Tell me about a time you led a cross-functional team during an incident response using the NIST framework, faced a conflict between team members regarding the prioritization of tasks, and how you resolved the disagreement to ensure a successful resolution of the incident.

Use STAR framework: Describe the Situation (incident response using NIST framework), Task (leading cross-functional team), Action (resolving conflict through collaboration and prioritization), and Result (incident resolved with measurable outcomes). Highlight NIST phases (Identification, Containment, Eradication, Recovery, Mitigation), conflict resolution strategies, and metrics like time saved or risk reduction.

During a ransomware attack at a healthcare client, I led a cross-functional team using the NIST incident response framework. The IT team prioritized containment, while the legal team insisted on preserving evidence for compliance. To resolve the conflict, I facilitated a meeting to align on NIST phases, emphasizing that containment (Phase 3) and evidence preservation (Phase 2) could be parallelized. We created a task matrix to balance both priorities, ensuring compliance without delaying containment. The incident was resolved in 12 hours, reducing downtime by 40% and avoiding regulatory penalties. Post-incident, we implemented a joint training program to improve interdepartmental collaboration.