Associate Director, Cyber Response

Job description

The Associate Director is responsible for managing the Cyber Response Team in the US and leading overall delivery of incident response cases in the region. This role involves leading the technical aspects of the cyber response practice, managing our technical team members as well as managing client relationships. This role will report to Global Head of Cyber Response and work in tandem with European, Middle East and Asia colleagues on a follow-the-sun basis. The successful candidate will have a strong technical skill set, deep understanding of the North American cyber incident response market and a deep understanding of current and emerging advanced threat actors. They will have a proven track record of responding to advanced threats leveraging forensics and threat hunting technology.

Role tasks and responsibilities

Technical response

• Oversee incident response cases for all host and network based investigations, be responsible for the overall quality of our technical incident response work.
• Ownership of the entire lifecycle of a cyber incident including identification, containment, eradication and recovery. A particular area of specialty in eradication and recovery from an incident.
• Threat hunting using EDR tooling to evaluate an attacker’s spread through a system and network, anticipating and thwarting further attacker activity.
• Perform live compromise assessments for organizations who suspect a compromise.
• Detect and hunt unknown live, dormant, and custom malware in memory across multiple systems in an enterprise environment.
• Demonstrate a deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers.
• Advise on the safe technical recovery of an organizations IT systems balancing the need to understand what has happened but speed up recovery.
• Be responsible for Control Risks technical Cyber Response strategy. Identify, design and then implement solutions that meet these strategic objectives.

Client Management

• To build and develop client relationships facilitating where appropriate introduction and provision of additional Control Risks services. Working closely with the Global Head of Cyber Response and Global colleagues to ensure a cohesive go-to-market approach.
• Possess and develop working knowledge of key insurer and law firm relationships that may drive growth.

Reporting

• Provide situation reports and other significant case related material to the client and the Director of Cyber Response.
• Provide documentation to the relevant consultants in sufficient time to allow review and feedback, before submitting to a client.
• Report on the performance of the Technical Cyber Response work and forecast technical and resource requirements in the near and long term.

Team management

• Establish resourcing requirements for our already growing Cyber Response practice, hire and then manage these technical individuals.
• Establish relationships with key recruiters and where possible align with the Cyber Crisis Management teams resourcing plans.
• Align with and help to expand the already re-occurring Internship Program and where business need requires onboard interns into the technical team.
• Define clear roles and responsibilities for new hires including a learning pathway for training & development.
• Ensure new joiners have appropriate time dedicated to technical development and research whilst balancing un-predictable workload.

Governance

• Own the technical response Standard Operating Procedures, working with the team to ensure they are kept up to date with the latest threats.
• Ensure issues identified during delivery of cases are identified, escalated and resolved efficiently.

Supporting the growth of the Cyber Response practice

• Refining Control Risks’ cyber response methodologies and approaches and tailoring the approach in changing market conditions.

• Identifying potential new areas of growth and opportunity.

• Candidates must be legally authorized to work in the US on a permanent basis without sponsorship.

• Candidates must possess unrestricted US work authorization.

• Proven experience in technically responding to significant and complex cyber attacks and information security related advisory

• Proven experience of managing and/or building the requisite technologies necessary for responding to a wide variety of common cyber security incidents

• Demonstrable experience of operating within a commercial environment and engaging with key stakeholders in insurance and risk management.

• Technical degree or demonstrated knowledge of common networks, software and hardware used in business environments

• Experience in conducting log analysis and digital forensics following a cyber incident

• Experience of working with law firms, communications experts, and others on sensitive investigations.

• Track record of developing consultative relationships with clients

• Excellent people management skills

• Fluent in English (written and spoken)

• Excellent presentation skills

• Excellent analytical skills

• Preferred: Strong understanding of MITRE ATT&CK techniques / sub-techniques. The ability to articulate TTPs to clients in non-technical terms.

• Preferred: Experience in generating SIGMA rules for host detection, SNORT rules for network detection and YARA Signatures for file and memory artefact identification.

• Preferred: Experience in engaging in industry and law enforcement intelligence forums

• Preferred: Experience of supporting cross-jurisdictional response cases

• Preferred: Qualifications such as: CREST Registered Intrusion Analyst (CRIA), Certified Network Intrusion Analyst (CCNIA), Certified Host Intrusion Analyst (CCHIA), SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) or Enterprise-Class Incident Response & Threat Hunting (FOR608), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and full membership of ISACA.

The base salary range for this position is $140,000-$150,000 per year. Exact compensation offered may vary depending on job-related knowledge, skills, and experience.

Control Risks is committed to a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. If you require any reasonable adjustments to be made in order to participate fully in the interview process, please let us know and we will be happy to accommodate your needs.

Control Risks participates in the E-Verify program to confirm employment authorization of all newly hired employees. The E-Verify process is completed during new hire onboarding and completion of the Form I-9, Employment Eligibility Verification, at the start of employment. E-Verify is not used as a tool to pre-screen candidates. For more information on E-Verify, please visit www.uscis.gov.

• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer.
• Control Risks supports hybrid working arrangements, wherever possible, that emphasize the value of in-person time together - in the office and with our clients - while continuing to support flexible and remote working.
• Medical Benefits, Prescription Benefits, FSA, Dental Benefits, Vision Benefits, Life and AD&D, Voluntary Life and AD&D, Disability Benefits, Voluntary Benefits, 401 (K) Retirement, Nationwide Pet Insurance, Employee Assistance Program.
• As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment process.