Overview POSITION OVERVIEW The Incident Response & Threat Intelligence (IR/TI) Manager leads a globally distributed cyber defense team responsible for threat intelligence, incident response, digital forensics, and threat hunting across a large, complex enterprise environment. This role ensures the organization can rapidly detect, respond to, investigate, and learn from cyber threats while enabling executive‑level decision‑making during high‑impact incidents. The position partners closely with the SOC, Security Engineering, Privacy, Legal, Compliance, Technology, and Executive Leadership to reduce business risk and maintain cyber resilience at Fortune 500 scale. LOCATION - Jacksonville, FL preferred or 100% remote if not local. - Global on‑call responsibility for high‑severity incidents. - Limited travel for incident support, leadership meetings, and readiness exercises if not local to Jacksonville, FL DUTIES & RESPONSIBILITIES Global Team Leadership - Lead and continue to develop a geographically dispersed, follow‑the‑sun team across threat intelligence, digital forensics incident response, and threat hunting functions. - Maintain operating models, on‑call rotations, escalation paths, and coverage aligned to global business needs. - Coach senior analysts, build succession plans, and drive consistent performance, engagement, and retention. Incident Response - Own enterprise incident response strategy, playbooks, and readiness activities, aligned to NIST and industry best practices. - Serve as Incident Commander for high‑severity cyber incidents; coordinate technical response, executive communications, and cross‑functional decision‑making. - Ensure effective containment, eradication, recovery, and post‑incident remediation, including executive‑level readouts and lessons learned. Digital Forensics & Investigations - Oversee forensic acquisition and analysis across endpoints, cloud, identity, SaaS, and network environments. - Ensure defensible chain‑of‑custody processes and support legal, HR, privacy, and regulatory investigations as required. - Maintain enterprise DFIR standards, tooling, and investigative quality. Threat Intelligence - Lead strategic, operational, and tactical threat intelligence capabilities to inform detection, response, and risk prioritization. - Translate intelligence into actionable outcomes, including detection engineering, threat hunting focus areas, and executive briefings. - Integrate internal telemetry with external intelligence sources and trusted sharing communities. Threat Hunting & Detection Enablement - Drive hypothesis‑based threat hunting aligned to adversary behaviors and business‑critical risks. - Partner with SOC and Detection Engineering teams to improve detection coverage, fidelity, and response speed. - Sponsor purple team exercises to validate controls and surface gaps. Technology & Automation - Own the roadmap and effectiveness of DFIR, TI, and threat hunting tooling (e.g. TIP and forensics platforms). - Increase automation and orchestration to accelerate investigation and response at enterprise scale. - Collaborate with security engineering teams to embed intelligence‑led security improvements. Governance, Risk, & Executive Reporting - Ensure alignment with regulatory, legal, and internal governance requirements globally. - Define, track, and report KPIs and KRIs (e.g., incident trends and threat hunting / intelligence reports) to executive and board‑level audiences. - Translate technical risk into clear business impact and investment guidance. MINIMUM REQUIREMENTS - 8+ years in cybersecurity with 3+ years leading incident response and/or threat intelligence teams in large enterprises. - Proven experience managing globally distributed teams and leading major cyber incidents. - Strong hands‑on understanding of DFIR, threat intelligence, and threat hunting processes. - Experience with a wide breadth of enterprise security tooling. - Experience working cross‑functionally with Legal, Privacy, Compliance, and Executive Leadership. - Exceptional written and verbal communication skills, including executive‑level briefings. PREFERRED EXPERIENCE - Experience in a Fortune 500 or similarly complex, regulated environment. - Certifications such as GCIH, GCFA, GCED, CISSP, CISM, or equivalent. - Familiarity with MITRE ATT&CK, NIST 800‑61, and/or SOC CMM Framework

