• Serve as the primary incident coordinator for cybersecurity events, including social engineering, identity compromise, data exposure, and cloud security incidents. 

• Lead incident triage, severity assessment, and escalation to ensure the right stakeholders are engaged quickly. 

• Investigate and analyze: examine data from active and historical cases to uncover attack vectors, root causes, and emerging threats. Lead investigations to drive actionable findings and inform response strategies. 

• Coordinate containment, eradication, and recovery activities across Security Operations, IAM, SecEng, IT, and business units. Ensure after action reviews are conducted and follow-on plans are implemented. 

• Maintain IR playbooks, escalation paths, and communication templates. 

• Ensure incidents are handled consistently, efficiently, and in accordance with established response playbooks. 

• Own incident communications, including: 

• Situation updates during active incidents 

• Clear post-incident summaries 

• Executive briefings 

• Translate technical findings into business impact, risk, and decision-oriented messaging. 

• Contribute to recurring security reporting by incorporating incident trends, metrics, and lessons learned. 

• Help mature the organization’s incident management framework, including: 

• Incident severity models 

• Roles and responsibilities 

• On-call and escalation procedures 

• Lead tabletop exercises and simulations focused on high-risk scenarios such as: 

• Social engineering and identity abuse 

• Data exposure involving public or regulated datasets 

• Cloud misconfiguration and multi-tenant impact 

• 5-8 Years of Experience managing or coordinating the full lifecycle of security incidents in an enterprise environment. 

• Proven ability to lead through influence across technical and non-technical teams. 

• Excellent written and verbal communication skills and experience briefing senior leadership. 

• Experience with security tooling to include but not limited to SIEM, EDR, IAM platforms, cloud security, DSPM tools, and ticketing systems. 

• Strong understanding of security operations workflows, attack techniques, and mitigation strategies. 

• Calm, structured decision-making under pressure. 

• Experiencing building or maturing incident response programs in distributed, multi-org companies. 

• Experience using automation to improve incident workflows, response consistency, and follow-through. 

• Familiarity with regulatory or privacy considerations in media, healthcare, or regulated environments. 

• Reduce the impact of security incidents 

• Prevent repeat failures 

• Improve executive confidence in security operations 

• Turn incidents into actionable improvements, not one-off fire drills 

In accordance with applicable law, Hearst is required to include a reasonable estimate of the compensation for this role if hired in New York City.  The reasonable estimate, if hired in New York City, is $160,000-$170,000.  Please note this information is specific to those hired in New York City.  If this role is open to candidates outside of New York City, the salary range would be aligned to that specific location.  A final decision on the successful candidate’s starting salary will be based on a number of permissible, non-discriminatory factors, including but not limited to skills and experience, training, certifications, and education.  Hearst provides a competitive benefits package, including medical, dental, vision, disability and life insurance, 401(k), paid holidays and paid time off, employee assistance programs, and more.