Job Summary
This role is not a IT-focused Security Operations (SOC) threat monitoring, incident identification and investigation activity. This role will support the overall cyber response program, which is heavily focused on business response and fully integrated into the enterprise crisis management program. The Cyber Response Manager will be primarily responsible for day-to-day delivery of cyber response /crisis management program activities, including providing guidance and consultation to employees across the enterprise to ensure compliance. Support response to situations impacting Molina’s data, people, property, or facilities. Assist in special projects and risk mitigation programs to strengthen organizational resiliency. Develop, communicate, and execute cyber crisis management plans and playbooks. Coordinate and lead cyber crisis management tabletops, process and procedure testing and corrective actions. Lead cross-functional crisis and incident management teams during an enterprise-wide cyber crisis. Conduct incident after action reviews to identify strengths, improvement opportunities and track corrective actions. Support the Cyber Crisis Enterprise strategy to ensure cyber incidents are well organized, executed and resolved.
Partners closely with IT Security, Business Continuity, Disaster Response, and the Protection Services Operations Center to ensure appropriate engagement and escalation protocols to support business and technology incidents. Coordinate with MHI, Health Plan, and Health Plan Services staff to consult on the design, development and deployment of scalable solutions, tools and capabilities that align to the company’s goals and effectively address business objectives and requirements. Serves as the alternate enterprise crisis management interfacing with Molina's senior executive team and leading the organization through man-made or natural disasters.
Job Duties
- Drive commitment, support, ownership, accountability and results for the enterprise Cyber Response, Incident Response and Crisis Management activities
- Assist with cyber response program and process documentation including policies, procedures, frameworks, templates, and work instructions in support of the program and meeting regulatory requirements.
- Conduct research and analysis to support programs and projects
- Develop and conduct employee training to create awareness for areas of responsibility
- Support enterprise threat and cyber crisis response activities including:
- Incident notifications and situational updates
- Employee emergency notifications
- Threat monitoring and analysis. Notification of threat to appropriate stakeholders
- Cyber Incident Response team meeting coordination and minutes
- Support state-specific incident response leadership
- Facilitate support for impacted business operations
- Prepare comprehensive, timely, and detailed after-action reports
- Analyze trends across incidents and exercises to recommend improvements that may not be apparent from looking at each incident or exercise in isolation.
- Assist with documenting the standards, SOPs, Incident Response playbooks, escalation protocols, etc. to facilitate response capabilities
- Validate, test, and identify gaps in strategies and communicating results to leadership
- Reviews and provides input on select enterprise systems, tools, and services to ensure effective planning, testing and response capabilities including out of band options
- Periodically test and ensure readiness of continuity tools, including tools for out-of-band notification or incident communications.
- Establish and maintain communication with enterprise crisis management, incident response team, and state-specific response team members
- Coordinate with Cyber Response Teams, CISO, Legal, Privacy, and Protection Services Operations Center to respond to and support cyber crisis situations
- Develop, enhance, and improve enterprise crisis management, cyber response while supporting incident plans and state-specific response plans. Ensure annual plan compliance requirements are achieved
- Implement processes, procedures and systems that will help ensure that the company’s continuity capabilities remain in compliance with all laws, regulations, and best practices.
- Assist in the evaluation, design and deployment of integrated systems and technology that support response, intelligence, service delivery and organizational strategy.
- Maintain roster of cyber crisis management and incident response team members
- Conduct annual training of all crisis management and incident response plans or as changes to each location team. Prepare comprehensive, timely, and detailed test reports
- Maintain lessons learned and remediation tracker. Ensure items requiring remediation are resolved within a timely manner
- Assist in development of metrics and measurements supporting program evolution, validation, and business awareness
- Other duties as assigned by leadership
Job Qualifications
Required Education:
Bachelor’s degree in an applicable field
Required Experience:
- Minimum of 7 years operational experience across crisis management, resilience and cybersecurity incident response disciplines
- 5 years of corporate business experience in Cyber Response, Incident Response, Crisis management, Disaster Recovery, and Resilience.
- Experience conducting risk assessments, business process or control auditing.
- Strong documentation skills - detailed tracking, executive briefings, and reports, etc.
- Practical understanding of technical/security concepts such as network architecture design, logical access controls, vulnerability management, encryption, and cloud computing.
- Problem solving and analytical abilities including the ability to critically evaluate information gathered from multiple sources, reconcile conflicts, decompose high-level information into details and apply sound business knowledge.
- Strong organizational, interpersonal, analytical, verbal, and written communication skills are essential.
- Ability to build and maintain customer relationships; strong team player, able to meet deadlines and adjust to changing priorities.
- Demonstrated focus on process development and implementation that spans organizational boundaries.
- Self-starter with ability to work independently and to manage multiple tasks/projects in a disciplined and organized fashion while maintaining attention to detail.
- Ability to work collaboratively with team members, some of which may be geographically distributed.
- Power BI experience a plus
- BC in the Cloud, Everbridge and Envoy platform/tool experience
- Familiar with Kroll, CrowdStrike, or other forensics/cyber investigation providers
Required Licensure or Certification:
Required Knowledge, Skills, and Abilities:
- A strong grasp and hands-on experience in cyber incident response, disaster response and crisis management
- Understand cyber response and recovery stages and the fundamentals of incident response planning, testing, exercises
- Situational awareness and responding to incidents that pose a threat to company, property, data, or people
- Creation of metrics, reporting and analysis
- Cyber trends – ransomware, malware, phishing, insider threat, etc.
- ChatGPT and CoPilot—using AI for research
- Familiarity with industry best practices and standards for cyber and crisis events
- Project Management
- Experience with industry standard tools and concepts. BC in the Cloud, Everbridge and Envoy platform/tool experience preferred
Preferred Qualifications:
- BCI or DRII certification(s) a plus; Cyber certifications preferred CISA or CISSP
- Master’s degree preferred.
Travel Requirements:
Air Travel: 5-10%