Incident Response Manager - Deloitte Global

Deloitte leads with purpose, solving complex issues for our clients and communities. Across disciplines and across borders, Deloitte Global supports our network of member firms by developing and driving global strategy, programs, and platforms, and creating new solutions and transformational experiences. Our people share a passion for igniting change and a strong service orientation that shapes our organization and those it supports.

The Incident Remediation Manager will support the Global Information Security Office in incident remediation activities and will be responsible for leading the team of incident remediation analysts. As a team leader, they will provide oversight and guidance on all activities relating to incident remediation including triage, evaluation, coordination and executive reporting. Will need to build people and talent within your team including coaching, mentoring and counselling. Should have a strong understanding of security operations concepts, vulnerability management and incident remediation within a complex global organization. You will need to have a fundamental understanding of vulnerability management and how active threats utilize vulnerabilities. This role works closely with the Incident Response and Threat Intelligence teams to assist in identifying and remediating threats among our member firm network. Will be responsible for coordinating incident remediation tasks, writing and setting standards relating to incident remediation and associated procedures. Will need to have strong communication skills and public speaking skills to contribute to and deliver presentations to member firm leadership.

Should have an advanced understanding of incident lifecycle, working knowledge of open source and COTS analysis tools and the ability to navigate both Windows and UNIX based systems. Additional experience preferred around incident management and related concepts.

This role offers flexibility in working arrangements through multiple shifts, including 6a-3p, 8a-5p and 11a-8p. At times, the shift may change to provide coverage for team members attending training, PTO or firm holidays. Participating in an on-call rotation would be required and typically is one out of every eight weeks. (6-7 times per year.)

Illustrative Duties and Responsibilities:

  • Will act as the leader of the incident remediation team and coordinate with both the cyber threat intelligence and incident response leaders to handle inquiries, presentations and technical incident updates.
  • Will be responsible for the day to day operations of the team leading cases towards resolution by developing and executing a remediation workflow when engaged by the incident response team.
  • Responsible for creating incident remediation workflow, ensuring best practices are implemented and followed and documentation is prepared to support global incidents covering one or multiple member firms.
  • Assist in training of team members in remediation, data analysis and vulnerabilities where necessary based on tools used and potential solutions to summarize, analyze and present findings in easy to consume reports.
  • Will be required to participate in technical investigations to support and assist incident response coordinators within multiple environments by assisting in the identification of threats, remediation of identified incidents, and validation of security incidents and events.

Required Technical Skills:

Must have strong leadership experience in a high paced complex IT environment. Ability to lead and work with remote team members, proven remediation and incident response background.

Should have advanced knowledge of incident remediation within Windows and Macintosh operating systems, embedded systems, networking devices and Linux/UNIX. Must have excellent written, communication and verbal skills to assist with communications with other teams and writing executive summaries based on work output. Ability to work with and translate complex scenarios into a simplistic manner for non-technical resources (General Counsel, Project Management, etc.) Familiarity with threat management frameworks and cyber threat intelligence collection.

May require operational experience with firewalls, routers, switches, various commonly used operating systems (Windows, Linux, UNIX), common attack tools, and vulnerability detection/management tools. Strong background in security incident response, vulnerability management, system operations, and cyber intelligence a plus. Candidates should have a strong proficiency in written and spoken English.

Required Licenses, Certifications, and Other Requirements:

SANS GCIH, GCIA, GCED, Network+, Security+, ArcSight, or other industry-relevant cyber-security certifications are a plus.

Education & Experience:

Bachelor’s Degree or equivalent industry experience; minimum 5-7 years Information Security experience with minimum 3 years team lead experience.


Some ability to work non-standard shifts and/or on-call to support the requirements of the organization

Requisition code: DE17CHIGTS005CF15

See Inside the Office of Deloitte

One of the largest professional services organizations in the U.S., Deloitte delivers innovative solutions to the complex business problems facing companies around the world. Deloitte offers rewarding careers in four businesses—audit, tax, consulting, and financial advisory. Widely recognized for its inclusion initiatives, Deloitte is committed to building a workplace environment that allows people from all generations, ethnicities, and cultures to be their authentic selves.

Back to top