Cyber Security Incident Response

Cyber Security Incident Response Manager

Staples is business to business. You're what binds us together.

Our digital solutions team is more than a traditional IT organization. We are a team of passionate, collaborative, agile, inventive, customer-centric, results-oriented problem solvers. We are intellectually curious, love advancements in technology and seek to adapt technologies to drive Staples forward. We anticipate the needs of our customers and business partners and deliver reliable, customer-centric technology services.

We are seeking a decisive and highly experienced Cyber Security Incident Response Manager to lead the strategy, execution, and continuous improvement of our organization's incident response capabilities. You will play a critical role in coordinating cybersecurity incidents across business units, directing tactical response activities, and partnering with internal and external stakeholders to minimize business impact and strengthen resilience.

As the Incident Response Manager, you will act as the primary authority during cyber incidentsleading investigations, managing communications, and driving remediation efforts. This is a highly visible leadership role that requires calm under pressure, strong communication, and deep technical expertise in detecting, containing, and eradicating sophisticated threats.

What you'll be doing:

1. Lead the organization's incident response efforts across all business units, from detection through containment, remediation, and recovery.
2. Act as the primary authority during cybersecurity incidentsinvestigating, managing communications, and driving remediation efforts.
3. Coordinate cross-functional teams, including Security Operations Center, Engineering, Legal, Communications, and external partners to ensure timely response and clear, accurate reporting.
4. Develop, maintain, and enhance the Incident Response Plan (IRP) in alignment with policies, regulatory requirements, and industry frameworks (NIST, ISO 27035, MITRE ATT&CK, etc.).
5. Deliver detailed post-incident reports, root cause analyses, executive summaries, and lead lessons-learned sessions to strengthen organizational resilience.
6. Plan and execute tabletop exercises and red/blue team simulations to test readiness and train staff.
7. Build robust playbooks for diverse cyber threats, such as ransomware, BEC, insider threats, and supply chain compromises.
8. Champion process improvements, automation, and knowledge sharing to accelerate detection and response times.
9. Mentor and lead a team of incident responders and analysts, fostering a culture of resilience, accountability, and continuous learning.

What you bring to the table:

1. Proven ability to lead high-stakes, high-pressure cybersecurity incidents with calm and effective decision-making.
2. Deep knowledge of attacker tactics, techniques, and procedures (TTPs) across various threat landscapes.
3. Strong experience with security tooling (e.g., SIEM, EDR, forensic tools) and investigation methods such as log analysis and memory forensics.
4. Skill in managing internal and external communications during incidents, including with executive leadership, legal, and regulatory bodies.
5. Demonstrated success in building and refining incident response programs, including playbook development and IRP documentation.
6. Excellent interpersonal and communication skills; able to act as a trusted advisor to technical teams and business leaders alike.
7. Proven experience leading incident response in large, complex environments.

What's needed- Basic Qualifications:

1. 7+ years of experience in cybersecurity operations, with at least 3+ years in a leadership role focused on incident response.
2. Deep understanding of cyber threat landscapes, attack vectors, malware behaviors, and forensic methodologies.
3. Hands-on experience with industry-standard frameworks (NIST, MITRE ATT&CK, etc.), regulatory and compliance programs (GDPR, HIPAA, PCI-DSS, SOX), and incident detection, containment, and remediation tools and techniques (SIEM, SOAR, EDR, forensics).

What's needed- Preferred Qualifications:

1. Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, or related field (or equivalent experience).
2. Industry-recognized certifications such as GCIA, GCFA, GCIH, CISSP, CISM, or equivalent.
3. Experience with high-impact threats (ransomware, BEC, nation-state attacks).
4. Consulting or client-facing experience in cybersecurity advisory or incident response services.
5. Experience with regulatory reporting and legal/forensics coordination is a plus.