Cybersecurity Investigations and Incidents Manager 15749852
Our client, a well-known Law Firm in Washington, DC, is looking for a Investigations and Incidents Manager. In this role, you would ensure that the Firm promptly, thoroughly, and lawfully investigates security, privacy, and workplace incidents affecting the Firm’s assets, information, or people. This role develops and implements digital forensics and incident response capabilities with a mix of internal and external resources. This is a highly technical role that requires hands-on, collaborative work with stakeholders and IT implementers.
Duties and Responsibilities:
Defines, documents, and manages the Investigations and Incidents programs. These include developing bodies of practice related to triage and initial assessment of severity, investigations of suspected incidents, evidence capture and preservation, support for law enforcement interactions, and upward reporting as necessary.
Maintains the Firm’s investigations processes, incident response playbooks, and related workflows as implemented in systems of record.
Works with stakeholders and affected parties to assess the likelihood or severity of suspected incidents, identify appropriate follow-ups, conduct investigations, commission third-party assistance, regularly communicate status, and coordinate internal communications. This role will work closely with the CISO, Firm General Counsels, senior lawyers, and other business stakeholders.
Manages relationships with third-party investigators and incident-response entities the Firm may have relationships with, as necessary.
Bachelor's degree in Computer Science or Engineering preferred; advanced degree and CISSP certification preferred.
Requires 10+ years' experience in cybersecurity, with 5+ years’ experience running hands-on digital forensics and incident response programs.
Expert working knowledge of desktop security, forensics data capture, chain of custody concepts, open-source intelligence, and investigative methods. Experience with tools such as EnCase, Axiom and Basis Tech is required.
Exceptional ability to rapidly assimilate and synthesize information under pressure and during compressed timeframes.
Cogent and effective written and oral communications skills, combined with a newspaper-reporter’s knack for swiftly summarizing situations, including what is known and unknown.