ZipRecruiter

Log In

1

Cybersecurity Incident Commander Jobs (NOW HIRING)

Lendistry

GRC & Incident Manager

Los Angeles, CA · On-site

In addition to incident command duties, this role leads the organization's GRC program, including ... Ensure physical security controls align with cybersecurity, business continuity, and compliance ...

IGNITE

SENIOR CYBERSECURITY ANALYST

Colorado Springs, CO · On-site

$100K - $140K/yr

Army Space and Missile Defense Command (USASMDC) is responsible for delivering global missile ... efforts • Lead cybersecurity incident response and corrective action planning • Advise ...

next page

Showing results 1-20

All JobsCybersecurity Incident Commander Jobs

Cybersecurity Incident Commander information

See salary details

$41K

$127.2K

$199.5K

How much do cybersecurity incident commander jobs pay per year?

As of Jun 8, 2026, the average yearly pay for cybersecurity incident commander in the United States is $127,177.00, according to ZipRecruiter salary data. Most workers in this role earn between $89,000.00 and $172,000.00 per year, depending on experience, location, and employer.

What is the difference between Cybersecurity Incident Commander vs Cybersecurity Analyst?

AspectCybersecurity Incident CommanderCybersecurity Analyst
CertificationsGCIH, CISSP, CISMCompTIA Security+, GIAC certifications
Work EnvironmentIncident response teams, security operations centersMonitoring networks, analyzing threats
ResponsibilitiesLead incident response, coordinate teams, communicate with stakeholdersDetect threats, analyze security data, recommend fixes

The Cybersecurity Incident Commander focuses on leading and coordinating incident response efforts during security breaches, while the Cybersecurity Analyst primarily monitors systems, analyzes threats, and supports security measures. Both roles require relevant certifications and work in security operations environments, but their responsibilities differ in scope and leadership level.

What are the key skills and qualifications needed to thrive as a Cybersecurity Incident Commander, and why are they important?

To thrive as a Cybersecurity Incident Commander, you need deep knowledge of cybersecurity principles, incident response frameworks, and risk management, often supported by a degree in computer science and certifications like CISSP or GCIH. Familiarity with Security Information and Event Management (SIEM) tools, forensic analysis platforms, and incident tracking systems is typically required. Strong leadership, decision-making, and communication skills are essential for coordinating teams and managing crises under pressure. These competencies ensure swift, effective response to cyber threats, minimizing organizational impact and ensuring regulatory compliance.

What are Cybersecurity Incident Commanders?

Cybersecurity Incident Commanders are professionals responsible for leading and coordinating an organization’s response to cybersecurity incidents, such as data breaches or cyberattacks. They develop and execute response plans, communicate with stakeholders, and ensure that containment, eradication, and recovery actions are taken efficiently. Their role is critical in minimizing damage, protecting sensitive data, and restoring normal operations. They also conduct post-incident reviews to improve future responses and security measures.

What are the main challenges a Cybersecurity Incident Commander faces during a major security incident?

A Cybersecurity Incident Commander often faces the challenge of coordinating cross-functional teams under high-pressure situations while maintaining clear communication and decision-making. They must rapidly assess evolving threats, prioritize response actions, and ensure all stakeholders are informed and aligned. Balancing timely containment of the incident with thorough evidence preservation for forensic investigation is another key challenge. This role requires staying calm, organized, and adaptable in dynamic environments where situations can change rapidly.
More about Cybersecurity Incident Commander jobs
What cities are hiring for Cybersecurity Incident Commander jobs? Cities with the most Cybersecurity Incident Commander job openings:
What states have the most Cybersecurity Incident Commander jobs? States with the most job openings for Cybersecurity Incident Commander jobs include:
What job categories do people searching Cybersecurity Incident Commander jobs look for? The top searched job categories for Cybersecurity Incident Commander jobs are:
Cybersecurity Incident Commander jobs near you
Infographic showing various Cybersecurity Incident Commander job openings in the United States as of May 2026, with employment types broken down into 86% Full Time, 12% Part Time, and 2% Contract. Highlights an 92% Physical, 3% Hybrid, and 5% Remote job distribution, with an average salary of $127,177 per year, or $61.1 per hour.
Major Incident Manager

