IT Security Manager (Global Cyber Command)

About the Role:
Serves as the central authority for Global Cyber Command, acting as the focal point for continuous security event monitoring, triage, escalation, and coordinated incident response, while maintaining end-to-end accountability for the incident lifecycle from detection through post-incident review and reporting. Provides operational leadership and mentorship to Security Analysts, ensuring standard operating procedures, runbooks, documentation, and metrics are established and maintained to support effective, auditable operations and continuous improvement. Ensures that security events meeting defined thresholds are promptly escalated and managed in accordance with the Wolters Kluwer Incident Response policy and procedures, coordinating cross-functional response efforts across IT Security, IT, and business stakeholders as required. When appropriate, escalates and engages other functions across Wolters Kluwer to ensure appropriate technical expertise and communication is leveraged for incidents and requests.

Responsibilities:

• Provide day‑to‑day operational leadership for security analysts and incident responders, setting priorities, maintaining investigative focus, and ensuring timely, disciplined execution during high‑severity incidents.
• Mentor and develop team members through hands‑on coaching, knowledge sharing, and guidance on investigation techniques, Blue Team tooling, and incident response best practices to build depth and resilience within the team.
• Foster a culture of accountability, collaboration, and continuous improvement by reinforcing standards, supporting professional development, and promoting repeatable, mature security operations aligned to business risk.
• Ensure adherence to defined security operations SLAs and SLOs by tracking incident response timeliness, containment and remediation performance, and validating the effectiveness of corrective actions through metrics, trend analysis, and continuous operational improvement.
• Serve as the primary escalation point for security events and incidents, owning the full incident response lifecycle including monitoring, detection, triage, investigation, containment, eradication, recovery, and post‑incident review.
• Lead operational support and continuous improvement of Blue Team capabilities, including SIEM, SOAR, EDR/XDR, NDR, threat intelligence, and forensic platforms, ensuring platform health, reliable log ingestion, effective integrations, tuned detections, and automated response workflows.
• Oversee security monitoring and detection effectiveness by driving alert tuning, use‑case development, false‑positive reduction, detection coverage validation, and alignment to evolving threat scenarios.
• Coordinate and execute incident response activities by aggregating and analyzing system, network, cloud, endpoint, and malware data; conducting OSINT investigations; synthesizing root cause; and developing risk‑based response recommendations grounded in sound security principles.
• Partner with engineering, infrastructure, cloud, and application teams to operationalize security tooling, onboard new data sources, remediate control gaps, and implement configuration changes arising from incidents, threat intelligence, and post‑incident findings.
• Ensure accurate, timely documentation of all response activities, including maintaining operational runbooks, playbooks, dashboards, metrics, and incident records to support 24x7 operations, audit readiness, and regulatory requirements.
• Deliver clear, consistent, and factual incident analysis and reporting to technical teams, business stakeholders, and leadership, providing actionable insights into impact, root cause, and remediation.
• Drive post‑incident reviews, lessons learned, and purple team exercises to validate detection and response effectiveness and translate outcomes into measurable improvements across people, process, and technology.
• Ensure all security operations activities comply with Wolters Kluwer enterprise policies, procedures, and applicable business and regulatory requirements.

Skills:
• Comprehensive Security Architecture: Expertise in designing sophisticated security architectures.
• Advanced Threat Management: Mastery in monitoring and mitigating advanced threats.
• Strategic Policy Enforcement: Skills in developing and enforcing high-level security policies.
• Leadership in Incident Recovery: Advanced incident response and recovery leadership.
• Compliance Knowledge: Proficiency in navigating industry standards and regulations.
• Team Mentorship: Ability to mentor and guide less experienced team members.
• Technology Implementation: Capability to implement and manage advanced security technologies.
• Strategic Planning and Reporting: Skills in strategic security planning and detailed reporting.

Our Interview Practices

To maintain a fair and genuine hiring process, we kindly ask that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to assess your individual skills, experiences, and communication style. We value authenticity and want to ensure we’re getting to know you—not a digital assistant. To help maintain this integrity, we ask to remove virtual backgrounds and include in-person interviews in our hiring process. Please note that use of AI-generated responses or third-party support during interviews will be grounds for disqualification from the recruitment process.

Applicants may be required to appear onsite at a Wolters Kluwer office as part of the recruitment process.