Cyber security incident manager

Job Title - Cyber security incident manager
SC cleared or eligible for clearance.
3 month rolling ( likely 1 year)
Fully remote

Key Responsibilities
Incident Response & Management

Lead and coordinate major cyber security incidents (e.g., ransomware, data breaches, phishing campaigns, insider threats).
Serve as primary incident commander during high?severity events.
Oversee triage, impact assessment, containment strategies, and remediation plans.
Ensure timely escalation and communication to leadership and relevant stakeholders.
Maintain accurate incident logs, timelines, and evidence for audits or legal processes.

Threat Analysis & Investigation

Direct technical investigations, working with SOC analysts, threat intelligence teams, and external partners.
Analyse attack vectors, exploits, and root causes.
Guide forensic activity where required, ensuring evidence integrity.

Governance, Reporting & Continuous Improvement

Produce detailed incident reports, executive summaries, and post?incident reviews.
Track incident metrics, trends, and lessons learned to improve security posture.
Drive improvements in incident response playbooks, processes, and tooling.
Ensure incidents are handled in alignment with frameworks such as NIST

Stakeholder & Vendor Coordination

Act as the key liaison during incidents with IT, Risk, Legal, Compliance, HR, Communications, and third?party partners.
Support customer?facing communication where relevant (for MSSP or managed services environments).
Manage relationships with external responders, MSSPs, and law enforcement as applicable.

Operational Readiness

Support the development and delivery of cyber incident simulations, tabletop exercises, and readiness assessments.
Ensure IR documentation is current, accessible, and aligned with business needs.
Provide mentoring and support to junior analysts and incident responders.

Essential Skills & Experience

Proven experience leading complex cyber security incidents in a mid?to?large enterprise or MSSP environment.
Strong understanding of attack methodologies, malware behaviour, and adversary TTPs.
Experience with SIEM, EDR, SOAR, threat intel platforms, and forensic tools.
Deep knowledge of IR frameworks:
Ability to make clear decisions under pressure and command multi?disciplinary response teams.
Excellent communication skills, with the ability to convey technical detail to senior leadership