Cyber Incident Response Planner

We are seeking an experienced and highly motivated Cyber Incident Response Planner to drive the development and implementation of robust incident response plans and processes. As an integral part of the Governance, Risk, and Compliance (GRC) Division within the Information and Cybersecurity Department, you will lead response efforts to mitigate cybersecurity breaches, minimize risk, and safeguard enterprise systems. This role requires a skilled communicator, critical thinker, and experienced responder who thrives in staying ahead of the evolving threat landscape.

This is a cross-functional role offering the opportunity to work across teams, contribute to enterprise risk management, and help build a strong incident response culture. The ideal candidate will bring technical expertise, communication acumen, and leadership skills to effectively influence and collaborate across multiple stakeholder groups. This role reports to the GRC Manager and is designated as on-site, with a current expectation of two days in the office due to space considerations. Work will be performed in the Eastern Time Zone (ET) in Atlanta, GA.

Key Responsibilities
Incident Response Planning & Implementation
• Maintain governance over incident response (IR) documentation. Develop, document, and implement comprehensive IR plans, policies, standards and procedures to ensure swift and effective responses to cybersecurity incidents or breaches.
• Update and maintain IR documentation, workflows, automation initiatives, and response playbooks and similar, to remain aligned with evolving threats and operational requirements.
• Create and maintain secure methods for tracking and reporting IR activities.
Incident Handling & Coordination
• Assist with handling of security events/incidents, including triage, remediation, documentation of the incident, including Indicators of Compromise (IOCs), and escalation to management.
• Coordinate incident investigations, containment, and recovery efforts in collaboration with internal teams and external stakeholders.
• Serve as a liaison, ensuring clear and accurate communication of incident details while gathering information for stakeholders across multiple departments and governance bodies. Observe and document events during cybersecurity incidents and exercises to facilitate post-incident response reviews to identify and implement comprehensive improvements based on the lessons learned.
• Submit required IR reports to governing bodies to meet legal, regulatory, contractual, and policy obligations (e.g., federal agencies or institutional reporting directives).
Threat Awareness & Communication
• Maintain a deep and current understanding of the threat landscape, including malware identification, threat actor activity, and emerging attack vectors.
• Continuously analyze and consult various publications, websites, news sources, and cyber forums to monitor cyber threats relevant to our environment.
• Effectively communicate risks, threats, and potential impacts to stakeholders outside of the cybersecurity domain in a clear and actionable manner.
Testing & Validation
• Plan and execute incident response exercises, (e.g., tabletop exercises, simulations, and controlled disruptions) to validate and enhance organizational IR capabilities.
• Facilitate post-incident response exercise reviews to identify gaps, implement lessons learned, and refine IR processes.
Data Analysis & Enterprise Incident Management
• Manipulate, analyze, and interpret complex datasets to support cybersecurity investigations and enterprise risk initiatives.
• Leverage GRC tools to enhance enterprise cybersecurity risk management processes.
• Identify opportunities to automate and innovate IR workflows for improved efficiency.
Additional Responsibilities
General GRC Support
• Resolve service desk incidents and issues assigned by the GRC team.
• Review and contribute to cybersecurity documentation for completeness, currency, and accuracy, such as plans for system security, incident response, contingency, disaster recovery, and business/impact analysis. Update as necessary.
• Contribute to the preparation of regulatory and compliance reports, collaborate with other organizational units ensuring data accuracy and compliance

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• Minimum of two (2) years of demonstrated incident response experience, including active participation as a member of an IR team, or supporting incident-handling activities.
• Strong knowledge of incident response protocols, malware operation, containment techniques, and overall threat remediation strategies.
• Proven experience in performing investigation, analysis, containment, and recovery activities as part of IR efforts.
• Ability to handle time-sensitive situations with a calm and professional attitude while maintaining an appropriate sense of urgency
• Effective project management and organizational skills, including managing multiple, concurrent tasks and meeting deadlines
• Solid technical understanding of cybersecurity concepts, standards, guidelines, and principles
• Experience with industry-recognized security and analysis frameworks (MITRE ATT&CK, Cyber Kill Chain, NIST CSF, etc.)
• Strong expertise in communication, especially when working with cross-functional stakeholders.
• Excellent interpersonal skills and ability to create collaborative relationships with colleagues across various groups and levels, and influence without authority
• Familiarity with one or more GRC tools and experience implementing related workflows.
• Data analysis experience, with the ability to interpret trends, IOCs, and response requirements from complex datasets.
• Attention to detail, critical thinking, and the ability to maintain composure under pressure.
• One or more mid-level cybersecurity certifications such as Certified Ethical Hacker (CEH), PenTest+, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Enterprise Defender (GCED), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH) or equivalent certification

• Minimum of five (5) years in an incident response-related role, with experience as an incident manager, incident commander, or equivalent incident response leadership role
• Strong familiarity with enterprise risk management processes and tools.
• Demonstrated expertise in automation, scripting workflows, or other operational and process innovations.
• Knowledge of data manipulation tools and techniques to enhance rapid analysis and response during incidents.
• Customer service experience and the ability to liaise effectively between various internal and external teams.
• Previous experience with Controlled Unclassified Information (CUI), compliance reporting, or supporting federally driven initiatives is a plus.
• One or more senior-level cybersecurity certifications such as Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or equivalent certification

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.