Manager

Overview

The Incident Response & Investigations Manager is a key role within the Incident Response & Investigations team, part of the wider Security Operations team at KPMG UK. 

The Incident Response and Investigation team is comprised of approximately 8 colleagues in addition to using a third-party SOC service.

This role requires someone who can adapt to changing circumstances, new information, and emerging threats whilst also being proactive and prepared for potential incidents, by conducting regular training, testing and updating incident response and investigations documentation. 

This represents an exciting opportunity to join a growing function and getting to a right level of maturity. With the recent merger of the UK and Swiss firms, there are many opportunities for alignment and this role will be key to identifying opportunities to work together. There are also a number of in-flight investments which will allow us to continue to evolve in our operational security capabilities.

Reporting and Accountability

This role reports into one of the onshore Incident Response & Investigations Manager. It will have regular interactions with counterparts in Switzerland (following the recent merger), other members of the Cyber and Operational Security leadership team including stakeholders from across the IT leadership and the business.  

The role will need to collaborate with colleagues from other KPMG entities around the world and work with key vendors including our third-party SOC provider.

The role holder will be a key member of the Incident Response & Investigations team focusing on the management of cyber related incidents as well as acting as a point of escalation and knowledge sharing for some of the more junior members of the team.

Key Responsibilities

Provide daily operational oversight of Incident Response & Investigations Team (IRIT) in relation to technical incidents for the more junior members of the team.

Play a leading role in the management of P1 and P2 Security Incident investigation, including identifying key enquiries and allocating IRIT resources.

Support the development of IR&I team members.

Lead Post Incident Reviews into KPMG UK Security Incidents; sharing IR&I team findings and outputs with key stakeholders.

Maximise the effectiveness of the IRIT in the preventing, identifying, and managing of Security Incidents by continual liaison with Monitoring and CTI teams.

Ensure Incident Response Investigation procedures and documentation are up to date, maintained and followed (process documentation, playbooks, standard operating procedures, etc).

Be responsible for building and maintaining strong relationships with key stakeholders, such as Information Security leadership, Business Information Security Officer's and Engagement/Capability Leads.

Work closely with the Global SOC to share information and manage globally identified incidents.

Provide tailored approach to investigations involving a range of stakeholders by proportionately applying security capabilities in response to identified risks.

Act as an SME for complex information security incident response concerns, issues and problems.

Be responsible for collaborating with any designated direct staff to ensure performance objectives, career path options, and work assignments are all clearly documented, understood and reviewed.

Stay informed about the latest cyber security trends, threats, and technologies to continuously enhance the firm's security posture.

Experience

Substantial hands-on experience in Information Security Incident Response and Investigation. 

Substantial experience leading and supervising serious and complex investigations. 

Strong experience of managing investigative teams.

Experience leading teams in high pressured environments. 

Strong experience of investigative techniques and evidence gathering.

Experience in managing and responding to complex security incidents and data breaches.

Robust understanding of security issues, mitigations, and a strong understanding of the current global threat environment.

Good understanding of cyber security regulations, standards, and best practices.

Experience working in a highly regulated industry such as finance, healthcare, or energy is a plus.

Strong analytical and problem-solving skills, with the ability to assess and mitigate risks effectively.

Good communication and interpersonal skills, with the ability to work collaboratively with diverse stakeholders.

High level of integrity and professionalism, with a commitment to ethical conduct and confidentiality.

Ability to stay calm and focused under pressure, especially during security incidents and emergencies in the face of ambiguity and imperfect knowledge.

Relevant certifications such as CISSP, CISM, or CEH are highly desirable.