We are seeking a Cybersecurity Incident Lead to lead the coordination, execution, and continuous improvement of our security incident response program. This role is responsible for ensuring security incidents are identified, triaged, contained, communicated, and learned from effectively across a complex, multi-business-unit environment.
The Incident Manager will act as the central operational leader during security incidents, bridging Security Operations, IAM, Engineering, Legal, Communications, and business stakeholders. This role is critical to reducing response time, limiting business impact, and improving organizational resilience against recurring threats such as social engineering, identity abuse, and cloud exposure.
Key Responsibilities Incident Response Investigation & Leadership
Serve as the primary incident coordinator for cybersecurity events, including social engineering, identity compromise, data exposure, and cloud security incidents.
Lead incident triage, severity assessment, and escalation to ensure the right stakeholders are engaged quickly.
Investigate and analyze: examine data from active and historical cases to uncover attack vectors, root causes, and emerging threats. Lead investigations to drive actionable findings and inform response strategies.
Coordinate containment, eradication, and recovery activities across Security Operations, IAM, SecEng, IT, and business units. Ensure after action reviews are conducted and follow-on plans are implemented.
Maintain IR playbooks, escalation paths, and communication templates.
Ensure incidents are handled consistently, efficiently, and in accordance with established response playbooks.
Executive & Stakeholder Communication
Own incident communications, including:
Situation updates during active incidents
Clear post-incident summaries
Executive briefings
Translate technical findings into business impact, risk, and decision-oriented messaging.
Contribute to recurring security reporting by incorporating incident trends, metrics, and lessons learned.
Program Maturity & Readiness
Help mature the organization’s incident management framework, including:
Incident severity models
Roles and responsibilities
On-call and escalation procedures
Lead tabletop exercises and simulations focused on high-risk scenarios such as:
Social engineering and identity abuse
Data exposure involving public or regulated datasets
Cloud misconfiguration and multi-tenant impact
Qualifications
5-8 Years of Experience managing or coordinating the full lifecycle of security incidents in an enterprise environment.
Proven ability to lead through influence across technical and non-technical teams.
Excellent written and verbal communication skills and experience briefing senior leadership.
Experience with security tooling to include but not limited to SIEM, EDR, IAM platforms, cloud security, DSPM tools, and ticketing systems.
Strong understanding of security operations workflows, attack techniques, and mitigation strategies.
Calm, structured decision-making under pressure.
Preferred
Experiencing building or maturing incident response programs in distributed, multi-org companies.
Experience using automation to improve incident workflows, response consistency, and follow-through.
Familiarity with regulatory or privacy considerations in media, healthcare, or regulated environments.
Why This Role Matters
By centralizing incident leadership and improving communication, the Incident Manager will help the organization:
Reduce the impact of security incidents
Prevent repeat failuresImprove executive confidence in security operations
Turn incidents into actionable improvements, not one-off fire drills
In accordance with applicable law, Hearst is required to include a reasonable estimate of the compensation for this role if hired in New York City. The reasonable estimate, if hired in New York City, is $160,000-$170,000. Please note this information is specific to those hired in New York City. If this role is open to candidates outside of New York City, the salary range would be aligned to that specific location. A final decision on the successful candidate’s starting salary will be based on a number of permissible, non-discriminatory factors, including but not limited to skills and experience, training, certifications, and education. Hearst provides a competitive benefits package, including medical, dental, vision, disability and life insurance, 401(k), paid holidays and paid time off, employee assistance programs, and more.
#J-18808-Ljbffr
The Incident Manager will act as the central operational leader during security incidents, bridging Security Operations, IAM, Engineering, Legal, Communications, and business stakeholders. This role is critical to reducing response time, limiting business impact, and improving organizational resilience against recurring threats such as social engineering, identity abuse, and cloud exposure.
Key Responsibilities Incident Response Investigation & Leadership
Serve as the primary incident coordinator for cybersecurity events, including social engineering, identity compromise, data exposure, and cloud security incidents.
Lead incident triage, severity assessment, and escalation to ensure the right stakeholders are engaged quickly.
Investigate and analyze: examine data from active and historical cases to uncover attack vectors, root causes, and emerging threats. Lead investigations to drive actionable findings and inform response strategies.
Coordinate containment, eradication, and recovery activities across Security Operations, IAM, SecEng, IT, and business units. Ensure after action reviews are conducted and follow-on plans are implemented.
Maintain IR playbooks, escalation paths, and communication templates.
Ensure incidents are handled consistently, efficiently, and in accordance with established response playbooks.
Executive & Stakeholder Communication
Own incident communications, including:
Situation updates during active incidents
Clear post-incident summaries
Executive briefings
Translate technical findings into business impact, risk, and decision-oriented messaging.
Contribute to recurring security reporting by incorporating incident trends, metrics, and lessons learned.
Program Maturity & Readiness
Help mature the organization’s incident management framework, including:
Incident severity models
Roles and responsibilities
On-call and escalation procedures
Lead tabletop exercises and simulations focused on high-risk scenarios such as:
Social engineering and identity abuse
Data exposure involving public or regulated datasets
Cloud misconfiguration and multi-tenant impact
Qualifications
5-8 Years of Experience managing or coordinating the full lifecycle of security incidents in an enterprise environment.
Proven ability to lead through influence across technical and non-technical teams.
Excellent written and verbal communication skills and experience briefing senior leadership.
Experience with security tooling to include but not limited to SIEM, EDR, IAM platforms, cloud security, DSPM tools, and ticketing systems.
Strong understanding of security operations workflows, attack techniques, and mitigation strategies.
Calm, structured decision-making under pressure.
Preferred
Experiencing building or maturing incident response programs in distributed, multi-org companies.
Experience using automation to improve incident workflows, response consistency, and follow-through.
Familiarity with regulatory or privacy considerations in media, healthcare, or regulated environments.
Why This Role Matters
By centralizing incident leadership and improving communication, the Incident Manager will help the organization:
Reduce the impact of security incidents
Prevent repeat failuresImprove executive confidence in security operations
Turn incidents into actionable improvements, not one-off fire drills
In accordance with applicable law, Hearst is required to include a reasonable estimate of the compensation for this role if hired in New York City. The reasonable estimate, if hired in New York City, is $160,000-$170,000. Please note this information is specific to those hired in New York City. If this role is open to candidates outside of New York City, the salary range would be aligned to that specific location. A final decision on the successful candidate’s starting salary will be based on a number of permissible, non-discriminatory factors, including but not limited to skills and experience, training, certifications, and education. Hearst provides a competitive benefits package, including medical, dental, vision, disability and life insurance, 401(k), paid holidays and paid time off, employee assistance programs, and more.
#J-18808-Ljbffr