Incident Response Manager

Wiki > Incident Response Manager



Contractual Grade:

Technical Specialist – TSD


Infrastructure & Operations


Security Operations


Security Operations

Reports to:

Security Operations Team Lead

Direct Report (s):


Indirect Report (s):



Overall Role Purpose:  Describe below the primary purpose and function of this job


Key Accountabilities & Responsibilities:  List up to 6 key roles and responsibilities of this job.

Technical and managerial leadership and mentoring position with direct lines of technical reports within the security function and interface into extended organisation, business partners and third parties.

Customer focus from definition of greenfield security projects to technical leadership and hands-on delivery of the security and incident response lifecycle – supporting crawl, walk and run approach towards overall maturity.

Define and deliver projects for Fortune 500 customers for internal and external managed security services (MSS), internal SOCs and hybrid services model.

Expertise in definition and agreement on KPIs and metrics for operational tracking as well management reporting. Identify data points of value and put in place methodology to bypass or capture gaps.

Consistent growth mindset with acute focus on operational excellence, iteratively defining and maturing SecOps policies and procedures and incorporating continuous lessons learned processes feedback loops.

Excellent understanding of risk management and governance and data privacy controls (inc. GDPR) and their impact and interface into security operations.

Working with Enterprise grade global Security Operations centres across EMEA and providing coaching and mentoring and definition and hands-on leadership on maturity programs to increase operational effectiveness and visibility vertically and horizontally.

Define and instate processes and guideline for auxiliary interfaces into the security organisations (legal, regulatory, government, law enforcement, PR and marketing).

Work with a great sense of urgency without unnecessarily compromising process constraint within the bounds of risk, privacy and regulatory frameworks.

Understanding of major security tools and technologies and their positioning and interface requirements to ensure the whole is significantly greater than the sum of its parts.

Customer base includes financial services, energy, automotive, manufacturing, retail, etc.

Strategic and tactical balance in prioritising and responding to incidents – identify new occurrences, determine correlations, analyse long term impact, quick decision making and continuous process improvement.

Commercial focus with priority on maintaining business-as-usual in balance with the security equations

Functional Expertise: Describe the level of technical knowledge required for the role and the nature of the expertise (e.g. whether this is across one or multiple areas, the features of the discipline – fast changing, technical etc.)



Business Expertise:  Describe the requirement for knowledge and expertise about how various parts of the organisation work together to achieve the FCA’s objectives.  Explain the degree of understanding required of the industry, and external environment


Leadership: Describe the nature of the responsibility the role has for others and whether the role has any budgetary responsibilities (i.e., does the role supervise employees or manage professionals, or does the job require the management of work through other managers? Does the role have any informal leadership responsibilities e.g. mentoring, checking quality of work on completion, role modelling behaviours etc.)


Problem Solving:  Describe the nature and complexity of the problems this position encounters on a recurring basis.  Include information regarding the level of innovation required, if any, and include mention of environmental factors that may add to the complexity of resolving issues.


Nature & Area of Impact: To what degree does this job affect the FCA (i.e., through external interactions, making decisions, defining or setting strategy, etc.)?  What is the breadth of the impact that this job has, either positive or negative (i.e., affects own team, division, entire FCA etc.)?


Interactions / Interpersonal SkillsDescribe the nature and level of interactions this job has with others, both internall and externally.  Explain any specific interpersonal skills necessary to successfully perform this role (i.e., negotiation skills, represents FCA at external events or to governmental bodies, etc. ).

Internal Key Interfaces

External Key Interfaces

  • CIO, BTS Leadership Team
  • Service Operations Team
  • C&IR Strategy Team
  • C&IR Security Consulting Team
  • Office of the CTO Team
  • Business users of software and hardware
  • Proven track record of building relationships with customers and stakeholders (internally and externally)


  • 3rd party suppliers
  • Professional bodies


Job Requirements And Professional Qualifications:  Indicate the typical education and experience required fulfilling  this job and any licenses and certifications required.

  • Experience of working in a Security Operations function within Professional Services, Financial Services, Government or Defence environments.
  • Experience of establishing an effective, outsourced Security Operations Centre (SOC).
  • Experience of establishing an effective Security Operations function.
  • A deep understanding of networking IP addressing and subnets.
  • An understanding of ITIL best practices.
  • Possess a recognised security certification / technical competency (CISSP – Certified Information Systems Security Professional, ISSMP – Information Systems Security Management Professional, CISM – Certified Information Security Manager).