Job description
Cyber Threat Intelligence (CTI) Manager
Role Summary
The KPMG Cyber Response and Recovery Services (CRS) and Cyber Defence Services (CDS) teams are growing, and a requirement has been identified for a Cyber Threat Intelligence (CTI) Manager to lead our growing CTI team. The CTI manager role will report directly to the capability lead for Cyber Response and Recovery and work closely with the capability leads for both CRS and CDS. Cyber security is one of the areas which KPMG has identified for tremendous investment and growth. Our clients face a challenging cyber threat and look to us to help them understand and respond to that threat.
This is a hands-on role where you will lead development of CTI service lines and pursue new business opportunities and increase revenue growth. You will lead the CTI Cell and establish KPMG’s position as a thought leader across cyber forums, delivering impactful reporting on leading CTI provider building on our trusted relationships to deliver a range of CTI services to clients across all coverage areas. You will be responsible for business development, and leading high quality and impactful CTI services to internal and external clients. You will manage a high-performing team working closely across CDS and CRS with opportunities to grow into service line leadership. The successful candidate is expected to oversee management of the full cyber threat intelligence lifecycle, contributing to a broad range of cyber-security incident cases and oversee the management of the CTI team.
In this role we are looking for a person who can demonstrate a strong pedigree in cyber threat intelligence. You will be expected to work alongside a number of incident response case managers, penetration testers and DFIR practitioners, as well as have the opportunity to work with, and learn from, the service leadership as part of your continuous development.
When not responding to incidents, you may be helping our clients to build their in-house CTI capabilities, which could include: building and developing CTI tools, authoring and adapting runbooks/playbooks and threat hunts, assessing the CTI maturity and assisting in table-top cyber-scenario exercises. When not engaged in client work, you will be helping to develop our own delivery capability, including operational efficiency, standard operating procedures, team learning and development, tooling and platforms, lab development and orchestration.
Key Responsibilities
Management and Leadership
1. As KPMG’s CTI Lead and SME, you will lead and grow a multi-disciplinary threat intelligence team to develop and deliver CTI services to KPMG clients initially as a CDS and CRS service and enabler. With a long term focus on integrating CTI processes within KPMG Cyber offerings including Cyber Risk and Cyber Strategy services.
2. Lead the design and oversee threat actor tracking programs and campaign monitoring aligned with client sectors and risk profiles.
3. Build and mature CTI capabilities in line with industry frameworks (e.g., MITRE ATT&CK, Diamond Model).
4. Oversee CTI processes including requirement generation, collection management, analysis and reporting.
5. Oversee development of TIP to integrate existing TI feeds and identify opportunities to exploit KPMG proprietary data.
6. Use existing relationships with IC to establish and maintain relationships with threat-sharing communities (e.g., FS-ISAC, NCSC, JPCERT, ENISA).
7. Lead resource management including mentoring of junior analysts, support professional development, and promoting intelligence tradecraft standards.
8. Lead ongoing maturing of the CTI capability based on leading CTI maturity frameworks.
9. Be responsible for ethical and regulatory compliance of CTI operations.
Business development
10. Conduct business development activities to promote CTI services and promote revenue growth.
11. Identify and pursue opportunities to integrate CTI into other KPMG services such as CRI, Cyber Risk and Maturity Assessments, vulnerability management, TPRM.
12. Lead accreditation of the team to pursue opportunities in CBEST threat-led Red Team engagements.
13. Build on your existing relationships within the sector to promote KPMG’s reputation as a thought leader and build strong working relationships with UK and EU IC.
Service Delivery
14. Lead development of CTI consultancy services for CTI maturity assessments and TOM.
15. Lead CTI delivery in support of KPMG marketing, and fortnightly i-4 briefings.
16. Lead development of threat intelligence products and services for CRS and CDS clients.
17. Brief internal stakeholders, executive boards, and external clients on threat trends and intelligence-driven defence postures.
Essential Skills and Experience
18. Current or eligible for SC or DV clearance for UK government client work.
19. CREST CTI Manager qualification or equivalent.
20. Demonstrable leadership experience building and managing CTI teams in high risk organizations such as FS, CNI or healthcare, experience working in a large consultancy would be preferable.
21. 7–10+ years in intelligence roles within government and private sector, with 3–5+ years in a CTI-focused role.
22. Deep understanding of threat actors, cybercrime ecosystems, and nation-state campaigns with deep expertise of at least one of the above.
23. Strong working knowledge of structured analytical techniques, strong analytical and structured thinking, with attention to detail in reporting and assessments.
24. STIX/TAXII, MITRE ATT&CK, and TIP/SIEM integration.
25. Excellent written and verbal communication skills—able to brief both technical and non-technical audiences.
26. Proven client-facing experience, ideally in consultancy, financial services, or defence.
Preferred Skills
27. Fluency in one of the following languages and regional knowledge of China, Russian, or Iranian.
28. Experience in intelligence-led threat modelling and risk prioritisation.
29. Familiarity with malware analysis, adversary infrastructure tracking, and TTP mapping.
30. Understanding of geopolitical threat contexts and regional cyber capabilities.
31. Knowledge of threat hunting methodologies and red/purple teaming concepts.
32. Experience supporting incident response or crisis communications.
33. Language skills (e.g., Russian, Mandarin, Arabic, Farsi) considered a strong asset.
Qualifications
Required:
34. Bachelor’s degree in Intelligence Studies, international politics or war studies or significant (10+ years) in intelligence roles.
35. Certifications such as:
- GIAC Cyber Threat Intelligence (GCTI)
- CREST Certified Threat Intelligence Analyst (CCTIA)
- CISSP, GOSI, or equivalent
Desirable:
36. Master’s degree in Cybersecurity, International Security, or a related discipline.