IT Investigations Operating Model Lead (Consulting Engagement)
Location: London (Hybrid)
Engagement Type: ContractInside IR35
Length: 6-12 months
We are supporting a large, globally regulated financial institution in establishing a formalised IT Investigations capability aligned to its enterprise Legal Investigations Framework.
This engagement will design and stand up a Target Operating Model (TOM) for IT Investigations across EMEA, with integration into US-based SOC operations. The objective is to enable consistent, defensible, and timely IT investigation support across regions and investigation types, including insider risk matters.
This is a strategic build role focused on operating model design, governance, and cross-functional integration not day-to-day investigative casework.
Key Responsibilities Target Operating Model Design Design and document the IT Investigations Target Operating Model (people, process, technology, governance)
Define service catalogue, case types, and regional coverage model
Establish engagement patterns between IT, Legal, HR, Compliance, Privacy, and Security
Governance & RACI Develop end-to-end RACI across the investigations lifecycle
Define decision rights, escalation pathways, and conflict resolution mechanisms
Review IAM provisions to ensure appropriate access controls and evidential integrity
Triage & Case Management Design intake and triage model (classification, severity scoring, routing rules)
Define SLAs and prioritisation framework
Clarify routing between IT-led, Legal-led, and SOC-led investigations
Evidence & Defensibility Establish evidential handling standards (chain-of-custody, defensibility principles)
Define evidence export standards and audit trail requirements
Align controls with regulatory expectations in financial services
Insider Risk Integration Integrate insider risk detection workflows into investigation intake
Define handoffs between insider risk program owners and investigations teams
Prevent duplication across security and legal functions
Tooling & Roadmap Map current and future-state investigation tooling landscape
Align with Legal-procured tools and SOC capabilities
Deliver implementation roadmap and transition plan into BAU
Metrics & Continuous Improvement Establish KPIs, dashboards, and QA model
Define governance forums and reporting structures
Develop role-based training and skills framework
Required Experience 8+ years in Digital Forensics, IT Investigations, or Forensic Technology
Experience designing or implementing an Investigations or Forensics Operating Model
Strong understanding of evidential handling and defensibility standards
Experience within financial services or other highly regulated environments
Proven ability to operate across Legal, HR, Compliance, Security, and Technology functions
Experience integrating Insider Risk or DLP-led investigations
Highly Desirable Big 4 forensic consulting background
Experience building investigations governance within global organisations
Familiarity with eDiscovery platforms and enterprise case management tooling
Experience aligning SOC and investigations functions
TPBN1_UKTJ