Head of Cyber Incident Response
Role details
Job location
Tech stack
Job description
- Lead Guardian's Cyber Incident Response and Threat Mitigation function
- Own incident response strategy, operations, plans, playbooks, and communication protocols
- Run the Corporate Cyber Incident Response Team, coordinating response across technology and business teams
- Lead triage and response for major incidents escalated from the SOC
- Build strong operational readiness through tabletop exercises, testing, and cross-team collaboration
- Partner with business continuity and disaster recovery teams to ensure integrated response to large-scale incidents
- Oversee third-party incident response retainers and external engagements
- Ensure incidents are properly handled, documented, reported, and reviewed with clear metrics and lessons learned
- Drive continuous improvement in detection, logging, monitoring, and UBA capabilities
- Identify and champion risk mitigation opportunities across the enterprise
- Collaborate with cybersecurity leadership on strategy, vendor management, and talent development
- Support audits, due-diligence requests, and regulatory inquiries
- Hire, mentor, and develop team members, including performance and career management
Requirements
Guardian is seeking a Head of Cyber Incident Response to lead enterprise-wide cyber incident response and threat mitigation efforts. This role requires a proven cybersecurity leader with strong technical depth, sound judgment, and the ability to lead teams through high-impact events while partnering effectively across the organization.
The ideal candidate brings hands-on incident response expertise, strong communication skills, and experience operating in regulated environments. This leader drives preparedness, response, and continuous improvement while living Guardian's operating principles and leading through change with confidence.
You Have
- 7+ years of broad cybersecurity or technology experience, including public cloud environments
- 5+ years of leadership experience in cybersecurity or incident response roles
- Deep knowledge of incident response methodologies, evidence preservation and handling
- Knowledge of NIST CSF, MITRE, and other cybersecurity frameworks, with experience in vulnerability research and mitigation
- Hands-on experience with malware analysis and responding to multiple cyber-attack types, including ransomware incidents
- Strong written and verbal communication skills with experience engaging technical and non-technical stakeholders
- Experience working cross-functionally with Legal, HR, Compliance, Communications, IT, and business leaders
- Knowledge of threat hunting, cyber threat intelligence, and risk mitigation strategies
- Experience in financial services or other regulated environments, including U.S. privacy regulations
- Ability to lead, develop, and retain high-performing, diverse teams
- Knowledge of SIEM, XDR, and SOAR platforms (Splunk preferred), including logging, monitoring, insider threat, and UBA concepts
- BA/BS or MS in a relevant field; cybersecurity certifications preferred
- A continuous learner with an analytical and improvement-focused mindset
Benefits & conditions
$152,290.00 - $250,195.00
The salary range reflected above is a good faith estimate of base pay for the primary location of the position. The salary for this position ultimately will be determined based on the education, experience, knowledge, and abilities of the successful candidate. In addition to salary, this role may also be eligible for annual, sales, or other incentive compensation.
Our Promise
At Guardian, you'll have the support and flexibility to achieve your professional and personal goals. Through skill-building, leadership development and philanthropic opportunities, we provide opportunities to build communities and grow your career, surrounded by diverse colleagues with high ethical standards.
