Cyber Incident Response Planner

Job Description We are seeking an experienced and highly motivated Cyber Incident Response Planner to drive the development and implementation of robust incident response plans and processes. As an integral part of the Governance, Risk, and Compliance (GRC) Division within the Information and Cybersecurity Department, you will lead response efforts to mitigate cybersecurity breaches, minimize risk, and safeguard enterprise systems. This role requires a skilled communicator, critical thinker, and experienced responder who thrives in staying ahead of the evolving threat landscape. This is a cross-functional role offering the opportunity to work across teams, contribute to enterprise risk management, and help build a strong incident response culture. The ideal candidate will bring technical expertise, communication acumen, and leadership skills to effectively influence and collaborate across multiple stakeholder groups. This role reports to the GRC Manager and is designated as on-site, with a current expectation of two days in the office due to space considerations. Work will be performed in the Eastern Time Zone (ET) in Atlanta, GA. Key Responsibilities Incident Response Planning & Implementation u2022u2003Maintain governance over incident response (IR) documentation. Develop, document, and implement comprehensive IR plans, policies, standards and procedures to ensure swift and effective responses to cybersecurity incidents or breaches. u2022u2003Update and maintain IR documentation, workflows, automation initiatives, and response playbooks and similar, to remain aligned with evolving threats and operational requirements. u2022u2003Create and maintain secure methods for tracking and reporting IR activities. Incident Handling & Coordination u2022u2003Assist with handling of security events/incidents, including triage, remediation, documentation of the incident, including Indicators of Compromise (IOCs), and escalation to management. u2022u2003Coordinate incident investigations, containment, and recovery efforts in collaboration with internal teams and external stakeholders. u2022u2003Serve as a liaison, ensuring clear and accurate communication of incident details while gathering information for stakeholders across multiple departments and governance bodies. Observe and document events during cybersecurity incidents and exercises to facilitate post-incident response reviews to identify and implement comprehensive improvements based on the lessons learned. u2022u2003Submit required IR reports to governing bodies to meet legal, regulatory, contractual, and policy obligations (e.g., federal agencies or institutional reporting directives). Threat Awareness & Communication u2022u2003Maintain a deep and current understanding of the threat landscape, including malware identification, threat actor activity, and emerging attack vectors. u2022u2003Continuously analyze and consult various publications, websites, news sources, and cyber forums to monitor cyber threats relevant to our environment. u2022u2003Effectively communicate risks, threats, and potential impacts to stakeholders outside of the cybersecurity domain in a clear and actionable manner. Testing & Validation u2022u2003Plan and execute incident response exercises, (e.g., tabletop exercises, simulations, and controlled disruptions) to validate and enhance organizational IR capabilities. u2022u2003Facilitate post-incident response exercise reviews to identify gaps, implement lessons learned, and refine IR processes. Data Analysis & Enterprise Incident Management u2022u2003Manipulate, analyze, and interpret complex datasets to support cybersecurity investigations and enterprise risk initiatives. u2022u2003Leverage GRC tools to enhance enterprise cybersecurity risk management processes. u2022u2003Identify opportunities to automate and innovate IR workflows for improved efficiency. Additional Responsibilities General GRC Support u2022u2003Resolve service desk incidents and issues assigned by the GRC team. u2022u2003Review and contribute to cybersecurity documentation for completeness, currency, and accuracy, such as plans for system security, incident response, contingency, disaster recovery, and business/impact analysis. Update as necessary. u2022u2003Contribute to the preparation of regulatory and compliance reports, collaborate with other organizational units ensuring data accuracy and compliance We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: Skills and Requirements u2022u2003Minimum of two (2) years of demonstrated incident response experience, including active participation as a member of an IR team, or supporting incident-handling activities. u2022u2003Strong knowledge of incident response protocols, malware operation, containment techniques, and overall threat remediation strategies. u2022u2003 Proven experience in performing investigation, analysis, containment, and recovery activities as part of IR efforts. u2022u2003Ability to handle time-sensitive situations with a calm and professional attitude while maintaining an appropriate sense of urgency u2022u2003Effective project management and organizational skills, including managing multiple, concurrent tasks and meeting deadlines u2022u2003Solid technical understanding of cybersecurity concepts, standards, guidelines, and principles u2022u2003Experience with industry-recognized security and analysis frameworks (MITRE ATT&CK, Cyber Kill Chain, NIST CSF, etc.) u2022u2003Strong expertise in communication, especially when working with cross-functional stakeholders. u2022u2003Excellent interpersonal skills and ability to create collaborative relationships with colleagues across various groups and levels, and influence without authority u2022u2003Familiarity with one or more GRC tools and experience implementing related workflows. u2022u2003Data analysis experience, with the ability to interpret trends, IOCs, and response requirements from complex datasets. u2022u2003Attention to detail, critical thinking, and the ability to maintain composure under pressure. u2022u2003One or more mid-level cybersecurity certifications such as Certified Ethical Hacker (CEH), PenTest+, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Enterprise Defender (GCED), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH) or equivalent certification u2022u2003Minimum of five (5) years in an incident response-related role, with experience as an incident manager, incident commander, or equivalent incident response leadership role u2022u2003Strong familiarity with enterprise risk management processes and tools. u2022u2003Demonstrated expertise in automation, scripting workflows, or other operational and process innovations. u2022u2003Knowledge of data manipulation tools and techniques to enhance rapid analysis and response during incidents. u2022u2003Customer service experience and the ability to liaise effectively between various internal and external teams. u2022u2003Previous experience with Controlled Unclassified Information (CUI), compliance reporting, or supporting federally driven initiatives is a plus. u2022u2003One or more senior-level cybersecurity certifications such as Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or equivalent certification

Created: 2026-01-23