What does a successful Cyber Security Exercise planner do at Fiserv?
You will be responsible for the full lifecycle of cybersecurity and readiness exercise activities, including designing, developing, and conducting post-exercise evaluation processes that will strengthen cybersecurity incident response and coordination processes throughout Fiserv. You will scope and build exercises and processes and coordinate with all relevant areas of the organization to communicate lessons learned from exercises to improve cybersecurity response and resilience. You will also craft exercises and discussion guides based on threat intelligence and business processes, building a commitment to enterprise-wide continuous improvement and collaborative incident response.
What you will do:
- Contextualize cybersecurity threat intelligence and incident response procedures for business and executive audiences
- Design security-focused exercises in accordance with existing playbooks and processes
- Manage exercise projects, including performing initial scoping and leading regular meetings to obtain information, provide status updates, and troubleshoot issues
- Deliver walkthroughs, seminars, and tabletop exercises with a variety of participants from various business and technical teams
- Conduct post-exercise interviews and debriefings; identify, record, and report on action items and exercise feedback
- Write post-exercise reports for a variety of audiences, summarizing exercise events and providing next-steps guidance to report recipients
- Stay up to date on information security threats and trends and summarize and contextualize this information to non-technical personnel
What you will need to have:
- 5+ years of direct experience actively managing and using threat intelligence to reduce risk and threat exposure
- 5+ years’ experience in the cyber threat landscape and applying attacker motivation, capability, and intent to an organizational threat landscape
- 4+ years’ experience with vulnerability and exploitation concepts
- 3+ years’ experience in cyber threat intelligence
- Experience working with technical and non-technical staff and interfacing with executive-level management
- Experience using a systematic approach in documenting exercise findings to enterprise policies and communicating to stakeholders accordingly
- Experience identifying and assessing gaps and opportunities to improve processes, procedures, and interdepartmental relationships
- A bachelor’s degree in a relevant field, or an equivalent combination of education, work, and/or military experience
What would be great to have:
- Ability to understand and compare the business and operational impacts of various security processes such as containment and remediation actions
- Understanding of common business continuity and disaster recovery procedures
- Experience with incident response, threat intelligence, and/or incident management processes
- Familiarity with emergency and/or security preparedness planning
- Homeland Security Exercise and Evaluation Program (HSEEP) certification
#LI-RM1
R-10356151
