Senior Manager, Group Cyber Incident Response(m/w/x)

Reference Code: 110959 # Senior Manager, Group Cyber Incident Response Richemont Bellevue, GE, CH Permanent **Senior Manager, Group Cyber Incident Response** **CONTEXT** The Senior Manager, Group Cyber Incident Response (IR) is a critical leadership role within the Group CSIRT, reporting to the Head of Group Cyber Fusion Operations Center. This position is accountable for designing, executing and continuously maturing a unified, end-to-end incident response capability across all regions (APAC, EMEA and Americas). You will lead the Regional Cyber IR Managers in APAC, Europe and US, ensuring consistency of people, processes and tools; serve as the ultimate escalation point for major incidents; and deliver enterprise-wide visibility into cyber threat posture, response performance and control effectiveness. **HOW WILL YOU MAKE AN IMPACT?** * **Global Incident Response Strategy & Governance** * Partner with the Head of Group Cyber Fusion Operations Center, Group CISO and CSO office to define and maintain a coherent, scalable incident response strategy and governance framework that aligns with the broader Security and Risk strategies * Establish global policies, standards, and playbooks; ensure regional adaptation while preserving consistency in methodology, tooling, and metrics * **Team Leadership & Development** * Directly manage three Regional Cyber IR Managers, setting objectives, conducting performance reviews, and fostering a culture of continuous learning and excellence * Drive talent development programs (mentoring, certification roadmaps, cross-regional rotations) to build bench strength and reduce single-points of dependency * **Incident Oversight & Escalation** * Serve as the global escalation point for high-impact or cross-region incidents; coordinate executive-level communications and decisions * When needed act as Incident Commander ensuring coordination of filed activities, external stakeholders and executive reporting * Oversee post-incident reviews (PIRs) across regions, ensuring lessons learned drive actionable improvements in detection, containment, and recovery * Forward crisis management to C-Level * **Operational Excellence & Continuous Improvement** * Define enterprise-wide KPIs (e.g., Mean Time to Detect, Mean Time to Respond, playbook adherence) and dashboard reporting to provide the Head of CSIRT with real-time insights into IR effectiveness * Lead quarterly IR maturity assessments, leveraging industry frameworks (e.g., NIST, SANS) to benchmark and prioritize investments in people, process, and technology * **Playbook & Toolchain Management** * Standardize and version-control incident response playbooks, ensuring they address emerging threat scenarios (e.g., supply-chain attacks, cloud compromises, ransomware) * Evaluate and pilot advanced IR tooling (EDR/XDR, SOAR orchestration, threat intelligence platforms) to automate repetitive tasks and elevate analyst productivity * **Stakeholder Engagement & Communication** * Liaise with Global Security Operations, IT, Legal, Compliance, and Business Continuity teams to integrate incident response into enterprise risk management * Present quarterly IR program reviews to the Security Leadership Team and provide executive summaries for the Audit & Risk Committee **HOW WILL YOU EXPERIENCE SUCCESS WITH US?** * **Leadership & Communication** * Exceptional people-management skills: Demonstrate ability to lead by example, inspire, coach, and hold accountable a geographically dispersed leadership team * Active Listening: Prioritize attentive, non-judgmental listening to ensure all voices are heard and valued * Executive-caliber communication: adept at translating technical findings into risk-based business recommendations * Experience engaging with Boards, Audit Committees, and regulators on incident response posture, metrics, and compliance * **Experience & Certifications** * 8+ years in Cyber Security, with at least 3 years managing multiple IR teams or managers in a global/multinational setting * Proven track record coordinating large-scale, complex cyber investigations and cross-border incident escalations * Industry certifications such as CISSP, GCIH, GCFA, GCIA or equivalent; advanced credentials (e.g., OSCE, GREM) highly desirable * **Technical & Analytical skills** * Deep understanding of modern threat landscapes, including advanced persistent threats (APTs), ransomware ecosystems, and cloud-native attacks * Proficiency with SIEM, EDR/XDR, SOAR platforms, threat intelligence sources, and log analytics * Strong data-driven mindset; able to derive insights from incident metrics, logs, and telemetry to guide strategic decisions * **Personal attributes** * Collaborative mindset with a bias for action under pressure * High integrity, resilience, and commitment to driving a security-first culture * Fluent in English; additional languages (e.g., French) are a strong asset **WHAT MAKES OUR GROUP DIFFERENT?** Our true power does not lie in our similarities but in the rich diversity of our arts, cultures, and human skills, as well as our specific ability to foster untapped potential. - We value freedom, collegiality, loyalty, and solidarity. - We foster empathy, curiosity, courage, humility, and integrity. - We care for the world we live in.