Cyber security incident manager

Job Title - Cyber security incident manager
SC cleared or eligible for clearance.
3 month rolling (likely 1 year)
Fully remote

Key Responsibilities
Incident Response & Management

• Lead and coordinate major cyber security incidents (eg, ransomware, data breaches, phishing campaigns, insider threats).
• Serve as primary incident commander during high'severity events.
• Oversee triage, impact assessment, containment strategies, and remediation plans.
• Ensure timely escalation and communication to leadership and relevant stakeholders.
• Maintain accurate incident logs, timelines, and evidence for audits or legal processes.

Threat Analysis & Investigation

• Direct technical investigations, working with SOC analysts, threat intelligence teams, and external partners.
• Analyse attack vectors, exploits, and root causes.
• Guide forensic activity where required, ensuring evidence integrity.

Governance, Reporting & Continuous Improvement

• Produce detailed incident reports, executive summaries, and post incident reviews.
• Track incident metrics, trends, and lessons learned to improve security posture.
• Drive improvements in incident response playbooks, processes, and tooling.
• Ensure incidents are handled in alignment with frameworks such as NIST

Stakeholder & Vendor Coordination

• Act as the key liaison during incidents with IT, Risk, Legal, Compliance, HR, Communications, and third party partners.
• Support customer facing communication where relevant (for MSSP or managed services environments).
• Manage relationships with external responders, MSSPs, and law enforcement as applicable.

Operational Readiness

• Support the development and delivery of cyber incident simulations, tabletop exercises, and readiness assessments.
• Ensure IR documentation is current, accessible, and aligned with business needs.
• Provide mentoring and support to Junior Analysts and incident responders.

Essential Skills & Experience

• Proven experience leading complex cyber security incidents in a mid to large enterprise or MSSP environment.
• Strong understanding of attack methodologies, malware behaviour, and adversary TTPs.
• Experience with SIEM, EDR, SOAR, threat Intel platforms, and forensic tools.
• Deep knowledge of IR frameworks:
• Ability to make clear decisions under pressure and command multi disciplinary response teams.
• Excellent communication skills, with the ability to convey technical detail to senior leadership.