Incident Response Lead - Global Security

The Incident Response (IR) Lead is accountable for leading and maturing the organization’s detection and response capability, ensuring efficient execution of incident handling, investigation, and recovery activities across Arrive. This role combines operational leadership with strategic oversight, ensuring the IR function remains resilient, scalable, and aligned with the evolving threat landscape. The IR Lead drives day-to-day operations while shaping long-term improvements in processes, tooling, and methodologies.

This includes ensuring incidents are identified, triaged, and resolved in a timely and structured manner, while continuously enhancing detection logic and response playbooks based on lessons learned. This role requires a strong leader who can operate at both technical and strategic levels, bridging security operations with business priorities. The IR Lead is expected to translate incident insights into actionable improvements, strengthen cross-functional collaboration, and provide clear, risk-based communication to stakeholders, including senior leadership.

Reporting to the Sr. Director of Security Operations, the IR Lead plays a central role in strengthening organizational cyber resilience and ensuring a coordinated, intelligence-driven response capability.

Your Mission
To lead and mature Arrive's Incident Response capability, ensuring the efficient handling of security incidents while strengthening overall organizational cyber resilience.

Key Responsibilities

• Security Monitoring & Incident Response: Own and lead the Incident Response function, including strategy, governance, and operational execution. Direct and optimize daily IR operations, ensuring efficient handling of security incidents, escalations, and threat hunting activities. Act as the central coordination point during major incidents, ensuring structured response, clear communication, and minimal business disruption. Design, maintain, and continuously improve incident response playbooks, workflows, and escalation procedures. Review and quality-assure investigations, ensuring consistency in analysis, evidence handling, and decision-making. Collaborate with internal teams and external partners to ensure seamless incident management.
• Leadership & Team Management: Lead, mentor, and develop the IR team, promoting technical excellence, accountability, and continuous learning. Support crisis management activities, including participation in tabletop exercises and real-world incident coordination. Ensure alignment with regulatory, legal, and compliance requirements related to incident response and breach handling.
• Detection Strategy: Drive integration between detection engineering, threat intelligence, and response to enhance overall security effectiveness. Proactively hunt for threats and integrate intelligence to anticipate attacks. Develop and refine detection content and rules (e.g., SIEM, EDR) to map against adversary tactics. Identify gaps in current capabilities and lead initiatives to enhance tooling, automation, and operational maturity.
• MSSP and Security Partners’ Collaboration: Build and maintain a strong collaboration with all strategic MSSP and security vendors to enhance security operations and fully utilise available resources and expertise.
• Reporting & Communication: Produce and present executive-level reporting, including incident trends, root cause analysis, and business impact assessments. Develop and maintain a repeatable incident orchestration standard to regular security incident tickets.

Required Qualifications And Experience

• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or a related discipline - a plus.
• 10+ years of experience in cybersecurity, with significant hands-on involvement in Incident Response and Detection & Response functions.
• Demonstrated experience leading and managing IR or SOC teams in complex environments.
• Strong expertise in incident response methodologies, digital forensics, threat hunting, and attacker tactics, techniques, and procedures (TTPs).
• Relevant certifications such as GCIH, GCFA, GSOM, or equivalent industry-recognized credentials - a plus.
• Solid understanding of security technologies (EDR, SIEM, SOAR), network protocols, operating systems, and enterprise infrastructure.
• Proven ability to translate technical findings into business-relevant insights and communicate effectively with senior stakeholders.
• Experience developing and operationalizing playbooks, detection use cases, and response frameworks.
• Strong analytical and problem-solving capabilities, with attention to detail under pressure.
• Ability to lead in high-stress situations, make informed decisions quickly, and manage competing priorities.
• Experience fostering a high-performing team culture focused on collaboration, ownership, and continuous improvement.
• Excellent written and verbal communication skills, including experience delivering executive briefings.
• Strong leadership, communication (both written and verbal), and decision-making capabilities under pressure.