Role Description The Senior Incident Manager leads DoubleVerify’s Major Incident Management (MIM) program, owning the end-to-end lifecycle of critical incidents—from detection and response through business impact assessment, communication, and post-incident improvement. This is a high-impact individual contributor role responsible for driving structured, cross-functional incident response across Engineering, Product, Commercial, and Executive teams. The role combines technical understanding with strong business judgment to minimize customer impact, protect revenue, and ensure clear decision-making during high-pressure situations. What You’ll Do - Lead Sev1–Sev3 incidents as the single point of accountability - Drive real-time decision-making, escalation, and coordination across teams - Run incident communications, including updates to executives and stakeholders - Translate technical issues into clear business impact - Own and improve the Major Incident Management process - Lead post-incident reviews and ensure follow-through on actions - Track key metrics (e.g., MTTR, incident trends) and drive improvements - Coordinate with Product, Commercial, and Legal on client communications when needed - Align incident response with business priorities, including customer and revenue impact - Improve tooling, automation, and workflows for incident response Qualifications - 7+ years in SRE, DevOps, Technical Operations, or Incident Management - Experience leading Sev1/Sev2 incidents in high-availability environments - Proven ability to coordinate cross-functional teams during critical outages Requirements - Solid understanding of distributed systems and cloud environments (AWS or GCP) - Experience with monitoring and incident tools (e.g., Datadog, Grafana, PagerDuty) - Comfortable working with logs, alerts, and system diagnostics - Strong communicator, including with executive stakeholders - Ability to translate technical issues into business impact - Comfortable driving decisions and alignment under pressure - Calm, decisive, and execution-focused - Able to push for action and maintain momentum - Experience improving processes and operational maturity Nice to Have - Experience in AdTech, digital media, or similar environments - Familiarity with SLOs/SLIs and reliability frameworks - Experience with automation or AI-driven incident tooling - ITIL or similar certification Benefits - The successful candidate’s starting salary will be determined based on a number of non-discriminating factors, including qualifications for the role, level, skills, experience, location, and balancing internal equity relative to peers at DV. - The estimated salary range for this role based on the qualifications set forth in the job description is between [$131,000 - $260,000]. - This role will also be eligible for bonus, equity, and benefits. Not-so-fun fact Research shows that while men apply to jobs when they meet an average of 60% of job criteria, women and other marginalized groups tend to only apply when they check every box. So if you think you have what it takes but you’re not sure that you check every box, apply anyway!

Role Description This role is for a Cyber Incident Response Team (CIRT) Analyst who will help to enhance DLP dashboards and workflows and streamline alert feeds. This includes: - Gathering requirements - Reviewing/labeling training data - Coordinating UAT with stakeholders Job Responsibilities: - Collaboration with the stakeholders and project team to understand business requirements - Documenting updates to CIRT workflows and dashboards - Documenting test cases, conducting tests, and recording results - Raising issues to be resolved prior to implementation Qualifications - Bachelor’s degree Requirements - Incident Response Operations – Intermediate - Security Information and Event Management (SIEM) – Intermediate - Data Loss Prevention (DLP) – Intermediate - Strong understanding of data security principles, network protocols, and cloud security – Intermediate - Technical aptitude for interpreting and modifying DLP rule logic – Intermediate - Vigilant, detail-oriented and possesses good business judgement to differentiate real threats from false positives – Intermediate Desired Skills - Microsoft Purview – Intermediate - Microsoft Sentinel (Security monitoring, alert creation and threat hunting) – Intermediate - Knowledge of Microsoft Azure access and identity management – Beginner - Agile methodologies – Intermediate Benefits - Comprehensive benefits package - Competitive pay

