Mgr - Cyber Incident Response (IN)

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today

The Cyber Incident Response Manager will play a key role in building and leading the Security Operations Center (SOC) in Pune, India. This role is responsible for managing day-to-day incident response operations, coordinating investigations, and driving continuous improvements to detection and response capabilities. The Manager will collaborate with global cyber defense teams to ensure timely containment, investigation, and remediation of security incidents. This position requires strong technical expertise in incident response, SOC operations, and security tooling, combined with leadership skills to grow and develop a high-performing team in India.

• Lead and manage the SOC team in Pune, including hiring, training, mentoring, and performance management of analysts and responders.

• Oversee daily incident detection, analysis, containment, eradication, and recovery efforts.

• Serve as the escalation point for high-priority or complex cyber incidents, ensuring timely response and communication to global stakeholders.

• Develop and maintain incident response playbooks, runbooks, and standard operating procedures.

• Partner with global SOC teams to align processes, technology, and reporting standards.

• Collaborate with threat intelligence, vulnerability management, forensics, and insider threat teams to drive a unified defense strategy.

• Manage relationships with key stakeholders in IT, Legal, Compliance, and Corporate Security during incident investigations.

• Provide executive-level reporting and updates on incident trends, SOC performance metrics, and operational risks.

• Ensure incident response activities comply with global regulatory and organizational requirements.

• Drive continuous improvement of detection rules, automation, and response workflows in the SOC.

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related discipline required; Master's degree preferred.

• Strong knowledge of incident response methodology, SOC operations, and security frameworks (e.g., NIST, MITRE ATT&CK).

• Familiarity with global privacy and compliance requirements relevant to incident handling.

• GIAC Certified Incident Handler (GCIH)

• GIAC Certified Intrusion Analyst (GCIA)

• GIAC Certified Forensic Analyst (GCFA)

• Certified Ethical Hacker (CEH)

• Certified Information Systems Security Professional (CISSP)

• 8–10 years of progressive experience in cybersecurity, with at least 5 years focused on SOC operations or incident response.

• Minimum of 3 years in a people management role, leading incident response or SOC analyst teams.

• Hands-on experience with SIEM, EDR, SOAR, and forensic tools (e.g., Splunk, CrowdStrike, Microsoft Defender, etc)

• Proven experience responding to advanced threats, ransomware, phishing campaigns, and insider incidents.

• Demonstrated success in building or scaling SOC teams in a global enterprise environment.

• Strong communication skills, with the ability to brief technical and non-technical stakeholders during incidents.

.

EDUCATIONAL QUALIFICATIONS:
Education:
Bachelor's Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience.

Preferred Certifications:

• Certified Information Systems Auditor (CISA)

• Certified Information Systems Security Professional (CISSP)

• Certification in Information Security Strategy Management (CISM)

• Information Technology Infrastructure Library (ITIL)

• Offensive Security Certified Professional (OSCP)

• Project Management Professional (PMP) Certification

• TS-SCI Security Clearance Certification

WORK EXPERIENCE:

• 5+ years of directly-related or relevant experience with 2+ years in a managerial capacity, preferably in information security.

SKILLS & KNOWLEDGE:
Behavioral Skills:

• Coaching and Mentoring

• Collaboration

• Conflict Resolution

• Critical Thinking

• Detail Oriented

• People Management

• Presentation Skills

Technical Skills:

• IT Risk Management

• IT Controls

• Cyber Attack Mitigation

• Enterprise Architecture

• Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI)

• IT Risk Management

• Network Security

• Information Security Strategy Continuity

• Threat Modelling

Tools Knowledge:

• Microsoft Office Suite

• Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc.

• Security Testing Tools - Open Source and COTS security tools

• Threat Intelligence Tools

• Vulnerability Testing Tools

​Benefit offerings outside the US may vary by country and will be aligned to local market practice. The eligibility and effective date may differ for some benefits and for team members covered under collective bargaining agreements.

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.

The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.

Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call or email We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned