Associate Director – Incident Response & Digital Forensics (Ransomware SME)
Location: London (Hybrid – minimum 2 days/week onsite)
Division: Discovery & Data Insights (DFIR & Legal Technologies)
Reports to: Director, Discovery & Data Insights
I am looking for an Associate Director to join and help lead an Incident Response and Digital Forensics practice. You will act as a senior technical leader and subject matter expert in ransomware response, overseeing complex engagements across DFIR, cybersecurity crisis management, and eDiscovery.
This role requires a blend of deep technical knowledge, operational leadership, and the ability to work directly with clients across legal, corporate, and government sectors. You will also take a hands-on leadership role in developing and mentoring junior practitioners, driving excellence in our forensic methodologies, and contributing to business development initiatives through thought leadership and client engagement.
Key Responsibilities of an Associate Director – Incident Response & Digital Forensics:
* Serve as technical lead and subject matter expert on major cyber incident and ransomware response engagements, from triage to remediation and reporting.
* Lead and manage digital forensics investigations and large-scale data breach response cases, ensuring evidential integrity and defensibility.
* Develop and refine incident response playbooks, ransomware negotiation protocols, and forensic methodologies in line with industry frameworks (e.g. MITRE ATT&CK, NIST, Cyber Kill Chain).
* Act as a strategic advisor to senior client stakeholders, providing guidance on threat intelligence, containment, recovery strategies, and regulatory reporting obligations.
* Deliver expert witness testimony and review complex technical reports and deliverables for legal scrutiny.
* Provide technical leadership and mentorship to consultants and junior analysts, fostering continuous development and high performance.
* Support the growth of the practice by contributing to marketing, client education, proposals, and service innovation.
* Represent Control Risks at industry conferences, client briefings, and in published thought leadership as a recognised ransomware expert.
* Collaborate closely with internal teams across cyber threat intelligence, crisis management, and investigations on cross-disciplinary engagements.
* Participate in the on-call rota for emergency incident response, with occasional international travel.
Required Skills & Experience of an Associate Director – Incident Response & Digital Forensics:
* Extensive hands-on experience in incident response and ransomware investigations, with a strong track record of managing high-stakes cyber crises.
* In-depth knowledge of ransomware TTPs, threat actor behaviours, negotiation strategy, and recovery methods.
* Proficiency with a wide range of forensic tools (e.g., EnCase, Nuix, X-Ways, Axiom, Velociraptor, FTK, Cellebrite, XRY).
* Strong command of Microsoft, Linux, and cloud platforms (M365, Azure, AWS, Google Workspace).
* Advanced scripting and log analysis capabilities (e.g., PowerShell, Bash, Python, SQL).
* Demonstrated experience in leading client engagements and managing teams in a consulting or law enforcement context.
* Deep familiarity with regulatory and evidentiary frameworks (ISO17025, NPCC, NIST, etc.).
* Proven ability to develop talent, coach teams, and create a high-performance culture.
What's on offer:
* Leadership role in a globally respected DFIR practice.
* Hybrid work model with flexible arrangements.
* Competitive salary + global bonus scheme.
* Exposure to high-profile cyber incidents and multi-national clients.
* A clear pathway to director-level roles.