**Job Description** Location: Chicago, Illinois Business Unit: Rush Medical Center Hospital: Rush University Medical Center Department: Cybersecurity Engineering **Work Type:** Full Time (Total FTE between 0.9 and 1.0) **Shift:** Shift 1 **Work Schedule:** 8 Hr (8:00:00 AM - 5:00:00 AM) Rush offers exceptional rewards and benefits learn more at our Rush benefits page (https://www.rush.edu/rush-careers/employee-benefits). **Pay Range:** $55.75 - $93.66 per hour Rush salaries are determined by many factors including, but not limited to, education, job-related experience and skills, as well as internal equity and industry specific market data. The pay range for each role reflects Rush’s anticipated wage or salary reasonably expected to be offered for the position. Offers may vary depending on the circumstances of each case. **Summary:** We seek a highly skilled Incident Response Manager to lead our incident response team in detecting, responding to, and mitigating cybersecurity incidents. The ideal candidate will have extensive experience in cybersecurity incident response, strong leadership abilities, and a deep understanding of cybersecurity frameworks and tools. You will manage and coordinate the incident response process, develop and implement incident response plans, conduct risk assessments, establish procedures, lead workstreams, and ensure timely and effective resolution. You will also act as incident commander, collaborating with various internal stakeholders, performing post-incident analysis and reporting, and continuously improving RUSH’s security incident response function. **Responsibilities:** 1. Manage and lead a team of incident responders in promptly identifying, investigating, and resolving cybersecurity incidents. 2. Lead and coordinate security incident response activities and workstreams as the incident response manager (IRM) 3. Analyze and investigate a broad range of threats or activities, maintaining a high level of confidentiality and documenting incident details accordingly 4. Make decisions and recommendations based on the results of incident analysis and communicate to appropriate stakeholders, including insights to help identify, prevent, detect, and respond to anomalous or potentially malicious activity 5. Develop, document, and implement strategies, runbooks, capabilities, and techniques for incident response. Design and implement effective incident response plans and procedures tailored to the organization's needs and compliance requirements. 6. Work cross-functionally with various teams across the environment to build solutions for analyzing security events data at scale and protecting RUSH’s networks, systems, and data from threats 7. Strengthen KPIs and metrics for measuring response effectiveness and provide clear and consistent reporting to internal stakeholders. 8. Continuously improve security processes and response capabilities by building relationships with key stakeholders and collaborating with IT and non-IT teams across the environment. 9. Coordinate incident response activities with internal teams and external partners/vendors to ensure effective incident resolution and communication. 10. Conduct post-incident analysis, document findings, and provide detailed reports to management and stakeholders. Recommend and implement improvements to incident response processes based on analysis. 11. Develop and conduct training sessions, tabletop exercises, and simulations to enhance the organization's incident response preparedness. 12. Stay informed about the latest cybersecurity threats, vulnerabilities, and industry best practices. Integrate threat intelligence into incident response processes. 13. Ensure incident response activities comply with relevant regulations, standards, and policies (e.g., GDPR, HIPAA, PCI DSS). 14. Mentor and develop other teammates, championing quality standards within the team. Requirements • 5+ years’ experience in leading Security Incident Response • Bachelor’s degree in computer science, Information Technology, or related field • Strong understanding of incident response methodologies (e.g., NIST, SANS) and cybersecurity frameworks. • Proficiency in using incident response tools and technologies, such as SIEM, EDR, and forensic investigation tools. • Relevant certifications such as Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), or similar certifications are preferred. • Expert knowledge of Python and PowerShell and familiarity with other programming languages • Existing experience with log analysis (e.g. first or third-party applications, system/data access, event logs), network security, digital forensics, and incident response investigations • Hands-on experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and correlating complex data sets. • Proficiency with developing and using novel analytical methods to automate response processes • Ability to identify trends, insights, and relationships between internal and external data and intelligence sources to make risk mitigation recommendations. • Excellent communication and interpersonal skills, with the ability to effectively communicate technical information to non-technical stakeholders. • Strong analytical and problem-solving skills, with attention to detail. • Ability to work under pressure and respond effectively to incidents in a fast-paced environment. **Preferred Job Qualifications:** • Broad knowledge and experience across the information security domain, including familiarity with endpoint, email, network, identity management, cloud security, vulnerability management, incident response, and threat intelligence • Cloud Security certification Rush is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. **Position** Incident Response Manager **Location** US:IL:Chicago **Req ID** 14041