Senior Global Cybersecurity Incident & Response Manager

Location US-IL-Northbrook
Job ID
# of Openings
Job Category
Information Technology


E&A.Software.Tech.IT û People working - Secure

At UL, we know why we come to work.

Thousands of us around the world wake up every day with a common purpose: to make the world a safer, more secure and sustainable place. Science is in our DNA; we are endlessly curious and passionate about seeking and speaking the truth. We take delight in knowing that our work makes a meaningful contribution to society, and we are proud that our culture is centred on integrity, collaboration, inclusion and excellence. UL Solutions stands at the forefront of technological advancement, and we are continually challenged to find new ways to foster innovation and positive change. Satisfying? Yes. Exciting? Absolutely!


The Global Cybersecurity Incident Management & Response Sr. Manager will be responsible for the front line of defense against security incidents directed at the IT platforms and automated information systems (security Incidents), and the performance of the Incident Response Team. 


This role reports to the Global Cybersecurity Operations Director and quarterly to the security committee or equivalent. During high-impact incidents, this role may be required to brief senior management directly and interact with the crisis management team.

What you’ll learn & achieve:

The Global Cybersecurity Incident Management and Response Sr. Mgr. will develop, maintain or support an intelligence capability to identify current and emerging security risks to the organization. The Global Cybersecurity Incident Management and Response Sr. Mgr. will:

  • Acts as a liaison between industry peers, government agencies (including law enforcement) and other specialists
  • Utilizes commercial intelligence providers to gain insight into adversary tactics, techniques and procedures, as well as planned activities and emerging motivations
  • Coordinates with the security operations center, provided internally or by an externally managed security services provider, to identify and assess security incidents
  • Advises the security advisory board of significant emerging threats, and recommend both strategic and tactical steps to counteract these threats

The Global Cybersecurity Incident Management and Response Sr. Mgr. will exercise or support the preparedness of various parts of the organization to respond to security incidents via the following activities:

  • In consultation with the crisis management team, develops and delivers tabletop preparedness exercises at the executive committee level, at least annually
  • Leads quarterly reviews of the incident response plan to ensure accuracy in accordance with organizational and infrastructure changes
  • Participates in industry exercises

Security Incident Management

Leading the organization's response to security incidents, the Global Cybersecurity Incident Management and Response Sr. Mgr. will perform the following tasks:

  • Develops and maintains the security incident response process, including all required supporting materials
  • Develops functional requirements for roles that will be involved in the CSIRT program
  • Works with business units, IT functions and external providers to ensure that the process is mutually understood and agreed on, and that responsibilities are clear and accepted
  • Acts as a liaison throughout the entire organization (including, but not limited to, enterprise IT services, lines of business, public relations, legal counsel and customer call centers)
  • Initiates the security incident response process, and executes decision authority to the extent of the role within that process
  • Ensures execution of the incident response process to the resolution of the incident
  • Ensures generation, maintenance and protection of required incident records, such as investigator journals
  • Organizes, participates in and, if required, chair post-incident reviews for presentation to the senior management
  • Ensures the delivery of threat intelligence collected from incident engagements to threat intelligence teams and content creators for the purpose of operationalizing
  • Provides specialized security support for other events that fall outside the security incident realm, such as fraud attempts based on electronic channels or high-impact outages due to reasons other than security
  • Organizes the day-to-day management of the CSIRT, including staffing, employee development, budgeting and other relevant management functions.
  • Assists in e-discovery procedures when necessary

Work Arrangements

Under normal operating conditions, this role will work to the usual organizational policies and norms of the broader team. However, if the Global Cybersecurity Incident Management and Response Sr. Mgr. is notified outside of normal working hours of a potential incident, then the Global Cybersecurity Incident Management and Response Sr. Mgr. will be expected to perform the role out of hours to the extent required to protect the organization.


The Global Cybersecurity Incident Management and Response Sr. Mgr. will be expected to ensure that the Incident Response Team is suitably equipped to operate 24 hours a day, 365 days a year and off-site as needed.

