BrightOwl Loader Loading

Consultant-Incident Response & Coordination Lead - United States  

Lilly (company)

Posted on : 01 May 2017

Project Description

Consultant-Incident Response & Coordination Lead
United States
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
The Information Security organization has a mission to protect the confidentiality, integrity and availability of information that enables Lilly’s organizational mission to make medicines that help people live longer, healthier, more active lives. To deliver on its mission, the Detect and Respond team protects Lilly’s core business functions against impacts resulting from cyber-attacks through threat identification, detection, and response activities.
This role is part of the Detect and Respond - Investigation and Response team that is a dedicated point of contact and a center of excellence for information security (infosec) incident investigations and response.
The Incident Response and Coordination Lead is responsible for tier three response to unmitigated infosec incidents, carrying out the duties of the Incident Coordinator as outlined in the Corporate Incident Response Plan, the maintenance, testing of and maturation of the Corporate Incident Response Plan and other duties. The Incident Response and Coordination Lead must have a strong working knowledge of the Detect and Respond use cases, response plans and should be among the most experienced and knowledgeable members of the team. This role is a critical component of the team.
The individual in this role must be able to facilitate and engage in discussions across a number of key leaders from multiple business functions within Lilly, as well as key areas of IT including IT infrastructure. The role requires an after-hours response to medium and high severity infosec incidents.
This position is located at the Lilly Corporate Center and will report to the Investigation and Response Manager

Key responsibilities include:
  • Respond to potential medium and high severity level incidents as the Incident Coordinator as outlined in the Corporate Incident Response Plan
  • Maintain, test and mature the Corporate Incident Response Plan
  • Determine appropriate responses to escalated tier two infosec incidents
  • Perform periodic case reviews of infosec cases for compliance to processes and lessons learned
  • Key contributions to infosec incident use case and response plans
  • Engage representatives from Legal, IT, HR, Privacy, key business units, and Information Security to fully understand infosec incidents, the severity and the appropriate response plan
  • Respond to escalated low level incidents from the tier 2 response team
  • Respond to infosec incidents in a timely manner and adhere to documented repeatable processes
  • Thinking analytically & paying attention to detail
  • Develop collaborative information and knowledge sharing networks and build alliances with colleagues and counterparts internally and externally to the organization around infosec incident response
  • Recommend and propose methods, technologies, or processes that could improve the effectiveness of infosec incident response functions including counter measures or mitigating controls
  • Bachelor's degree in Computer Science, Information Technology or related field
  • Five – eight years’ experience in infosec
  • GCIH - GIAC Certified Incident Handler certification
  • Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position
  • Ability to document and explain technical details clearly and concisely
  • Excellent interpersonal and organizational skills
  • Fluent in infosec detection logic
  • Ability to write analytical information products and clearly articulate findings
  • Ability to effectively manage multiple tasks concurrently on a regular basis
  • Ability to problem solve and have critical thinking capabilities in complex environments
  • Ability to assess infosec incidents promptly and effectively and communicate a course of action to respond to the incident while mitigating risk and limiting impact
  • Ability to communicate security principles and techniques at an executive level
  • CISSP® - Certified Information Systems Security Professional certification
  • Expertise in infosec incident response
  • GCIA - GIAC Certified Intrusion Analyst certification or other equivalent
  • ECIH - EC-Council Certified Incident Handler certification or other equivalent
  • Strong working knowledge of:
    • Platform Security Basics
    • Threat Lifecycle Management
    • TCP / IP
    • Incident Management
    • ITIL
  • Working knowledge of Security Information and Event Management (SIEM) technology and use
  • Knowledge of cyber defense techniques to defend against advanced attackers
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.