Cyber Incident Response Lead
Role Purpose
The Cyber Incident Response Lead is responsible for leading the organisation’s response to cyber security incidents, ensuring rapid containment, eradication and recovery across both IT and OT environments.
This role is critical in protecting essential services and ensuring compliance within a CNI regulatory landscape.
Key Responsibilities
Incident Leadership
* Lead response to P1/P2 cyber incidents including ransomware, supply chain compromise and OT disruption.
* Act as Incident Commander during major cyber events.
* Coordinate technical, legal, communications and operational teams.
CNI & OT Incident Management
* Lead incident response across IT/OT environments.
* Ensure minimal disruption to safety-critical systems.
* Work closely with engineering and operations teams.
Regulatory & External Coordination
* Manage reporting obligations under:
* Network and Information Systems Regulations 2018
* UK regulatory and law enforcement requirements
* Liaise with National Cyber Security Centre during nationally significant incidents.
Process & Capability Development
* Develop and test the Cyber Incident Response Plan.
* Run tabletop and live simulations (including OT scenarios).
* Ensure lessons learned are embedded into security controls.
* Mature digital forensics and evidence handling processes.
* Oversee the SOC.
Ransomware & Advanced Threat Handling
* Lead response to nation-state and organised crime campaigns.
* Oversee forensic investigation and root cause analysis.
* Support recovery planning and resilience improvements.
Skills & Experience
Essential
* 7+ years cyber security experience.
* 3+ years leading incident response.
* Experience operating in a Critical National Infrastructure environment.
* Strong knowledge of ransomware response and crisis management.
* Experience managing cross-functional crisis teams.
Desirable
* OT / ICS incident response experience.
* Knowledge of industrial protocols and safety systems.
* CREST, GCFA, GCIA, CISSP or equivalent certifications.
* Experience in regulated sectors (ports, energy, utilities, transport).
Personal Attributes
* Decisive leader in crisis situations.
* Strong stakeholder management skills.
* Clear communicator under pressure.
* Highly organised and structured thinker.