Job Title : Manager Cybersecurity Incident Management.

Location : Noida (With some travel to Gurgaon).

Work Mode : Hybrid.

Work Shift Timing : 1 PM to 10 PM IST.

Position Summary :

We at R1 RCM are seeking a highly skilled and collaborative Cybersecurity Incident Management Manager to lead our organizations response to cybersecurity threats and data privacy incidents.

This role manages the full lifecycle of security eventsfrom detection through investigation, containment, and resolutionwhile ensuring compliance with regulatory requirements such as HIPAA, HITECH, contractual requirements from clients, state breach notification laws.

The ideal candidate brings expertise in both technical incident response and privacy risk management, with hands-on experience using platforms like Microsoft Sentinel, AI automation technologies, ServiceNow for orchestration, case management, and reporting.

Key duties & responsibilities :

Incident Response Leadership :

- Lead the detection, triage, investigation, containment, and remediation of cybersecurity and privacy-related incidents.

- Serve as the central coordinator for major incidents involving PHI/PII exposure, ransomware, insider threats, or unauthorized access.

- Use technology suite including SIEM, DLP, EDR etc. for threat detection, analytics and action taking.

Breach & Regulatory Compliance :

- Maintain documentation for incident timelines, decisions, and mitigation activities in ServiceNow.

Tooling, Playbooks & Workflow Automation :

- Improve playbooks for recurring incidents for pragmatic risk management and remediation.

- Leverage ServiceNow to manage incident workflows, escalation paths, SLA tracking, evidence handling, and audit trail documentation.

- Integrate threat intelligence feeds and automated alerts into both platforms to accelerate detection and containment.

Threat Intelligence & continuous improvement :

- Structure threat intelligence and threat hunting activities into incident response workflows to enhance detection capabilities.

- Collaborate with the Threat Intelligence team to assess potential indicators of compromise (IOCs) and emerging attack vectors.

- Identify trends and lessons learned to continuously mature the incident management framework and reduce mean time to detect/respond.

Metrics, Root Cause Analysis & Reporting :

- Track incident response metrics and generate regular reports and dashboards for leadership, compliance, and audit stakeholders.

- Conduct root cause analysis and lead post-incident review meetings, documenting lessons learned and recommending improvements.

- Drive continuous improvement of the incident response program, including integration of new use cases and remediation actions.

Stakeholder Communication & Training :

- Develop internal training for operational teams to improve breach recognition and response preparedness.

- Participate in tabletop exercises and readiness testing with business units and leadership.

Experience, Skills and Knowledge :

- 79 years of experience in cybersecurity and privacy incident response, preferably in a regulated environment (e.g., healthcare, finance, SaaS).

- Strong understanding of HIPAA, HITECH, GDPR, CCPA, and state/federal breach notification laws.

- Experience managing incidents using SIEM and ticketing management systems such as Microsoft Sentinel and ServiceNow.

- Familiarity with EDR, DLP tools, data flow mapping, forensic investigation, and threat intelligence integration.

Nice to Have Certifications (Not Mandatory) :

- Certified Information Security Manager (CISM).

- Certified Information Systems Security Professional (CISSP).

- Certified in Risk and Information Systems Control (CRISC).