Cyber Response Manager

13 Mar 2017
10 Apr 2017
Mary Worthington
Clearance Level
None / Undisclosed
Job Type

Cyber Response Manager

My client, an international financial services organisation in Edinburgh are actively looking for a Cyber Response Manager to join their expanding CISO function. This role will offer you the opportunity to take the lead on attack monitoring, incident management and response, and cyber investigations. This is a Greenfield role with the opportunity to really help to shape the organisations capability in this space. They are ideally looking for someone who is technically focused and looking for a strategic role where you can be a part of educating the wider business, as well as driving initiatives in your own area.

The role:

You will take ownership for these areas:

Attack Monitoring

Define and implement an effective, intelligence-led attack monitoring framework, driving the delivery of the monitoring, gathering, analysis, correlation, dissemination and remediation of indicators of cyber attack.

Incident Management and Response

  • Developing and managing a Cyber Response Plan using appropriate incident management tools and processes.
  • Overall accountability for first line incident handling, including call handling, triage, first pass analysis, and resolution or escalation to the right cyber security resolver team.
  • Accountable for the planning, co-ordination and communication of the organisations cyber security incident management.
  • Identify and escalating appropriately any incident/request that requires increased focus and actions necessary to meet committed service levels.
  • Management of incident review and reporting on ticket resolution and KPIs.

Cyber Investigations

  • Lead the investigation of anomalous cyber incidents via root cause analysis (e.g. following on from major incidents) or through proactive trend analysis and monitoring. And
  • Provide digital forensic investigation to incidents that occur.


  • Experience with security services such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application Firewalls (WAF), Firewall logs, systems logs, web logs, application logs and Security Information and Event Management (SIEM) systems.
  • Strong understanding and knowledge of incident management processes.
  • Up-to-date knowledge of cyber and information security trends and threats facing financial services.
  • One or more certifications such as CISSP, CEH, ITIL v3 and SANS.

To apply for the role please send your CV to Or for more information call Mary on 01179145273.