What makes you a great fit:

Education, Training & Previous Experience

  • Bachelor's or master's degree in IT, engineering, business, management or a related field, or equivalent work experience
  • Tertiary qualifications in information or security, or industry qualifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), CERT Incident Response Process Professional Certificate, or EC-Council Certified Incident Handler (ECIH)

The following experience is considered essential experience:

  • In-depth experience in security incident management processes and tools
  • [10-15] years of technology experience, including troubleshooting and performing root cause analysis of complex IT solutions
  • [5+] years of demonstrated leadership experience building consensus across IT domains to include cloud services
  • [5+] years of demonstrated experience managing a high-performing, cohesive security response team
  • [5+] years of demonstrated experience in liaising with middle and senior management of a large commercial enterprise 

Desired, but not required:

  • Experience in working with the Forum of Incident Response and Security Teams (FIRST) or an equivalent organization
  • Experience in working with law enforcement or other relevant government agencies
  • [5+] years of hands-on IT or information security assessment in a commercial environment subject to the caveat below

Knowledge and Skills

The Global Cybersecurity Incident Management and Response Sr. Mgr. must have in-depth knowledge of the following:

  • Methods and motivations adopted by adversaries to attack IT platforms and automated information systems
  • Security incident management processes and tools
  • Operations and support organizations (e.g., Infrastructure)
  • Security risk assessment process
  • Security forensic techniques, tools and procedures for on-premises and cloud environments
  • Threat intelligence management lifecycle
  • IT end-to-end problem management and root cause analysis is desirable
  • Legal requirements for privacy of personal information from employees and customers

The Global Cybersecurity Incident Management and Response Sr. Mgr. must have these skills:

  • Strong communication skills with a proven ability to understand key concepts and communicate with technical staff, lines of business and senior management
  • Proven ability to build relationships and influence individuals at all levels in a matrixed environment, as well as external vendors and service providers, to ensure that segregation and overlapping roles are identified and coordinated
  • Strong organizational skills and the ability to perform in a command-and-control role under pressure, and the ability to manage multiple priorities with competing demands for resources.
  • Ability to consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios
  • Strong analytical and problem-solving skills
  • Proficiency in process formulation and improvement
  • Proficiency working in a fast-paced, complex, dynamic, multicultural business environment

Personal Characteristics (Optional)

The Global Cybersecurity Incident Management and Response Sr. Mgr. acts in a leadership role and must demonstrate mature leadership behaviors in the following areas:

  • High levels of integrity in the conduct of personal and professional affairs
  • Calmness and clarity of thought under pressure
  • Ability to maintain confidentiality
  • Ability to maintain the goals and culture of the organization
  • Ability to understand the values of team members and to motivate them appropriately

Understanding of strategic business objectives and the ability to drive results toward those objectives

UL has COVID-19 protocols and policies in place to ensure the safety of our employees, customers and clients. Effective November 1, 2021, the company mandates that employees are vaccinated against COVID-19 as a condition of employment (except where prohibited by law), subject to reasonable accommodation as required by law.

What you’ll experience working at UL:

  • Mission: For UL, corporate and social responsibility isn’t new. Making the world a safer, more secure and sustainable place has been our business model for the last 125 years and is deeply engrained in everything we do.  You will shape the way we approach and deliver our solutions to promote safe living and working environments for people everywhere.
  • People: Ask any UL employee what they love most about working here, and you’ll almost always hear, “the people”. Work with colleagues, who you can listen and learn from and challenge each other so that you can continually push for excellence and results.
  • Interesting work: Your work at UL will challenge you to try fresh approaches, be empowered to drive change and help you gain in-depth experience in your field. And as a global company, in many roles,  you will get international experience working with colleagues around the world.
  • Grow & achieve: Growth and development are part of our DNA. Grow & achieve with targeted development, reward and recognition programs as well as our very own UL University that offers extensive training programs for employees at all stages as well as a technical training track for applicable roles.

Learn More:

Working at UL Solutions is an exciting journey that twists and turns daily. We thrive in the twists and revel in the turns. This is our every

day. This is our normal.

Curious? To learn more about us and the work we do, visit our company page


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply, or can't find a relevant opportunity?
Connect with us to keep informed about the latest UL career opportunities, tailored to your interests.

If you wish to request reasonable accommodation at any time, please email our Talent Acquisition team at

UL is an Equal Opportunity Employer: Female/Minority/disability/Protected Veteran/Sexual Orientation/Gender Identity

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. If you'd like more information about your EEO rights as an applicant under the law, please review the EEO is the Law and EEO is the Law Supplement.

Please review the following additional documents:

UL EEO Policy

Pay Transparency Statement

E-Verify Poster (English)

Right to Work Poster (English)