Incident Response, Lead

About the role

NOTE: This role carries 24/7 on-call rotation responsibilities and active incident command expectations during major and critical events. The Incident Response Lead works with IT stakeholders across Cook Children's Health Care System to develop policies, procedures, and risk management activities that efficiently contain and minimize the impact of business interruption due to disasters or information system unavailability. This role performs risk and triage analysis to develop incident response plans and runbooks for the most likely and highest-impact events affecting the organization. The Lead also assists IT and business stakeholders in testing response plans through downtime scenarios, tabletop exercises, and other readiness activities. Cook Children's Health Care System Cook Children's Health Care System offers a unique approach to caring for children because we are one of the country's leading integrated pediatric health care delivery organizations. Patients benefit from the integrated system because it allows Cook Children's to use all of its resources to treat a patient and allows for easy communication between the various companies by physicians with a focus on caring for children and adolescents. Cook Children's is an equal opportunity employer. As such, Cook Children's offers equal employment opportunities without regard to race, color, religion, sex, age, national origin, physical or mental disability, pregnancy, protected veteran status , genetic information, or any other protected class in accordance with applicable federal laws. These opportunities include terms, conditions and privileges of employment, including but not limited to hiring, job placement, training, compensation, discipline, advancement and termination.

Requirements

• BS/BA degree in Information Technology, Business Administration, Risk Management or a related field required. In lieu of the BS/BA degree, may accept a high school diploma and 7 years of experience.
• 4+ years' experience in incident response management or a related field required.
• Strong knowledge of industry standards and frameworks such as ISO 22301 or NIST SP 800-34.
• Strong understanding of project management principles and data technologies, expert level knowledge of IT Service Management principles, best practices and frameworks such as ITIL.
• Expert-level knowledge of IT Service Management principles, frameworks, and best practices (ITIL) preferred
• Expert-level ServiceNow experience - incident workflows, ticket quality, auditing, and reporting preferred
• Proven ability to lead live incident response under pressure
• On-call availability; experience in 24/7 rotation environments
• Strong understanding of project management principles and data technologies preferred
• Additional Preferred Qualifications:
• Experience in healthcare IT environments
• ITIL 4 Foundation certification or higher
• Hands-on experience building or facilitating DR tabletop exercises
• Experience building or auditing runbook libraries
• Familiarity with clinical system availability requirements
• Strong executive communication and reporting skills
• ON-CALL & ACTIVE INCIDENT RESPONSIBILITIES
• This position participates in a 24/7 on-call rotation for major and critical
• incidents. When a Priority 1 event occurs, this role assumes incident command - coordinating cross-functional bridge calls, driving toward resolution, and
• maintaining stakeholder communication from onset through post-incident review.
• Responsibilities during active incidents include:
• Assume incident command for major and critical events
• Coordinate IS leadership, business stakeholders, and technical resolvers in real time
• Draft impact statements and maintain incident timelines
• Manage communication cadence through resolution
• Enforce ticket discipline during incidents - accuracy, work note quality, and
• Post Incident Review resolution documentation standards within ServiceNow
• SERVICENOW PLATFORM EXPECTATIONS
• Expert-level ServiceNow experience is highly preferred. This role uses the platform as both
• an operational tool and a quality assurance mechanism. Key expectations include:
• Evaluate incident ticket integrity: classification accuracy, impact/urgency, scoring, resolution notes, and root cause documentation
• Build and maintain auditing processes to ensure data quality across the incident lifecycle
• Monitor SLA compliance and workflow adherence
• Extract trend data and produce dashboards and reports for leadership
• Enforce incident workflow standards and drive corrective action where gaps exist
• Platform competency areas: Incident Management, Ticket Quality Evaluation, Audit & Compliance Workflows, Trend Analysis, SLA Monitoring, platform analytics, Problem Management, Reporting, CMDB Awareness.

Benefits

Additional Information

Location: Remote - TX Department: Enterprise Systems Shift: First Shift (United States of America) Standard Weekly Hours: 40

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at cookchildrens? Share your experience