Information Security Incident Manager in Leeds

The Information Security Incident Manager will lead the organisation’s response to cyber security incidents and strengthen our overall resilience. The role is responsible for commanding major cyber incidents, coordinating technical and business teams, and ensuring effective governance, preparedness, and regulatory compliance. You will play a critical role in protecting the organisation during high‑pressure situations by providing clear leadership, decisive action, and trusted advice to senior stakeholders.

Responsibilities

• Lead the organisation’s cyber incident response, coordinating technical, operational, and business activities from containment to recovery.
• Act as Cyber Incident Commander for major incidents, setting priorities, directing response actions, and maintaining situational awareness.
• Own and continuously improve the Cyber Incident Response Plan (CIRP), aligned to risk appetite, regulatory requirements, and crisis and business continuity frameworks.
• Make time‑critical decisions under delegated authority, including containment, service isolation, escalation, and third‑party engagement.
• Serve as the primary escalation point, providing clear and timely updates to senior leaders and executives.
• Lead post‑incident reviews, ensuring root causes and lessons learned drive measurable improvements.
• Design and oversee incident response testing and exercises to validate readiness and strengthen capability.
• Collaborate closely with Business Continuity, Resilience, Legal, Communications, Technology, and Security Operations teams to ensure joined‑up crisis management.

Qualifications

• Strong expertise in cyber incident response across detection, containment, recovery, and post‑incident review, with knowledge of frameworks such as NIST 800‑61 or ISO/IEC 27035.
• Broad understanding of enterprise technologies (networks, endpoints, cloud, identity, applications) and how cyber response integrates with business continuity, IT disaster recovery, and crisis management.
• Sound knowledge of legal, regulatory, and reputational considerations during cyber incidents, including data protection and reporting obligations.
• Proven experience leading major or complex cyber incidents as an incident lead or commander, making clear, time‑critical decisions under pressure.
• Ability to establish command, coordinate cross‑functional teams, and maintain clarity during high‑impact incidents without direct line authority.
• Excellent communication skills, with the ability to brief senior executives and translate complex technical issues into clear, business‑focused recommendations.
• Experience developing, maintaining, and exercising cyber incident response plans, running tabletop exercises, and driving lessons learned into measurable improvements.
• Typically 7–10 years’ experience in cyber security, security operations, or incident response, ideally within a regulated or risk‑sensitive environment.

Benefits

• Discretionary on‑target bonus of 10%. Up to a max 20% based on performance.
• 11% pension contribution (3% from you, 8% from us – optional additional matched 3% contributions, e.g. 6% from you, 11% from us).
• 25 days annual leave.
• Flexible public holidays and option to buy/sell additional leave.
• Private Medical Cover.
• Car Salary Sacrifice scheme.
• 6x salary death in service.
• Holistic health and wellbeing support package.
• A truly flexible hybrid‑working arrangement.
• A culture that promotes inclusivity, wellbeing and rewards hard work.

We welcome applicants from all backgrounds, and we encourage you to apply even if you feel you do not match 100% of the technical requirements. We celebrate diversity, promote inclusivity and strive to create a work environment which ensures everyone can be heard.