Cyber Security Manager - Incident Management

Job Description Role Overview: As the Manager Cybersecurity Incident Management at R1 RCM, you will be responsible for leading the organization's response to cybersecurity threats and data privacy incidents. You will manage the full lifecycle of security events, ensuring compliance with regulatory requirements and overseeing incident response and privacy risk management processes. Key Responsibilities: - Lead the detection, triage, investigation, containment, and remediation of cybersecurity and privacy-related incidents. - Serve as the central coordinator for major incidents involving PHI/PII exposure, ransomware, insider threats, or unauthorized access. - Utilize technology suite including SIEM, DLP, EDR etc. for threat detection, analytics, and action-taking. - Maintain documentation for incident timelines, decisions, and mitigation activities in ServiceNow. - Improve playbooks for recurring incidents, enhance incident workflows, and automate escalation paths. - Collaborate with the Threat Intelligence team to assess potential indicators of compromise (IOCs) and emerging attack vectors. - Track incident response metrics, conduct root cause analysis, and generate reports for stakeholders. - Develop internal training programs and participate in tabletop exercises to enhance breach recognition and response preparedness. Qualifications Required: - 7-9 years of experience in cybersecurity and privacy incident response, preferably in a regulated environment. - Strong understanding of HIPAA, HITECH, GDPR, CCPA, and state/federal breach notification laws. - Experience managing incidents using SIEM and ticketing management systems such as Microsoft Sentinel and ServiceNow. - Familiarity with EDR, DLP tools, data flow mapping, forensic investigation, and threat intelligence integration. Note: Nice to have certifications include Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), and Certified in Risk and Information Systems Control (CRISC), although not mandatory. Role Overview: As the Manager Cybersecurity Incident Management at R1 RCM, you will be responsible for leading the organization's response to cybersecurity threats and data privacy incidents. You will manage the full lifecycle of security events, ensuring compliance with regulatory requirements and overseeing incident response and privacy risk management processes. Key Responsibilities: - Lead the detection, triage, investigation, containment, and remediation of cybersecurity and privacy-related incidents. - Serve as the central coordinator for major incidents involving PHI/PII exposure, ransomware, insider threats, or unauthorized access. - Utilize technology suite including SIEM, DLP, EDR etc. for threat detection, analytics, and action-taking. - Maintain documentation for incident timelines, decisions, and mitigation activities in ServiceNow. - Improve playbooks for recurring incidents, enhance incident workflows, and automate escalation paths. - Collaborate with the Threat Intelligence team to assess potential indicators of compromise (IOCs) and emerging attack vectors. - Track incident response metrics, conduct root cause analysis, and generate reports for stakeholders. - Develop internal training programs and participate in tabletop exercises to enhance breach recognition and response preparedness. Qualifications Required: - 7-9 years of experience in cybersecurity and privacy incident response, preferably in a regulated environment. - Strong understanding of HIPAA, HITECH, GDPR, CCPA, and state/federal breach notification laws. - Experience managing incidents using SIEM and ticketing management systems such as Microsoft Sentinel and ServiceNow. - Familiarity with EDR, DLP tools, data flow mapping, forensic investigation, and threat intelligence integration. Note: Nice to have certifications include Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), and Certified in Risk and Information Systems Control (CRISC), although not mandatory.