Cyber security incident manager

Job Title - Cyber security incident manager SC cleared or eligible for clearance. 3 month rolling ( likely 1 year) Fully remote

Key Responsibilities

• Incident Response & Management
• Lead and coordinate major cyber security incidents (e.g., ransomware, data breaches, phishing campaigns, insider threats).
• Serve as primary incident commander during high-severity events.
• Oversee triage, impact assessment, containment strategies, and remediation plans.
• Ensure timely escalation and communication to leadership and relevant stakeholders.
• Maintain accurate incident logs, timelines, and evidence for audits or legal processes.
• Threat Analysis & Investigation
• Direct technical investigations, working with SOC analysts, threat intelligence teams, and external partners.
• Analyse attack vectors, exploits, and root causes.
• Guide forensic activity where required, ensuring evidence integrity.
• Governance, Reporting & Continuous Improvement
• Produce detailed incident reports, executive summaries, and post-incident reviews.
• Track incident metrics, trends, and lessons learned to improve security posture.
• Drive improvements in incident response playbooks, processes, and tooling.
• Ensure incidents are handled in alignment with frameworks such as NIST
• Stakeholder & Vendor Coordination
• Act as the key liaison during incidents with IT, Risk, Legal, Compliance, HR, Communications, and third-party partners.
• Support customer-facing communication where relevant (for MSSP or managed services environments).
• Manage relationships with external responders, MSSPs, and law enforcement as applicable.
• Operational Readiness
• Support the development and delivery of cyber incident simulations, tabletop exercises, and readiness assessments.
• Ensure IR documentation is current, accessible, and aligned with business needs.
• Provide mentoring and support to junior analysts and incident responders.

Essential Skills & Experience

• Proven experience leading complex cyber security incidents in a mid-to-large enterprise or MSSP environment.
• Strong understanding of attack methodologies, malware behaviour, and adversary TTPs.
• Experience with SIEM, EDR, SOAR, threat intel platforms, and forensic tools.
• Deep knowledge of IR frameworks:
• Ability to make clear decisions under pressure and command multi-disciplinary response teams.
• Excellent communication skills, with the ability to convey technical detail to senior leadership.