Incident Response Manager - Cyber Security

London, United Kingdom
05 Oct 2018
02 Apr 2019
Job Role
Risk Analyst
Job Type
AutoReq ID


Job Title

Incident Response Manager - Cyber Security


United Kingdom




Risk Consulting

Service Line

RC Technology

Service Line Information

Using a wide variety of technical and sector-specific skills, KPMG's Risk Consulting group proactively helps clients increase profits whilst reducing reputational, operational, financial and other risks. We are experienced in managing diverse issues including fraud, regulatory compliance, risk frameworks and modelling, capital efficiency, corporate governance, dispute resolution, deriving value from contracts and much more.

Technology - Our clients need to deal effectively with technology related risks and derive maximum value from data and documentation. Our specialists provide independent, jargon free advice and advanced technology capabilities to help our clients proactively manage their technology risks and use their data to its full potential.

KPMG Overview

Joining KPMG means joining a talented team of exceptional colleagues who bring innovative thoughts and a natural curiosity to the work they do each day. No one type of person succeeds at KPMG; a diverse business requires diverse personalities, characters and perspectives. There really is a place for you here.

Job Description

The Role
The role will be working in the Cyber Defence Services (CDS) Team within our Risk Consulting practice. Cyber security is one of the areas which KPMG has identified for tremendous investment and growth. Our clients face a challenging cyber threat and look to us to help them understand and respond to that threat.
This is a hands-on role with opportunities to grow into management. The successful candidate is expected to help manage cyber-security incidents as well as perform elements of digital forensics (disk, volatile memory, network packets, logfiles).

In this role we are looking for a person who can demonstrate strong grasp of the fundamentals of incident response and digital forensics and is looking to grow skills and experience. You will be expected to lead one or two analysts to achieve a task in a project, as well as have the opportunity to work with, and learn from, our most experienced team members as part of your continuous development'

When not responding to incidents, you will help our clients to build their in-house incident response capabilities, which will include: authoring and adapting runbooks/playbooks, assessing the incident response maturity, assisting in table-top cyber-scenario exercises.

We will welcome applications from candidate with a good competency in incident management, but with a developing competency and keen interest in digital forensics, or vice versa. KPMG will provide training and coaching to help you continually improve you skills.

Our clients expect that cyber-incidents will be tackled with urgency, therefore, there is an expectation that you will be flexible in terms of working hours. In return, KPMG will offer flexible working hours and work from home days for employees who have demonstrate reliability in delivery. For example, if you are writing a post-mortem report or working on a run-book, you can do so from home.

Above all, KPMG is looking for someone who is passionate about helping our clients with their cyber security challenges, often at a time of critical need. In return, we are committed to helping you to enjoy the role and develop your skills and career within the KPMG.

- Help manage and co-ordinate cyber security incidents for our clients, working closely with the incident management lead within the team.
- Digital forensics of relevant incident data (disk, volatile memory, network packets, log files).
- Maintaining a current view of the cyber threat, and being able to advise clients on the threat landscape and attacks which may be relevant to them.
- Help assess client incident response capability maturity.
- Help stand-up or improve clients' own incident response capabilities.
- Help with project management of engagements to deliver high quality work in a timely manner, including:
o Scoping
o Basic financial management
o Engagement and risk management
o Production and review of deliverables.
- Liaising with clients on delivery, implementation and sales issues.

The Person
This position is well suited for an individual with 3 to 5 years of experience in cyber-security and incident response. For example: a very common type of incident is ransomware on a single workstation/laptop. You should be able to guide a client through a structured incident response process - triage, containment, eradication and recovery. If you are provided with forensic data such as: disk image, memory image and network data capture or proxy logs, you should be able to identify malware artefacts, source of infection and use online research to identify malware family.

- A broad understanding of the cyber security threat landscape.
- Good technical background in computers and networks.
- Experience of dealing with cyber security incidents and associated response measures.
- Experience of being part of an incident response team, either holding a formal role, or being able to evidence your personal contribution to the team.
- Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques.
- A genuine interest and desire to work in the information security field.
- Standing and positive reputation in the information security community is seen as a plus.

