Manager - Cyber Incident Readiness, Response, and Recovery

Job Requisition ID: 36918 

Today, organisations of every size in every sector are exposed to more—and more sophisticated—cybersecurity threats on a global scale. As organisations accelerate their digital transformations, cloud adoption, and expanded partner ecosystems, they must concurrently enhance their incident readiness, response, and recovery capabilities to minimise potential business impacts if breaches to these critical systems occur.

Our Cyber Incident Readiness, Response, and Recovery (CIR3) team provides organisations with the expertise required to prepare for, respond to, and recover from cybersecurity incidents with speed, efficiency, and scale – our team support our client’s every step of the way across the entire lifecycle of an incident, to quickly uncover compromises, take back control, and help organisations emerge more resilient.

When clients have an incident, our team gets to work – fast – to identify root causes and evict threats. Our professionals apply their experience and imagination to find the most advanced threats, hiding in the darkest corners of the network. Not only do we identify where these threats are, we also remove them from the network, preventing business-disrupting damage from occurring, and implementing tailored strategies to prevent recurrences. With a unique collection of skills, methodologies, and strategic award-winning vendor relationships, we can do whatever it takes – from improving the security of a single component to delivering a holistic security transformation programme.

About the role

We are seeking an experienced and highly motivated Recovery and Resilience Manager to join our Cyber Incident Readiness, Response, and Recovery team. This position plays a crucial role in helping our clients design, build and deploy leading resilience strategies before, during and after a cyber incident. The ideal candidate will have a strong background in cyber and technology resilience, with hands-on operational experience developing tailored remediation and recovery programmes following a catastrophic cyber event.

This position within the Recovery pillar of our CIR3 team plays a crucial role both in ensuring our clients are prepared for major cyber disruption, and working alongside the Incident Response team to coordinate the rapid and secure recovery of operations when an attack occurs.

Your Impact:

• Lead Recovery and Restoration Initiatives: As the Recovery Lead during Cyber Incident Response engagements, you will design and implement tailored remediation and recovery strategies which stabilise and secure client operations following major cyber events.
• Lead Resilience Projects: When not responding, you will be improving our client’s recovery readiness through resilience assessments, resilient technical and data architecture, recovery planning and sequencing, testing and failover automation activities, and advising clients in transforming traditional disaster recovery solutions to secure, agile, scalable, always-on, cloud-first environments.
• Process Improvement: Continuously develop, evaluate, and improve existing security processes and workflows to ensure our solutions remain cutting-edge.
• Team Leadership: You will work closely with CIR3 leadership to support the growth of our practice and provide guidance and mentorship to junior team members on Recovery and Resilience.
• Stakeholder Engagement: Through building and nurturing strong client relationships, you will support and lead the sales process, working closely with various stakeholders to understand their needs and ensure our solutions align with business objectives.

Required Skills

1. Hands-on Experience: Demonstrated track record of deploying technical expertise during time-sensitive incident response or enterprise recovery scenarios, including hands-on and on-site recovery support, and/or experience in uplifting and embedding resilience capability
2. Technical Subject Matter Expertise: In-depth knowledge of commonly encountered security products and technologies, including:
   1. In-depth knowledge of Active Directory and Windows Enterprise environments.
   2. In-depth knowledge of virtualisation technologies (VMware ESXi and Hyper-V), Cloud (Azure, AWS and GCP) implementation and configuration, and Hybrid (On-Premise, Cloud, SaaS) environments.
   3. Experience in networking, configuration of VLAN’s, and Firewall configuration.
   4. Demonstratable practical understanding of backup solutions and the sequencing of activities to prepare data and systems for restoration.
3. Security Knowledge: Solid knowledge of cybersecurity principles, threat landscapes, and security frameworks, including IS27001, NIST, CPS 234, ITIL, SABSA
4. Problem-Solving Skills: Strong analytical and problem-solving skills.
5. Communication Skills:
   1. Excellent verbal and written communication abilities to interact with technical and non-technical stakeholders.
   2. The ability to conduct technical workshops and to be able to articulate security strategies and processes to executive-level stakeholders.
6. Project Management: Capable of managing multiple projects and workstreams simultaneously with a high degree of organisation.
7. Team Collaboration: Ability to work effectively as part of a team and lead initiatives while ensuring that recovery-related plans, processes and procedures and effectively integrated in to incident response methodologies and other solutions.

Desirable Skills

• Incident Leadership and Coordination: Experience in an Incident Commander role, liaising with executive-level stakeholders to respond to cyber incidents and limit the impacts of a cyber attack.
• Certifications: Relevant certifications such as Microsoft role-based certifications, VMware, and applicable networking certifications.
• Cloud Security: Familiarity with cloud security tools and environments (e.g., AWS, Azure).
• Vendor Management: Experience in managing relationships with third-party vendors and recovery partners.

Qualifications

• Education: Bachelor’s degree in Computer Science, Information Technology, or a related field. Advanced degrees are a plus.
• Experience: Minimum 4-5 years of relevant experience in cybersecurity with a focus on enterprise recovery and resilience.

Why Deloitte 

At Deloitte, we focus our energy on interesting and impactful work. We’re always learning, innovating and setting the standard; making a positive difference to our clients and our society. We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.  

We embrace diversity, equity and inclusion. We have a diverse collection of people from different backgrounds, with different experiences, gender identities, abilities and thinking styles. What binds us together is a shared commitment to value everyone’s perspective and to cultivate inclusion; so that our work environment is a safe space we can all belong.   

We prioritise flexibility and choice. At Deloitte, you get trust on Day 1. We know our people get their best work done when they’re in control of where and how they work, designing their work week around their client, team, and personal commitments.

We help you live and work well. To support your personal and professional life, we offer a range of perks and benefits, including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave and return to work support package. 

Next Steps

Sound like the sort of role for you? Apply now, we’d love to hear from you!

#Linkedin

By applying for this job, you’ll be assessed against the Deloitte Talent Standards. We’ve designed these standards so that you can grow in your career, and we can provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.