts across technical and business teams. * Ensure adherence to the organization's incident response framework and regulatory requirements. * Strategic Communication * Serve as the main point of contact for incident updates to executive leadership and stakeholders. * Provide detailed, actionable reports during and after incidents, including root cause analysis and mitigation strategies. * Collaboration and Coordination * Collaborate with Corporate CSIRT, Incident Command, Cyber legal, IT, risk management, Data Protection and other departments to ensure a unified response. * Engage with third-party vendors, Managed Security Service Providers (MSSPs), and law enforcement when necessary. * Preparation and Readiness * Develop, maintain, and test incident response plans, playbooks, and escalation procedures. * Conduct regular tabletop exercises and simulations to train and prepare teams. * Post-Incident Activities * Oversee the generation of post-incident reports and ensure lessons learned are incorporated into future planning. * Recommend security enhancements to prevent recurrence of incidents. * Compliance and Reporting * Ensure compliance with industry regulations and organizational policies during incident response. * Stay updated on emerging threats and trends in cybersecurity to improve response capabilities. Minimum Qualifications: * Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field. * At least 8+ years of experience in cybersecurity * Demonstrated experience managing large-scale cybersecurity incidents. * Strong understanding of regulatory requirements and industry standards (e.g., CSL, DSL, PIPL, GDPR, HIPAA, PCI-DSS). * Excellent written and verbal communication abilities in Chinese and English. Preferred qualifications: * 3+ years in an incident response or leadership role. * Certifications such as CISSP, CISM, GIAC Certified Incident Handler (GCIH), or Certified Information Systems Auditor (CISA) preferred. * Exceptional leadership and decision-making under pressure. * Strong analytical and problem-solving skills. * Collaborative mindset with an ability to manage cross-functional teams. * Ability to coordinate 24 x 7 cross geographic incidents. Work Environment: * Hybrid work environment with on-site presence required as needed. * On-call availability to respond to critical incidents. Why Cisco #WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference powering an inclusive future for all. We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re "old" (39 years strong) and only about hardware, but we’re also a software company. And a security company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do - you can’t put us in a box! But "Digital Transformation" is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.) Day to day, we focus on the give and take. We give our best, give our egos a break, and give of ourselves (because giving back is built into our DNA.) We take accountability, bold steps, and take difference to heart. Because without diversity of thought and a dedication to equality for all, there is no moving forward. So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us! Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.