Cyber Incident Response Lead - | Hybrid (Liverpool) | 6 Months | £600 - £800pd | Outside IR35
- Cyber IR Lead
- 6 Month Contract
- Outside IR35
- Hybrid - 3x days per week for first month and flexible working afterwards
- £600 - £800pd
- ASAP Start
Role Purpose
The Cyber Incident Response Lead is responsible for leading the organisation's response to cyber security incidents, ensuring rapid containment, eradication and recovery across both IT and OT environments.
This role is critical in protecting essential services and ensuring compliance within a CNI regulatory landscape.
Key Responsibilities:
Incident Leadership
· Lead response to P1/P2 cyber incidents including ransomware, supply chain compromise and OT disruption.
· Act as Incident Commander during major cyber events.
· Coordinate technical, legal, communications and operational teams.
CNI & OT Incident Management:
· Lead incident response across IT/OT environments.
· Ensure minimal disruption to safety-critical systems.
Regulatory & External Coordination:
· Manage reporting obligations under:
- Network and Information Systems Regulations 2018
- UK regulatory and law enforcement requirements
Process & Capability Development:
· Develop and test the Cyber Incident Response Plan.
· Run tabletop and live simulations (including OT scenarios).
· Ensure lessons learned are embedded into security controls.
· Mature digital forensics and evidence handling processes.
· Oversee the SOC.
Ransomware & Advanced Threat Handling:
· Lead response to nation-state and organised crime campaigns.
· Oversee forensic investigation and root cause analysis.
· Support recovery planning and resilience improvements.
Skills & Experience
Essential:
· 7+ years cyber security experience.
· 3+ years leading incident response.
· Experience operating in a Critical National Infrastructure environment.
· Strong knowledge of ransomware response and crisis management.
· Experience managing cross-functional crisis teams.
Desirable:
· OT / ICS incident response experience.
· Knowledge of industrial protocols and safety systems.
· CREST, GCFA, GCIA, CISSP or equivalent certifications.
· Experience in regulated sectors (ports, energy, utilities, transport).
Cyber Incident Response Lead - | Hybrid (Liverpool) | 6 Months | £600 - £800pd | Outside IR35