Manager - Incident Response and Cyber Defence

• Learn from the best in the business
• Mentoring, growth and training - receive support and coaching to progress your career
• Preventive and supportive mental health initiatives

• Lead the response to cyber incidents, ensuring rapid mitigation, containment, and resolution.
• Maintain and execute the organization's Incident Response Plan (IRP) with alignment to regulatory requirements and business goals.
• Oversee post-incident reviews to identify gaps, implement improvements, and update the IRP accordingly.
• Manage coordination with external response partners and regulators when necessary during significant incidents.
• Regularly conduct tabletop exercises and simulations to test the organization's preparedness and refine response processes.

• Manage the Security Operations Centre (SOC) to ensure 24/7 monitoring and effective incident handling.
• Oversee the tuning of SIEM platforms, IDS/IPS, and other monitoring tools to optimize detection accuracy and reduce false positives.
• Ensure critical vulnerabilities generating alerts in the SIEM are properly identified, escalated, and responded to promptly.
• Coordinate the response to Indicators of Compromise (IOCs), leveraging intelligence sources to contain and prevent incidents.
• Monitor SOC metrics and incident trends to identify areas for operational improvement.

• Collaborate with threat intelligence teams to incorporate actionable intelligence into detection and response efforts.
• Manage IOC handling by ensuring timely responses to new threat indicators and their integration into detection tools.
• Lead proactive threat hunting efforts within the SOC to identify potential threats before they materialize.
• Stay updated on emerging threat landscapes and ensure response strategies adapt to new vulnerabilities and attack vectors.

• Act as a key partner to the Head of Cyber Defence, supporting strategic initiatives and taking on operational leadership when required.
• Serve as the primary escalation point for complex incidents and operational challenges, including weekend support for critical systems (e.g., firewalls).
• Provide mentorship and guidance to SOC analysts and incident responders, ensuring continuous skill development within the team.
• Collaborate with IT, legal, compliance, and business units to align security response efforts with operational priorities.

• Partner with the Head of Cyber Defence to assess and refine incident response processes and SOC operations continuously.
• Identify areas for optimization and automation within incident response workflows.
• Take on additional leadership responsibilities to develop into a second-in-command (2IC) role over time, supporting the head of function in strategic and operational capacities.
• Play an active role in the design and execution of defensive strategies to align with evolving threats and best practices.

• Cyber GRC (Govern and Support)
• Cyber Assurance (Design & Deploy)
• Cyber Operations (Operate & Maintain)
• Cyber Defence (Protect & Defend)

• 5+ years of experience in cybersecurity, with a focus on incident response, SOC and threat detection.
• Proven experience in handling cyber incidents in complex enterprise environments, including managing escalations.
• Strong operational background in SOC including familiarity with SIEM platforms and response tools.
• Expertise in incident response frameworks (e.g., NIST, MITRE ATT&CK, Cyber Kill Chain).
• Experience with SIEM platforms (e.g., Splunk, ArcSight, QRadar) and optimizing detection rules.
• Strong knowledge of IDS/IPS, IOCs, and proactive threat hunting methodologies.
• Familiarity with cloud security monitoring (AWS, Azure, GCP) is a plus.

• GIAC Certified Incident Handler (GCIH)
• GIAC Security Operations Certified (GSOC)

Deloitte