Security Incident Management Lead

Company: Jobtailor
Apply for the Security Incident Management Lead
Location: London
Job Description:

Overview

  • Own and evolve the end-to-end Security Incident Management process, ensuring it is clear, effective, and embedded across teams
  • Develop, maintain, and improve incident playbooks, workflows, and procedures, keeping them aligned to threat, risk, and operational needs
  • Design and run the annual security incident exercise schedule, covering low level tabletop exercises through to complex, cross-team simulations
  • Lead the planning and execution of exercises, ensuring clear objectives, measurable outcomes, and actionable improvements
  • Use lessons learned from incidents and exercises to drive continuous improvement in response capability and resilience
  • Act as the senior escalation point for priority incidents, providing leadership, coordination, and decision support when required
  • Support incident triage and routing across SIM, Major Incident Management (MIM), and Cyber Support Services (CSS)
  • Own the Monthly SIM review and reporting, providing clear insight, trends, and recommendations to stakeholders

Requirements

  • Proven experience building, leading and maturing cyber security incident management capability within a complex, global organisation
  • More than 5 years’ operating at a senior level in security / incident management, with credibility gained in large, complex, global organisations
  • Strong track record of defining and improving end-to-end security incident management frameworks, not just operating within them
  • Extensive experience designing and delivering security incident response exercises, from large-scale, multi-team simulations to smaller cross team tabletop exercise
  • Demonstrable experience embedding playbooks, processes and governance across operational teams, driving consistency and maturity
  • Ability to translate lessons learned, threat intelligence and industry best practice into tangible improvements in capability and resilience
  • Comfortable providing decisive leadership during live cyber incidents when required, while maintaining a focus on improving the overall operating model
  • Strong stakeholder management, able to work across technical and non-technical teams and bring alignment in a matrix environment
  • Experience driving continuous improvement at pace, identifying gaps, challenging existing approaches and delivering measurable outcomes

#J-18808-Ljbffr…

Posted: July 11th, 2026