JOB OVERVIEW
Function Overview
The Digital and Technology team at General Mills stands as the largest and foremost unit, dedicated to exploring the latest trends and innovations in technology while leading the adoption of cutting-edge technologies across the organization. Collaborating closely with global business teams, the focus is on understanding business models and identifying opportunities to leverage technology for increased efficiency and disruption. The team's expertise spans a wide range of areas, including AI/ML, Data Science, IoT, NLP, Cloud, Infrastructure, RPA and Automation, Digital Transformation, Cyber Security, Blockchain, SAP S4 HANA and Enterprise Architecture. The MillsWorks initiative embodies an agile@scale delivery model, where business and technology teams operate cohesively in pods with a unified mission to deliver value for the company. Employees working on significant technology projects are recognized as Digital Transformation change agents.
The team places a strong emphasis on service partnerships and employee engagement with a commitment to advancing equity and supporting communities. In fostering an inclusive culture, the team values individuals passionate about learning and growing with technology, exemplified by the "Work with Heart" philosophy, emphasizing results over facetime. Those intrigued by the prospect of contributing to the digital transformation journey of a Fortune 500 company are encouraged to explore more details about the function through the following Link
Purpose of the role
Manage cyber security incident response. Lead the CSIRT team to rapidly respond to and contain cybersecurity incidents while ensuring incident response procedures align with enterprise standards and industry best practices. Partner with technology teams to continuously refine response processes, guide tactical detection, analysis, and investigation activities, and lead the design, implementation, and administration of the cybersecurity incident response program across people, processes, and technology.
Core Responsibilities
-
Lead a 24x7 Cyber Security Incident Response Team responsible for alert triage, incident validation, investigation, containment, escalation, and coordination of cybersecurity threats.
-
Build and lead a high-performing team of incident responders who are strong investigators, sound decision makers, and empowered operators with the authority to contain threats in accordance with approved procedures.
-
Own day-to-day cyber incident response operations and ensure incidents are handled with speed, consistency, quality, and accurate tracking in approved systems.
-
Develop, implement, maintain, test, and annually review the Cybersecurity Incident Response Plan, playbooks, and response procedures to ensure alignment with Enterprise standards and industry best practices.
-
Coordinate cyber incident handling with disaster recovery, business contingency planning, senior management, and key technology stakeholders, including appropriate escalation and controlled communications.
-
Establish and monitor key operational metrics, including response time, containment time, case quality, and playbook adherence, and periodically test team capabilities against service levels.
-
Lead post-incident reviews, root cause analysis, and lessons learned, and drive continuous improvement across detections, playbooks, automations, and response processes in partnership with detection engineering, threat hunting, and platform teams.
-
Identify skill gaps across IR functions (DFIR, threat hunting, malware analysis, cloud IR, OT security, AI security, automation, etc.)
-
Ensure structured upskilling pathways with certifications, labs, simulations, and hands-on exercises
-
Build succession plans for critical roles
-
Rotate team members across different incident types and specializations to avoid stagnation
People Responsibilities
-
Lead hiring, onboarding, workforce planning, and shift/coverage management for a 24x7 incident response team.
-
Build team capability through coaching, training, scenario-based exercises, and stretch opportunities that develop responders into stronger investigators and decision makers.
-
Set clear performance expectations, measure results through defined KPIs, and hold team members accountable for quality, speed, and sound judgment.
-
Conduct regular 1:1s, provide timely coaching and feedback, and create meaningful development plans for each team member.
-
Foster a culture of calm execution, accountability, collaboration, and continuous learning during high-pressure incident response.
-
Ensure team members understand and follow cybersecurity policies, standards, and response procedures.
-
Build and strengthen Team Capability Building
-
Create individualized development plans for each analyst based on strengths, aspirations, and business needs
-
Conduct quarterly career conversations, not just performance reviews
-
Help team members understand possible cyber career paths
-
Coach analysts on executive communication and stakeholder management, not only technical depth
-
Operational Excellence Through People
-
Encourage automation mindset to reduce repetitive analyst fatigue
-
Ensure knowledge is documented and not concentrated people
Partnerships and Benchmarking
-
Partner with internal technology, infrastructure, identity, endpoint, cloud, legal, privacy, and communications teams to improve preparedness and response effectiveness.
-
Maintain strong relationships with peer security leaders, industry partners, and key vendors to benchmark capabilities and stay current on leading practices.
-
Leverage external intelligence, peer benchmarking, incident trends, and industry developments to improve team processes, playbooks, and tooling.
-
Serve as a key liaison to higher-tier detection and threat hunting teams to ensure effective escalation paths, feedback loops, and operational alignment.
Minimum Degree Requirements:
Bachelors
Preferred Degree Requirements:
Masters
-
Experience designing or governing SOAR-assisted workflows, especially enrichment, case preparation, and containment decisions.
-
Demonstrated ability to coach analysts into stronger investigators, not just stronger process executors.
-
Strong understanding of how to balance speed, business risk, and control in containment decisions.
-
Experience partnering with threat intelligence, threat hunting, detection engineering, identity, endpoint, and network teams.
-
Experience building or maturing an incident response function that combines investigator judgment with automation and orchestration.
Preferred Certifications :
GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH), CompTIA Cybersecurity Analyst (CySA+), EC-Council Certified Incident Handler (ECIH)