Department Name: IT Service Operations Work Shift: Night Job Category: Information Technology Estimated Pay Range: $40.91 - $68.19 / hour, based on location, education, & experience.In accordance with State Pay Transparency Rules. Banner Health was named to Fortune’s Most Innovative Companies in America 2025 list for the third consecutive year and named to Newsweek's list of Most Trustworthy Companies in America for the second year in a row. We’re proud to be recognized for our commitment to the latest health care advancements and excellent patient care. The Banner Health Critical Response team steps in when our most critical IT services are disrupted—mobilizing quickly to restore stability, safeguard patient care, and support the teams who depend on technology every minute of the day. As a Major Incident Commander, you will be the operational engine behind our major incident response: monitoring for impact, keeping timelines and documentation crisp and accurate, ensuring process adherence, and helping teams stay aligned under pressure. When incidents are not active, you’ll support operational readiness—so when the next high-severity event hits, we respond faster and smarter. You’ll work under the guidance of the Major Incident Commanders. This role requires variable shifts plus responding to 24x7 critical alerts via mobile device or other connected platform. The schedule for this role is Monday-Friday, 10:00PM - 6:30AM AZ Time. This can be a remote position if you live in the following states ONLY: Al, AK, AR, FL, GA, ID, IN, IA, KS, KY, LA, MD,MI, MN, MS, MO, NH, NM, NY, NC, ND, OH, OK, OR, PA, SC, TN, TX, UT, VA, WA, WI AZ CA CO NE NV WY. No other states will be consider. Your pay and benefits (Total Rewards) are important components of your Journey at Banner Health. Banner Health offers a variety of benefit plans to help you and your family. We provide health and financial security options, so you can focus on being the best at what you do and enjoying your life. Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care. POSITION SUMMARY This position is an expert providing advanced leadership during the highest‑impact incidents and drives continuous improvement of the Major Incident Management practice. This role shapes strategy, mentors the team, and partners closely with leadership across the organization. Working variable shifts and responding to 24x7 critical alerts on a mobile device or other connected platform for service disruptions is required for this role. CORE FUNCTIONS 1. Leads coordination of complex or high-impact major incident bridge calls and communication channels. Provides guidance to Coordinators and supports Major Incident Commanders during critical events. 2. Reviews incident records, timelines, and activity logs for quality, accuracy, and audit readiness. Identifies opportunities for improvement. 3. Oversees and refines outage notifications and status updates. Ensures messaging is clear, audience-appropriate, and aligned with business and clinical impact. 4. Evaluates monitoring and alerting performance across systems. Drives improvements to alerting strategy, routing, and response workflows. 5. Collaborates closely with Problem Management to improve RCA quality, identify systemic issues, and recommend preventive or corrective actions to reduce repeat incidents. 6. Analyzes and interprets major incident SLAs and KPIs. Recommends process, tooling, or operational changes to improve performance and reliability. 7. Leads updates to playbooks, escalation paths, and communication templates based on post-incident reviews, exercises, and operational experience. 8. Maintains deep knowledge of enterprise platforms, incident response processes, stakeholders, and downtime procedures. Serves as a subject matter expert and mentor. 9. Exercises incident command authority during active major incidents, including determining severity, directing escalation paths, managing risk tradeoffs, and determining when incidents are stabilized or resolved. MINIMUM QUALIFICATIONS Experience and education as normally obtained through an Associate’s degree and 2+ years of relevant experience in IT operations, service desk, NOC, or incident management. Proven experience in leading high-severity, enterprise-impacting incidents. Experience developing or improving incident management processes, playbooks, or workflows. Advanced facilitation and communication skills, including executive-level communications. Strong analytical skills with the ability to identify systemic issues and operational risk. Ability to coach and mentor other coordinators. Ability and willingness to work variable shifts and respond to 24x7 critical alerts via mobile device or other connected platforms for service disruptions. PREFERRED QUALIFICATIONS Bachelor’s degree in Information Systems, Computer Science, Healthcare Informatics, Healthcare Administration, Business Administration, or a related field preferred. ITIL Intermediate/Managing Professional certification or equivalent experience. Experience partnering with senior IT leaders, vendors, or business stakeholders during critical incidents. Experience designing or leading tabletop exercises or simulations. Experience influencing tooling, alerting, or workflow optimization. Additional related education and/or experience preferred. EEO Statement: EEO/Disabled/Veterans Our organization supports a drug-free work environment. Privacy Policy: Privacy Policy