Cyber security incident manager

Summary: The Cyber Security Incident Manager is responsible for leading and coordinating major cyber security incidents, serving as the primary incident commander during high-severity events. This role involves overseeing incident response processes, conducting threat analysis, and ensuring effective communication with stakeholders. The position requires a strong understanding of cyber threats and the ability to drive improvements in incident response strategies. The role is fully remote and requires SC clearance or eligibility for clearance.

Key Responsibilities:

• Lead and coordinate major cyber security incidents (e.g., ransomware, data breaches, phishing campaigns, insider threats).
• Serve as primary incident commander during high-severity events.
• Oversee triage, impact assessment, containment strategies, and remediation plans.
• Ensure timely escalation and communication to leadership and relevant stakeholders.
• Maintain accurate incident logs, timelines, and evidence for audits or legal processes.
• Direct technical investigations, working with SOC analysts, threat intelligence teams, and external partners.
• Analyse attack vectors, exploits, and root causes.
• Guide forensic activity where required, ensuring evidence integrity.
• Produce detailed incident reports, executive summaries, and post-incident reviews.
• Track incident metrics, trends, and lessons learned to improve security posture.
• Drive improvements in incident response playbooks, processes, and tooling.
• Ensure incidents are handled in alignment with frameworks such as NIST.
• Act as the key liaison during incidents with IT, Risk, Legal, Compliance, HR, Communications, and third-party partners.
• Support customer-facing communication where relevant (for MSSP or managed services environments).
• Manage relationships with external responders, MSSPs, and law enforcement as applicable.
• Support the development and delivery of cyber incident simulations, tabletop exercises, and readiness assessments.
• Ensure IR documentation is current, accessible, and aligned with business needs.
• Provide mentoring and support to junior analysts and incident responders.

Key Skills:

• Proven experience leading complex cyber security incidents in a mid-to-large enterprise or MSSP environment.
• Strong understanding of attack methodologies, malware behaviour, and adversary TTPs.
• Experience with SIEM, EDR, SOAR, threat intel platforms, and forensic tools.
• Deep knowledge of IR frameworks.
• Ability to make clear decisions under pressure and command multi-disciplinary response teams.
• Excellent communication skills, with the ability to convey technical detail to senior leadership.

Salary (Rate): undetermined

City: undetermined

Country: undetermined

Working Arrangements: remote

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT