Jobs · Marketing · Connecticut

Senior Director of Digital Forensics & Incident Response

Otis Elevator Co. · Farmington, CT · 6 days ago
Marketing$198k–$250k/yrFull-time

About the role

The Senior Director of Digital Forensics & Incident Response (DFIR) is a strategic and operational leader responsible for building, scaling, and leading a global capability to detect, respond to, and investigate cyber incidents across the enterprise.

Responsibilities

  • Lead and operate a 24x7x365 Global Security Operations Center (GSOC) serving enterprise IT and OT environments.

  • Define and execute the GSOC strategy, including partnering with detection engineering, automation, threat-intelligence integration, and continuous maturity improvement.

  • Establish and monitor Service Level Agreements (SLAs), Key Performance Indicators (KPIs), Key Risk Indicators (KRIs).

  • Drive continuous improvement of advanced technologies (SIEM, SOAR, UEBA, XDR) to enhance visibility and reduce response times.

  • Lead the global Digital Forensics and Incident Response (DFIR) program across a large, distributed enterprise environment.

  • Build, mentor, and retain high-performing global teams across DFIR, DLP, and eDiscovery functions.

  • Act as a senior advisor to executive leadership during major cyber incidents and crisis situations.

Incident Response & Cyber Operations

  • Oversee the end-to-end incident response lifecycle including preparation, detection, analysis, containment, eradication, and recovery.

  • Lead and continuously improve the GSOC.

  • Establish and test cyber incident response playbooks, tabletop exercises, and crisis simulations.

  • Drive threat-driven and intelligence-led response capabilities.

Digital Forensics & Investigations

  • Lead advanced digital forensic investigations involving endpoints, cloud, identity systems, and network environments.

  • Ensure forensic readiness, evidence preservation, and chain-of-custody standards are maintained.

  • Partner with Legal, HR, and Compliance on internal investigations, litigation support, and eDiscovery efforts.

Data Protection & Insider Risk

  • Oversee enterprise Data Loss Prevention (DLP) and insider risk programs, including policy design, monitoring, and enforcement.

  • Leverage platforms such as Microsoft Purview and M365 security capabilities to protect sensitive data.

  • Align DLP and insider risk initiatives with regulatory requirements and business objectives.

Vendor & Service Management

  • Manage strategic relationships with Managed Security Service Providers (MSSPs) and digital forensics vendors.

  • Establish and monitor SLAs, KPIs, and KRIs.

  • Ensure vendors meet performance, quality, and compliance expectations.

Technology & Innovation

  • Drive adoption and optimization of security technologies, including: Microsoft 365 Security & Compliance (Purview, Defender), Digital forensics tooling (e.g., EnCase, FTK, X-Ways, etc.), Endpoint Detection & Response (EDR/XDR), DLP solutions, and SASE and modern network security architecture.

  • Continuously evaluate emerging technologies to enhance detection, response, and investigative capabilities.

Qualifications

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field.

  • Relevant certifications strongly preferred: CISSP, CISM, or equivalent, GIAC (e.g., GCFA, GCIH) or forensic certifications, eDiscovery or legal/forensic certifications a plus.

  • 15+ years of progressive experience in cybersecurity within a large, global enterprise environment.

  • Proven experience building and leading a GSOC and incident response program.

  • Deep expertise in: Incident Response (IR) & Cyber Crisis Management, Digital Forensics & Investigations, DLP & Insider Risk, and eDiscovery processes and technologies.

  • Experience managing and governing MSSPs.

  • Strong track record defining and managing SLAs, KPIs, and KRIs.

  • Strong hands-on or leadership familiarity with: Microsoft 365 / Microsoft Security ecosystem (Defender, Purview, Sentinel), EDR/XDR platforms (e.g., CrowdStrike, Microsoft Defender, etc.), Digital forensics tools and methodologies, Cloud security (especially SaaS and hybrid environments), SASE / Zero Trust architectures.

  • Exceptional leadership, team-building, and mentoring capabilities.

  • Executive-level communication skills with the ability to translate technical issues into business risk.

  • Strong decision-making under pressure, particularly during live cyber incidents.

  • Ability to influence cross-functional stakeholders including Legal, Compliance, Privacy, and IT.

Similar jobs