Information Security Incident Manager

Description:

Information Security Incident Manager

Location: Leeds 

Contract: Permanent

Working Pattern: Full Time

The Information Security Incident Manager will lead the organisation’s response to cyber security incidents and strengthen our overall resilience. The role is responsible for commanding major cyber incidents, coordinating technical and business teams, and ensuring effective governance, preparedness, and regulatory compliance. You will play a critical role in protecting the organisation during high‑pressure situations by providing clear leadership, decisive action, and trusted advice to senior stakeholders.

As our new Information Security Incident Manager , you will also:

• Lead the organisation’s cyber incident response, coordinating technical, operational, and business activities from containment to recovery.
• Act as Cyber Incident Commander for major incidents, setting priorities, directing response actions, and maintaining situational awareness.
• Own and continuously improve the Cyber Incident Response Plan (CIRP), aligned to risk appetite, regulatory requirements, and crisis and business continuity frameworks.
• Make time‑critical decisions under delegated authority, including containment, service isolation, escalation, and third‑party engagement.
• Serve as the primary escalation point, providing clear and timely updates to senior leaders and executives.
• Lead post‑incident reviews, ensuring root causes and lessons learned drive measurable improvements.
• Design and oversee incident response testing and exercises to validate readiness and strengthen capability.
• Collaborate closely with Business Continuity, Resilience, Legal, Communications, Technology, and Security Operations teams to ensure joined‑up crisis management.

We are looking for:

• Strong expertise in cyber incident response across detection, containment, recovery, and post‑incident review, with knowledge of frameworks such as NIST 800‑61 or ISO/IEC 27035.
• Broad understanding of enterprise technologies (networks, endpoints, cloud, identity, applications) and how cyber response integrates with business continuity, IT disaster recovery, and crisis management.
• Sound knowledge of legal, regulatory, and reputational considerations during cyber incidents, including data protection and reporting obligations.
• Proven experience leading major or complex cyber incidents as an incident lead or commander, making clear, time‑critical decisions under pressure.
• Ability to establish command, coordinate cross‑functional teams, and maintain clarity during high‑impact incidents without direct line authority.
• Excellent communication skills, with the ability to brief senior executives and translate complex technical issues into clear, business‑focused recommendations.
• Experience developing, maintaining, and exercising cyber incident response plans, running tabletop exercises, and driving lessons learned into measurable improvements.
• Typically 7–10 years’ experience in cyber security, security operations, or incident response, ideally within a regulated or risk‑sensitive environment.