Cyber Security Operational Incident Manager - Technical Consultant

About the Opportunity

• Job Type: Permanent
• Application Deadline: 31 August 2025

Department: Cyber Defence Operations - GCIS

Location: Kingswood, Surrey, Gurgaon, Bangalore

Reports To: Senior Manager - CDO

Level: 5

We share a commitment to making things better for clients and each other. We continually explore new technology and different ways of working to put our clients first. So bring your boldest ideas to our Cyber Defense Operations team and feel like you’re making progress.

About your team

The Technology function across FIL is responsible for all global aspects of Technology, Digital, Cybersecurity, and Innovation. Fidelity is a value-driven, customer-obsessed organization and in Technology we are fortunate to play a direct role in helping our clients with one of the most important aspects of their lives - their financial well-being.

Within the Technology function is our Global Cyber & Information Security (GCIS) that operates enterprise security services and controls. These are designed to mitigate Cyber and Information Security risks ensuring that Fidelity's business operates securely. The Technical Cybersecurity teams monitor both the internal and external threat environment, responding to security alerts and events in close to real time, as well as providing security assurance and access management services across the enterprise technology and business environment. Our global innovative Cyber Defence Operations team sits within GCIS and provides proactive, cutting-edge solutions to protect clients' digital assets and infrastructure against evolving cyber threats.

The Cyber Security Operational Incident Manager will be responding to and managing widespread security events and should have an understanding on how best to maintain CIRT teams skills and knowledge. The role will be supported by a global team of CIRT analysts who are looking at this role to provide them with direction and guidance during serious incidents. It will also be supported by a strong security leadership team and global incident management process who are keen to develop this capability. Our leadership team will be looking at this role to report on a number of key incident KPI's and provide assurance to our customers on the global operational security response process.

About your role

The successful candidate will be experienced in operational security incident management, including vulnerability management, understanding the value of rigorous planning, tested procedures and playbooks and quick response to critical security incidents. This is a critical role expected to develop and maintain our operational security incident management capability and help mature our global response processes.

The successful candidate will be comfortable working at a technical level, proactively suggesting improvements to the incident playbooks whilst also being able to co-ordinate our front-line CIRT team during major events. The successful candidate will be able to demonstrate understanding of incident response tools and techniques, experience in responding to and managing widespread security events and an understanding on how best to maintain CIRT teams skills and knowledge.

About you

Key Responsibilities

• Own and be accountable for security incidents; taking the lead in driving global remediation activities
• Ensure simple, repeatable, manual tasks are automated within the Incident Response process
• Ensure a "best-practice" program is in place to manage and maintain our security response procedures
• Proactively develop and deliver new incident response capabilities, tooling and processes.
• Develop an incident management strategy, focussing on regular reviews and exercises.
• Create and deliver table-top and simulated exercises focussing on areas of risk identified by our Threat Intelligence team.
• Ensure the operational security process is consistently maintained across our global regions, taking into account different regulatory requirements and rules.
• Acting as the point of contact for our global business incident management team for all security related incidents.
• Run Post Incident Reviews and track and manage outcomes to delivery.

Experience and Skills Required

• Experience and strong understanding of frontline security operations
• Experience running a vulnerability remediation programme or overseeing vulnerability teams would be advantageous
• Experience running complex security incidents at a global scale
• Experience creating or continually improving an incident management program
• Strong reporting ability, with an understanding on how to tailor reports to show improvements and learnings
• In depth understanding of modern attack techniques and flows
• Clear and demonstratable understanding of NIST and MITRE Att&ck Methodologies
• Experience in cloud environments (Ideally Azure)
• Strong communication skills with evidence of being in a position responsible for taking feedback from technical teams and turning this into improvements.
• Banking or Finance industry related experience desirable
• Security Incident Management Qualifications preferred
• Security Incident related qualifications (e.g SANS 504)
• At least 3 years of experience working in an Incident Response position.
• Experienced responding to global complex security events
• Experienced using NIST or MITRE frameworks to deploy defensive plans and/or actions
• Experience explaining the risk of security threats and creating mitigations.
• Experience of general IT infrastructure technologies and principles.
• Experience of using vulnerability management tooling e.g Nexpose, Qualys etc.
• Understanding of the underlying protocols including: HTTP, HTTPS, SMTP, SQL.
• Understanding of Networking Architecture (OSI Model).
• Analytical skills
• Challenge the current processes
• Passion for the cybersecurity field
• Time management
• Able to organize others

Nice to Have

• Certifications - Security+, Network+, GCIA, GCIH, GCFA, GMON, GNFA, SSCP, OSCP

Feel rewarded

For starters, we’ll offer you a comprehensive benefits package. We’ll value your wellbeing and support your development. And we’ll be as flexible as we can about where and when you work - finding a balance that works for all of us. It’s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team.

As an international financial services organisation, we are in-scope of international regulations in the way that we carry out our work. This position is involved in work that is regulated by the FCA and/or the PRA and their Individual Conduct Rules (COCON) apply to it, along with any other regulation. We provide training on COCON and how it affects our employees.