Location - Hybrid Waltham, MA

Wolters Kluwer Global Business Services (GBS) is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and human resources. These global centers promote team collaboration using best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity, and reduce time to market for products and applications.

We have an amazing opportunity for an IT Security Manager (Incident Management), available within our Global Business Services division! The IT Security Manager (Incident Management) will be responsible for monitoring and response to all emerging security incidents to protect and enhance the confidentiality, integrity, and availability of Wolters Kluwer assets.

As the IT Security Manager (Incident Management), you will lead information gathering efforts during investigation into suspected and confirmed security incidents to protect personal and confidential information at WK. In this role, you will be required to demonstrate proficiency in incident analysis, data gathering and information synthesis in every area of IT security management. Your role will also include interfacing with and responding to internal business unit IT representatives and stakeholders at all levels during emerging security incidents, real or simulated. 
 
 Responsibilities:

•    Primarily responsible for the response to and recovery from emerging information security incidents, acting as the focal point leading response efforts and ensuring effective action to contain and remediate the situation
•    Respond to cybersecurity incidents and perform triage to assess the severity of the incident and determine the appropriate response.
•    Conduct open-source intelligence (OSINT) investigations to identify and track down malicious actors and their tactics, techniques, and procedures (TTPs).
•    Participate in red team/blue team exercises to test and improve the organization's incident response capabilities.
•    Collaborate with other members of the cybersecurity team to develop and implement security controls and incident response procedures.
•    Provide technical guidance and support to junior incident responders as needed.
•    Maintain up-to-date knowledge of the latest security threats and trends through continuous learning and professional development.
•    Perform forensically sound collections of ESI from laptops, desktops, mobile devices, hard drives, servers and cloud data sources both onsite and remotely.
•    Verify, extract and analyze systems, logs and malware data in support of investigations and litigation systems
•    Drive efficient, repeatable, proactive, integrated, and mature cyber defense and response
•    Supports the investigation of reported security breaches and, in coordination with WK global security operations, develop procedures to respond to security incidents and assist with investigations
•    Contributes to the analysis and delivery of findings to internal customers with impactful, comparative, interpretative security analysis in a clear, consistent, and factual manner.
•    Responsible for establishing communications bridges and meetings in support of response efforts
•    Responsible for maintaining proper group focus during investigation activities and redirecting efforts in support of timely recovery
•    Responsible for aggregating information relevant to the situation and synthesizing probable root cause 
•    Responsible for developing and recommending best course of action based on solid security principles
•    Driving the incident response process from detection through containment and eradication.
•    Accountable for documenting all WK and partner activity, taken in response to emerging situations
•    Accountable for the day-to-day review and assessment of security events that may become or contribute to security incidents.
•    Ensures work is compliant with WK enterprise policies, procedures and the local business plan
•    Responsible for ensuring appropriate post-mortem and lessons-learned sessions are conducted, following incident restoration of service
•    Responsible for organizing and taking part in cross-functional incident exercise activities, ensuring that policy and procedure are followed
•    Responsible for ensuring knowledge of IT security and emerging threat scenarios is current
•    Responsible for reviewing threat intelligence sources is support of WK security situational awareness
•    Responsible for assisting in the development of vulnerability and threat related communications for potential dissemination to warn WK employees of an emerging situation
•    Responsible for ensuring information arising from incident response activities, that would result in configuration changes or other modifications to ensure WK security posture, is communicated to the proper operational contacts for execution.
OTHER DUTIES

Performs other duties as assigned by supervisor

Qualifications

Bachelor's Degree in Computer Science/MIS or equivalent experience7+ years in Information Technology3+ years in an information security function, including risk management and privacy practices2+ years in an information security incident handling role

Technical Skills:

Strong understanding of network protocols and security technologies (firewalls, IDS, encryption)Experience with OSINT tools and techniquesCloud and physical forensic investigations, delivering executive reportsKnowledge of red team/blue team exercisesIncident response frameworks and methodologies with a focus on automationExperience with Intel, SIEM, and SOAR platforms (ThreatConnect/MISP, Snowflake/Splunk, Swimlane/DeMisto)Expertise with digital forensic toolsets (Encase, AccessData, SIFT, Axiom)Flexible working hours to support a global operation

Interpersonal Skills:

Experience engaging with executive-level individuals during incident responseExcellent oral and written communicationAbility to present complex technical issues to diverse audiencesDiplomacy in working with customers and stakeholdersAbility to follow policy and procedureTeamwork and performance under stressIntegrity in handling sensitive dataSelf-motivated with strong analytical and problem-solving abilitiesAbility to set and manage priorities judiciously

Additional Technical Skills:

Knowledge of basic security principles (confidentiality, integrity, availability)Understanding of security vulnerabilities and exposuresFamiliarity with Internet protocols and network applicationsKnowledge of network and host/system security issuesUnderstanding of malicious code and threat vectorsExperience with Risk Analysis and Risk ManagementBasic programming and scripting knowledge (advanced knowledge a plus)

Incident Handling Skills:

Consistent communication and documentation with customers and stakeholdersAbility to synthesize technical data to identify intruder techniquesEffective interpersonal communication for quick resolutionAbility to analyze ongoing situations for potential security incidentsMaintenance of incident records for recovery, regulatory, and legal requirementsFamiliarity with ITIL service management methodologyExperience in a 24x7x365 operations environment

Additional Requirements:

Strong technical skills in security assessments of external service providersExperience with GDPR and GDPR compliance implementationsKnowledge of ISO 27001, NIST 800-53, NIST CSF, and PCI DSSPreferred certifications: CISSP, ITIL, GCIH, CERT/CC CSIH, GCTI, GCFR, GCFA, GIME, GCFEMultiple language capability desired

Travel RequirementsOccasional domestic or international travel, up to 25%Physical DemandsAbility to travel to the office and support necessary workNo heavy lifting of equipment required