Qualifications and Skills
The successful candidate will demonstrate competency in computing and networks as well as in cyber-security either by having the relevant work experience, completed a degree or obtained industry relevant certification. Therefore the qualifications below should be seen as means to demonstrate competency and not as a requirement. The desired skill and qualification is provided below:
- Excellent communication skills (both written and oral) and project management skills.
- Strong IT and network skills - knowledge of common enterprise technologies - Windows and Windows Active Directory, Linux, Cisco, etc.
- (desirable but not required) Degree level qualified, MSc in Information Security, IT or relevant STEM subjects.
- (desirable but not required) General information security certificates such CISSP, CISM or CISA.
- (desirable but not required) Incident management certifications such as:
o CREST certified incident manager (CCIM).
o GIAC Certified Incident Handler (GCIH)
- (desirable but not required) Digital forensics certificates such as:
o CREST certified registered intrusion analyst (CRIA),
o CREST certified network intrusion analyst (CCNIA),
o CREST certified host intrusion analyst (CCHIA),
o CREST certified malware reverse engineer (CCMRE),
o GIAC Certified (Network) Forensic Analyst (GCFA, GNFA)
- (desirable but not required) A current government security clearance (SC/DV) or willingness to acquire such a clearance will be seen as an advantage.

Our Deal

At KPMG, your long-term future is every bit as important to us as it is to you. That's why our aim is to give you experiences that will stay with you for a lifetime. Whether it's great training and development, mobility opportunities or corporate responsibility volunteering activities - you'll gain a wealth of experiences on which to build a rewarding career. We're a firm that encourages you to be yourself, values your contribution, and inspires you to act as a role model, always focused on doing the right thing for each other, our clients and our communities.

We're at our best when you're at your best; that's why we've created 'Our Deal' and 'The Academy'. Our Deal is the way we speak about the colleague experience and the expectations we have of our people. We expect the best from our people and in return we provide a stimulating, collaborative environment where each person can reach their extraordinary potential. Through 'The Academy', you'll have access to communities which will support and develop you so that you build your skills and career. From introducing secondment programmes to preferential banking, and student loan payments to your birthday off, we're making sure that our people have an amazing experience.

Flexible Working

While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a balanced lifestyle. We offer part time roles with flexible working arrangements which could include, annualised hours, early or late starts to fit around other commitments, shorter working days etc. We are happy to discuss your own requirements and our range of flexible working arrangements in more detail, should that be of interest and, as part of the recruitment process, we can put you in touch with people who work flexibly.

Applying with a Disability

KPMG are proud to be an inclusive, equal opportunity employer and we seek to attract and retain the best people from the widest possible talent pool. As a member of the Business Disability Forum we're committed to ensuring that all candidates are treated fairly throughout the Recruitment Process. Should you be successful after the initial application stage, please discuss with your recruitment contact any reasonable adjustments to our Recruitment Process that you may require.

KPMG's commitment to diversity

KPMG consistently features in the Sunday Times Best Big Companies to work for, which has been recognised with a special achievement award to mark our 10 years in the Top 25. We pride ourselves on being a place where your individuality is valued; you can be yourself and still achieve your potential. We believe that your individuality helps us to deliver the best results to our clients. Diversity of background, diversity of experience, diversity of perspective - that's the KPMG difference. But, don't take our word for it, find out more about diversity at KPMG by viewing our Policy

At KPMG, we recognise that returning to work after an extended career break can be daunting. We understand and appreciate that those with experience who have taken a career break still have a wealth of experience and knowledge to offer our organisation, which helps us to achieve our business goals. We will support you to refresh your skills, develop your confidence and provide a supportive network across the firm to help you best integrate into the working environment. This role welcomes applications for individuals who have been out of work for 18 months or more and who have previous relevant experience.

Policy for Agencies

KPMG has a commitment to sourcing candidates directly and as such we do not accept speculative CV's from agencies. Please check here to see our policy on agencies: Policy

Job Segment: Corporate Security, Consulting, Risk Management, Law, Security, Technology, Finance, Legal

Similar jobs

Similar jobs