Senior Staff Security Incident Commander | Security Org at ServiceNow — NeverHard

Job Description The ServiceNow Security Organization (SSO) The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact ServiceNow’s Security Incident Command (SIC) team is seeking an experienced senior security incident commander to join our fast-growing team. This role will support the orchestration of incident response strategy and communications during critical information security-related incidents. About the SIC team The SIC team maintains and executes the Major Security Incidents (MSI) lifecycle within ServiceNow, including Preparation, Response, and Recovery. MSIs are our most challenging and impactful security incidents which pose active or heightened risk to the company and/or our customers. Key value areas are preparing the company for MSIs through tabletop exercises (TTX), coordination of activity between many response workstream partners, maintenance and development of playbooks and procedures, tracking key MSI metrics and facts to keep everyone oriented, and communicating status, milestones, blockers, and critical decisions needed to senior management and executive stakeholders, including the CISO. What you get to do in this role Orchestration of response and remediation of incident response for highest criticality security events. Take ownership and lead response to critical incidents within the company. Establish and mature documentation surrounding protocols and procedures governing the security incident command team. Prepare and deliver communications, including executive summaries and incident briefings, to key stakeholders during and after incident response. Conduct rapid response, mitigation, and investigations on the highest priority cases impacting ServiceNow and user data. Partner with the team members across multiple regions to drive response and investigations globally. Organization and facilitation of scenario-based exercises to test and improve incident management and response strategies. Maintenance of existing playbooks and procedures, as well as developing new ones, to further standardize SIC and its partners' responses when verifying MSIs. Contribute to the organization and completion of Post-Incident Reviews (PIRs) and Root Cause Analyses (RCAs) following major security incidents. Identify new ways to simplify, integrate, automate and refine the major security incident process to better support internal and external stakeholders.