Major Incident Manager

First-Citizens Bank & Trust Company

Raleigh, NC

Other

Posted 6 days ago

First Citizens Bank rating

7.6

Company rating: 7.6 out of 10

Based on 103 frontline employees who took The Breakroom Quiz

79th of 141 rated banks

Job description

Overview
This is a remote role that may only be hired in the following location(s): AZ, FL, GA, NC and TX.
This position enhances the operational reliability, resilience, and stability of enterprise IT services through effective Major Incident Management practices. The role is responsible for leading the response to high-impact incidents, minimizing business disruption, and restoring service as quickly as possible. Facilitates the development and maturity of IT service management capabilities by driving continuous improvement across incident, problem, and change processes. Serves as a key technical and process leader during critical events and ensures compliance with all applicable IT or Enterprise Service Management (ITSM or ESM) standards and regulations. Ensure that incident response procedures, post-incident reviews, and process improvements are properly documented, implemented, and managed throughout their lifecycle.
Responsibilities
  • Responsibilities:
    • Major Incident Management & Process Improvement
      Leads the end-to-end lifecycle of major incidents, including detection, prioritization, escalation, coordination, and resolution. Drives continuous improvement of incident management processes, runbooks, and response frameworks to enhance operational effectiveness. Conducts post-incident reviews (PIRs) to identify root causes and preventative measures. Ensures incidents, problems, and associated changes are managed efficiently while maintaining service levels across platforms.
    • Incident Command & Coordination
      Acts as Incident Commander during major incidents, coordinating cross-functional technical teams, vendors, and stakeholders to rapidly restore service. Establishes clear roles, timelines, and action plans during incident bridges. Removes blockers and ensures timely decision-making under pressure.
    • Reporting & Analytics
      Responsible for documenting incidents, producing executive-level reports, and tracking key performance metrics such as MTTR (Mean Time to Restore), MTTD (Mean Time to Detect), incident volume, and SLA adherence. Monitors trends and provides data-driven insights to improve service reliability and reduce recurring issues.
    • Collaboration
      Partners with infrastructure, application, cybersecurity, and business teams to drive swift resolution of major incidents and improve long-term service resilience. Collaborates with Problem Management to ensure root cause analysis is completed and corrective actions are tracked. Supports Change Management to reduce incident risk from changes.
    • Communication
      Provides clear, concise, and timely communication to stakeholders at all levels during major incidents, including executive leadership. Publishes incident summaries, status updates, and post-incident reports. Ensures communication standards are met during high-pressure scenarios with a focus on transparency and business impact.
    • Governance & Compliance
      Ensures adherence to ITIL and organizational ITSM standards. Supports audit and compliance requirements related to incident and change management processes. Maintains documentation, playbooks, and escalation procedures.
    • Training & Enablement
      Leads or supports training for IT teams on incident response procedures, tools, and best practices. Promotes a culture of operational excellence and continuous improvement.

Qualifications
Qualifications:
Bachelor's Degree and 6 years of experience in Operational Information Technology services and support including processes, programs, and procedures
OR
High School Diploma or GED and 10 years of experience in Operational Information Technology services and support including processes, programs, and procedures
Preferred Area of Experience:
ITSM Process Management (Incident, Major Incident, Problem, Change, or other relevant ITSM/ESM processes)
Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at ;br>
License or Certification Type:
  • ITIL Certification (v3 or v4) - Preferred
  • Six Sigma (Green Belt or higher) - Preferred

Preferred Experience:
  • 5+ years of hands-on experience in Major Incident Management or Incident Command roles in a large enterprise environment
  • Proven ability to lead severity 1 / critical outages affecting customer-facing or mission-critical systems
  • Strong experience with ITSM tools (e.g., ServiceNow, BMC Remedy, or similar)
  • Demonstrated success in reducing MTTR and improving incident response maturity
  • Experience facilitating post-incident reviews (PIRs) and driving root cause resolution through Problem Management
  • Ability to manage high-pressure situations, make rapid decisions, and coordinate distributed teams
  • Strong understanding of infrastructure, applications, cloud platforms and networking concepts
  • Excellent executive communication and stakeholder management skills
  • Familiarity with SRE principles, observability tools, and event management frameworks is a plus

$descr2
$descr3

What First Citizens Bank employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply