Information Security Incident Manager

Information Security Incident Manager

Location: Leeds (Hybrid – 2 days per week on site). Contract: Permanent, Full Time. Salary: £70,000 – £80,000 (DOE).

Job Overview

The Information Security Incident Manager will lead the organisation’s response to cyber security incidents, strengthening overall resilience. The role commands major cyber incidents, coordinating technical and business teams, ensuring effective governance, preparedness, and regulatory compliance.

Responsibilities

• Lead the organisation’s cyber incident response, coordinating technical, operational, and business activities from containment to recovery.




• Act as Cyber Incident Commander for major incidents, setting priorities, directing response actions, and maintaining situational awareness.




• Own and continuously improve the Cyber Incident Response Plan (CIRP), aligned to risk appetite, regulatory requirements, and crisis and business continuity frameworks.




• Make time‑critical decisions under delegated authority, including containment, service isolation, escalation, and third‑party engagement.




• Serve as the primary escalation point, providing clear and timely updates to senior leaders and executives.




• Lead post‑incident reviews, ensuring root causes and lessons learned drive measurable improvements.




• Design and oversee incident response testing and exercises to validate readiness and strengthen capability.




• Collaborate closely with Business Continuity, Resilience, Legal, Communications, Technology, and Security Operations teams to ensure joined‑up crisis management.

Qualifications

• Strong expertise in cyber incident response across detection, containment, recovery, and post‑incident review, with knowledge of frameworks such as NIST 800‑61 or ISO/IEC 27035.




• Broad understanding of enterprise technologies (networks, endpoints, cloud, identity, applications) and how cyber response integrates with business continuity, IT disaster recovery, and crisis management.




• Sound knowledge of legal, regulatory, and reputational considerations during cyber incidents, including data protection and reporting obligations.




• Proven experience leading major or complex cyber incidents as an incident lead or commander, making clear, time‑critical decisions under pressure.




• Ability to establish command, coordinate cross‑functional teams, and maintain clarity during high‑impact incidents without direct line authority.




• Excellent communication skills, with the ability to brief senior executives and translate complex technical issues into clear, business‑focused recommendations.




• Experience developing, maintaining, and exercising cyber incident response plans, running tabletop exercises, and driving lessons learned into measurable improvements.




• Typically 7–10 years’ experience in cyber security, security operations, or incident response, ideally within a regulated or risk‑sensitive environment.

Benefits

• Discretionary on‑target bonus of 10%.




• Up to a maximum 20% bonus based on performance.




• 11% pension contribution (3% from you, 8% from us – optional additional matched 3% contributions).




• 25 days annual leave.




• Flexible public holidays and option to buy/sell additional leave.




• Private Medical Cover.




• Car Salary Sacrifice Scheme.




• Six‑times salary death in service provision.




• Holistic health and wellbeing support package.




• A truly flexible hybrid‑working arrangement.




• A culture that promotes inclusivity, wellbeing, and rewards hard work.

Equity In Employment

We welcome applicants from all backgrounds and encourage you to apply even if you do not match 100% of the technical requirements. We celebrate diversity, promote inclusivity, and strive to create a work environment where everyone can be heard.

#J-18808-Ljbffr…