Gallagher is a global leader in insurance, risk management and consulting services. We help businesses grow, communities thrive and people prosper. We live a culture defined by The Gallagher Way, our set of shared values and guiding tenets. A culture driven by our people, over 40,000 strong, serving our clients with customized solutions that will protect them and fuel their futures.

The Sr. Enterprise Incident Response Analyst will be an integral part of the Gallagher Cyber Security Operations Fusion Center. This key role will be accountable for threat identification, detection, investigations and global threat management operations, reporting directly to the Sr. Manager of Enterprise Incident Response. Primary accountabilities include managing the Incident Response (IR) program and related components, Incident Response (IR) plans, processes, playbooks and supporting technologies. The selected candidate will be required to work with senior leaders, functional business managers, regional BISO's, Business Incident Response Teams, Global Technology IT and cybersecurity operational support analyst staff to ensure the sustainability of the company's cybersecurity incident response program. The Sr. Analyst will also work closely with the Sr. Manager of Enterprise Incident Response to define and implement future Enterprise Cyber Incident Response capabilities, and transformational services with the support of Managed Security Service Providers (e.g. XDR). Additional responsibilities include supporting management in meeting additional governance and assurance requirements.
Essential Duties and Responsibilities

• In support of the Gallagher Incident Commander, lead enterprise response management during major cybersecurity incidents, orchestrating response activities with the CSIRT, BCIRT and supporting incident response teams.
• Act as a full back up and role support in the capacity of the Gallagher Incident Commander, where needed
• Development of partnerships with core business leaders and identified support teams
• Designing, implementing and optimizing the Cybersecurity Incident Response Assurance program including ongoing assessments, testing (teaming/pen), training and tabletop exercises.
• Designing, implementing and optimizing a formalized issue management program
• Governance and oversight of Managed Security Service Providers including operational reporting, service level adherent and transformational project work
• Working with Information Security and IT to strengthen the enterprises ability to protect, detect, respond and recover from cybersecurity incidents
• Identification, measurement and reporting of Incident Response program performance and risks
• Supporting cybersecurity awareness efforts throughout the enterprise

Required Qualifications:

• Bachelor degree within Information Security or an Information Technology related field
• Minimum 8+ years of IT experience with progressive responsibilities and with at least 4 years of cybersecurity experience
• Information Security certification (CISSP, CISM) or other related security certification
• Senior Information Security leader who has successfully built and managed enterprise incident response programs in fast-paced organizations
• Experience managing a cybersecurity incident response testing, training and exercise program
• Expert level of knowledge of compliance frameworks (NIST, ISO 27001, SOX, etc.), strong technical acumen, excellent leadership skills and ability to lead organization through rapid change
• Security professional with proven people management and leadership experience
• Strong verbal and written communication skills with the ability to adapt information delivery based on the target audience

Preferred Qualifications:

• Minimum 3+ year experience within crisis or incident response management
• Experience working with organizations within the financial / insurance industry
• Strong knowledge of compliance frameworks (NIST, ISO 27001, SOX, etc.)
• High level understanding of security tools and platforms including SOAR, SIEM, IPS/IDS, Security Operations, Endpoint and Server protection, Network protection, Firewalls, etc
• Strong security awareness and knowledge
• Offensive security and attack methodologies (MITRE)
• Proven ability at building working relationships with partners, peers, and senior management
• Working knowledge of IT processes (ie, ITIL) including incident, problem, defect, change and release management
• Excellent presentation, facilitation and diplomacy skills
• Experience managing regulatory and audit response activities

Work Traits

• Self-motivated, proactive, independent and responsive - requires little supervisory attention
• Highly organized, results-oriented and attentive to details
• Ability to remain calm during emergent situations
• Ability to gather, synthesize and analyze data and draw logical conclusions
• Ability to interpret, understand, and communicate real business risk in relation to technology risk
• Ability to provide expert advice, guidance, and recommendations to management and other specialists on cybersecurity incident response issues
• Ability to develop risk based incident response focused controls and measures
• Ability to lead in a fast paced, highly visible, changing environment
• Ability to lead post-incident debriefs / reviews of cybersecurity incident investigations
• Ability to multitask and manage multiple topics and demands concurrently
• Ability to influence others where there is no direct authority
• Ability to develop governance frameworks that provide identification, monitoring and risk reduction U.S. Eligibility Requirements:

U.S. Eligibility Requirements

• Interested candidates must submit an application and resume/CV online to be considered
• Are you 18 years of age or older or can you demonstrate legal capacity to enter a contract?
• Must be willing to submit to a background investigation; any offer of employment is conditioned upon the successful completion of a background investigation
• Must have unrestricted work authorization to work in the United States. For U.S. employment opportunities, Gallagher hires U.S. citizens, permanent residents, asylees, refugees, and temporary residents. Temporary residence does not include those with non-immigrant work authorization (F, J, H or L visas), such as students in practical training status. Exceptions to these requirements will be determined based on shortage of qualified candidates with a particular skill. Gallagher will require proof of work authorization
• Must be willing to execute Gallagher's Employee Agreement, or the Non-Disclosure and Confidentiality Agreement, which requires, among other things, post-employment obligations relating to non-solicitation, confidentiality and non-disclosure

Gallagher believes that all persons are entitled to equal employment opportunity and does not discriminate against nor favor any applicant because of race, sex, color, disability, national origin, religion, creed, age, marital status, citizenship, veteran status, gender, gender identity / expression, actual or perceived sexual orientation, or any other protected characteristic. Equal employment opportunity will be extended in all aspects of the employer-employee relationship, including, but not limited to, recruitment, hiring, training, promotion, transfer, demotion, compensation, benefits, layoff, and termination. In addition, Gallagher will make reasonable accommodations to known physical or mental limitations of an otherwise qualified applicant with a disability, unless the accommodation would impose an undue hardship on the operation of our business.

#LI-NP1

Additional Information