We’re seeking a dynamic Cyber Incident Commander (Manager) to join our team at Neurealm.
As an Incident Commander (Manager), you will be the ultimate executive authority during critical cyber crises, overseeing our firm’s enterprise-wide incident response strategies. You will be crucial in protecting our company’s digital assets, commanding cross-functional War Rooms, ensuring compliance with strict regulatory breach protocols, and mitigating catastrophic business risks. You will act as the bridge between deep technical forensics and the C-Suite/Board of Directors.
If you are passionate about crisis governance, have extensive experience managing massive enterprise breaches, and are ready to lead high-stakes security initiatives for a growing company, we welcome you to join our team. We offer competitive compensation, a collaborative work environment, and opportunities for professional growth in the field of cybersecurity.
Objectives of the role:
-
Developing, implementing, and managing the organization’s overarching global Incident Response (IR) strategy and crisis governance roadmaps.
-
Leading a senior team of incident commanders, forensics experts, and threat hunters to ensure rapid containment of advanced persistent threats (APTs).
-
Overseeing enterprise-wide incident detection, ensuring strict adherence to the "1-10-60" rule (Detect in 1 min, Investigate in 10, Remediate in 60).
-
Serving as the primary executive liaison during major cyber events, bridging the gap between IT, Legal, PR, and the C-Suite.
-
Ensuring absolute compliance with regulatory breach notification mandates (e.g., GDPR 72-hour rule, HIPAA 60-day rule).
-
Designing and leading high-level Executive Tabletop Exercises to test business continuity and crisis decision-making at the board level.
-
Driving post-incident Root Cause Analysis (RCA) and presenting "Invest vs. Delay" risk remediation business cases to executive leadership.
Your tasks:
-
Command major incident War Rooms during critical enterprise breaches (e.g., Ransomware, Insider Threat, Zero-Day exploitation).
-
Design and implement enterprise-wide incident response protocols, playbooks, and disaster recovery architectures.
-
Govern the Chain of Custody during forensic investigations to ensure legal and regulatory viability of evidence.
-
Oversee and direct the actions of managed security service providers (MSSPs), SOCs, and third-party forensic retainers during a crisis.
-
Draft, review, and present finalized After-Action Reports (AARs) to internal and client executive stakeholders.
-
Ensure all security policies, DR (Disaster Recovery) plans, and Business Continuity Plans (BCP) are rigorously updated post-incident.
-
Collaborate with Legal and Compliance teams to map out exact regulatory exposure during active data exfiltration events.
-
Lead the negotiation and architectural strategy for returning compromised environments to secure, production-ready states.
-
Ensure the company’s compliance with relevant data protection regulations, including GDPR, HIPAA, and ISO 27001 during active crises.
-
Continuously monitor evolving global cyber threat landscapes and proactively adjust the organization’s IR readiness accordingly.
Required skills and qualifications:
-
Bachelor’s degree in Computer Science, Information Security, or a related field.
-
Demonstrable experience as an Incident Commander, SOC Director, or similar executive role with 14-18 years of progressive cybersecurity experience.
-
Extensive knowledge of regional and global cybersecurity frameworks, such as NIST IR Lifecycle, ISO 27001, and CIS Controls.
-
Proven track record of managing enterprise-scale ransomware negotiations, data breaches, and disaster recovery executions.
-
Proficiency in governing security technologies and tools, including SIEM, SOAR, EDR/XDR, and multi-cloud architectures.
-
Deep understanding of GDPR, CCPA, HIPAA, or similar data privacy regulations and their specific breach notification requirements.
-
Exceptional executive leadership and team management skills, with experience managing globally distributed (24x7) incident response teams.
-
Solid analytical and problem-solving skills, capable of making high-stakes decisions under extreme pressure.
-
Excellent communication skills, with the ability to translate deeply technical forensic data into clear business risk for non-technical executives.
Preferred skills and qualifications:
-
Master’s degree in Information Security, Cybersecurity, or related fields.
-
Relevant elite certifications in cybersecurity/IR, such as CISSP, CISM, GCFA, or GCIH.
-
Experience with cloud-native incident response in AWS, Azure, or Google Cloud.
-
Experience working with Legal Counsel and Cyber Insurance providers during active claims.
-
Expertise in threat modeling, enterprise risk management, and securing industrial control systems (OT/ICS).
-
Proven experience building and automating SOAR playbooks using AI/ML integration.
