Security Crisis Manager
The Crisis Manager is a critical individual contributor within the Paychex Enterprise Data Security department reporting directly to a Senior Manager. The Enterprise Data Security department is responsible for incident response, crisis preparedness, enterprise information security strategy, governance, and risk management.The Crisis Manager will support the Paychex Enterprise Data Security Team by coordinating the development of an enterprise-wide crisis management program. The Crisis Manager will assist in guiding the successful implementation of this plan in the event of a crisis, and will serve as a liaison between the incident response team and key internal and external stakeholders. The work of this key position will protect Paychex's financial and reputational integrity. The candidate that is chosen for this position will work with a converged security department-both cyber and physical security functions report into the CISO-that approaches resiliency and security as a strategic business partnership to address business risk. This provides the unique opportunity to interact and protect the business at all levels.The candidate will work in a matrix team environment where collaboration and knowledge sharing are a regular practice for ensuring operational excellence and individual growth. The teams represented in the matrix typically include: Legal, Corporate Communications, Public Relations, Executive Management, Human Resources, Digital Media and Compliance.
- Assist in the development of the Crisis Management and Preparedness Program to ensure a coordinated crisis management approach that facilitates the effective and timely handling of serious cyber and security events. Serve as the liaison between the Incident Response Team and key internal and external stakeholders to ensure a coordinated response.
- Document and maintain a crisis response playbook that defines criteria for various crisis responses and documents the roles and responsibilities of key stakeholders. Provide awareness and training for all key stakeholders engaged in the cyber/security action response process.
- Partner with the Cyber Action Communications Team (CACT) to establish comprehensive crisis communication plans and public relations strategies, tailored to specific crisis scenarios and stakeholders.
- Enhance the capabilities of the CACT to ensure coverage for an enterprise wide all-hazards program that also includes responses to physical incidents.
- Serve as a leading voice on existing and emerging cyber threats to ensure new and updated crisis response plans are developed as appropriate.
- Plan and manage comprehensive table top exercises with internal and external response functions to validate response efficacy and preparedness. Support the administration and maintenance of preparedness and exercise schedules.
- Communicate to all levels of the organization, from the executive team to employees, and from subsidiaries to third party service providers.
- Implement awareness, assessment, communication, and command procedures for the Incident Response Program
- Partner with Human Resources to facilitate the creation of an enterprise wide security training curriculum. Serve as an ambassador for Enterprise Data Security, meeting with and educating senior leadership and key stakeholders to ensure appropriate development of skills and proactive prevention of security threats.
- Develop and implement policies, standards, procedures, guidelines, training and systems that enable employees to respond to time sensitive business process disruptions
- Provide strategic support to investigators as they tactically lead the business through documented incident response procedures.
- Gather post incident documentation, share lessons learned with management and refine processes as necessary
- Partner with the Information Technology Business Continuity Team to analyze and interpret emergency scenarios, and develop mitigation strategies specific to cyber actions.
- Develop and maintain partnerships with external stakeholders to coordinate response during potential events, including but not limited to, law enforcement, media, insurance agencies etc.
- Assist in the creation of targeted remediation 'playbooks' to guide investigators in response and recovery activities
- Participate in third party reviews of contracted service providers for inclusion as necessary into the cyber action roadmap
- Summarize complex incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms.
- Bachelor's Degree in Business Management, Emergency Administration and Disaster Preparedness, Information Technology/Systems/Assurance, Public Communications or equivalent experience - Required
- Planning, managing, and leading a corporate crisis or communications.
- Professional Crisis Management, Crisis Management Certified Specialist (CMCS) or Crisis Management Certified Planner (CMCP) - Preferred
Paychex, Inc. (NASDAQ: PAYX) is a leading provider of integrated human capital management solutions for payroll, HR, retirement, and insurance services. By combining its innovative software-as-a-service technology and mobility platform with dedicated, personal service, Paychex empowers small- and medium-sized business owners to focus on the growth and management of their business. Backed by more than 40 years of industry expertise, Paychex serves approximately 590,000 payroll clients across 100 locations and pays one out of every 15 American private sector employees. Learn more about Paychex by visiting www.paychex.com, and stay connected on Twitter and LinkedIn.