About the job
Role: Senior Incident Response Manager
Salary: Up to £65,000-75,000 DOE
Locke & McCloud has partnered with a large audit, tax and consulting firm who is looking for an experienced Senior Incident Response Manager to join their Global Executive Office and Member Firms around the world to support information security initiatives and cyber incident response within the global network.
Lead and manage security incidents on behalf of the Global Executive Office, working with the CISO and Member Firm incident response team, providing guidance and mentorship
Develops and maintains the security incident response process, including all required supporting materials
Acts as a liaison between industry peers, legal, regulatory, compliance teams and government agencies (including law enforcement) and other specialists to ensure adherence to relevant laws and regulations
Utilises commercial intelligence providers to gain insight into adversary tactics, techniques and procedures, as well as planned activities and emerging motivations
Stay up to date with emerging cybersecurity threats and new vulnerabilities to enhance the incident response strategy.
Coordinates with the security operations centre and Member Firms to identify, assess, contain and mitigate the impact of security incidents.
Advises the security advisory board of significant emerging threats, and recommend both strategic and tactical steps to counteract these threats
Acts as a liaison throughout the entire organisation (including, but not limited to, IT, Member Firms, public relations, legal counsel)
Communicate with relevant stakeholders, including senior management and Member Firms, providing updates on incident response activities and outcomes
Initiates the security incident response process, and executes decision authority to the extent of their role within that process
Organises, participates in and, if required, chair post-incident reviews for presentation to senior management
Manage and ensure the documentation of incidents and responses, post incident analysis and lessons learned for future improvement
Ensures the delivery of threat intelligence collected from incident engagements to threat intelligence teams and content creators for the purpose of operationalising
Provides specialised security support for other events that fall outside the security incident realm, such as high-impact outages due to reasons other than security or technical security risk assessments
Assists in e-discovery procedures when necessary
Develop and conduct incident response training and tabletop exercises for the team and other relevant stakeholders
Work with key stakeholders and with member firms to recommend, implement and maintain security tools and technologies that aid in incident detection and response.
Responsible for the review of information from different sources such as firewalls to identify anomalies or evidence of compromise
Perform forensic analysis and triage of security incidents including identifying immediate corrective actions required to contain security incidents
Skills, knowledge and experience:
To succeed in this role, the individual will need:
Experience of investigating complex incidents cross jurisdictions by state-sponsored groups or targeted ransomware attacks
Knowledge and experience of security tooling including EDR, Firewalls, E-Mail Security and Networking
Must be skilled in stakeholder engagement at all levels, with people from business and technical backgrounds, internal and external facing
Experience of the end-to-end security incident lifecycle from containment to eradication and restoration
Methods and motivations adopted by adversaries to attack IT platforms and automated information systems
Security forensic techniques, tools and procedures for on-premises and cloud environments
IT end-to-end problem management and root cause analysis is desirable
Legal requirements for privacy of personal information from employees and customers
Proven ability to build relationships and influence individuals at all levels in a matrixed environment, as well as external vendors and service providers, to ensure that segregation and overlapping roles are identified and coordinated
Strong organizational skills and the ability to perform in a command-and-control role under pressure, and the ability to manage multiple priorities with competing demands for resources.
Ability to consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios
Strong analytical and problem-solving skills
Proficiency working in a fast-paced, complex, dynamic, multicultural business environment