Job Description

Job Title: Cyber Incident Management Analyst
Role Overview
The Cyber Incident Management Analyst is responsible for coordinating and managing the response to information security incidents across the organisation. The role ensures incidents are assessed, contained, investigated, escalated, and closed in accordance with established policies, frameworks, and regulatory obligations. The role requires improvements in current processes and there is a requirement to link with all areas of the business.
 
 
Key Responsibilities
Incident Coordination & Response
•    Triage, assess, and manage cyber security incidents from initial detection through to closure.
•    Lead incident response activities, including containment, eradication, and recovery in line with approved incident response runbooks.
•    Coordinate Major Incident (MIM) engagement where required and act as the security SME during live incidents.
•    Ensure timely escalation in line with severity thresholds and Rules of Engagement.
Investigation & Analysis
•    Validate alerts and indicators to distinguish true positives from false positives.
•    Support technical investigations by coordinating evidence collection, forensic engagement, and validation activities.
•    Maintain accurate incident records, including timelines, decisions, evidence, and outcomes.
Stakeholder & Third Party Management
•    Engage and coordinate with internal technology teams, legal, risk, compliance, and communications as required.
•    Liaise with third party suppliers and forensic providers (e.g. incident response retainers) during incidents.
•    Provide clear, accurate, and timely updates to stakeholders throughout the incident lifecycle.
Governance, Reporting & Assurance
•    Ensure incidents are managed in line with internal policies, standards, and regulatory requirements.
•    Support post incident reviews, lessons learned, and improvement actions.
•    Contribute to controls testing, assurance activity, and audit requests by providing evidence of incident management processes.
On Call & Operational Readiness
•    Participate in an on call rota, responding to out of hours incidents and supporting emergency response activities.
•    Maintain familiarity with incident response tools, platforms, and process documentation.
•    Support tabletop exercises and simulation activities to improve incident preparedness.
 
Skills & Experience
Essential
•    Experience in cyber security, incident management, security operations, or a related role.
•    Strong understanding of incident response frameworks, triage, and escalation processes.
•    Ability to manage incidents under pressure and make clear, risk based decisions.
•    Strong written and verbal communication skills, including senior stakeholder engagement.
•    Experience working with SOCs, detection tooling, and/or managed security providers.
Desirable
•    Experience supporting forensic investigations or working with external response vendors.
•    Knowledge of regulatory and compliance requirements (e.g. UK GDPR, FCA, PRA).
•    Familiarity with Microsoft security tooling (e.g. Sentinel, Defender, Entra ID, Purview).
•    Experience supporting tabletop exercises or post incident reviews.
•    Industry certifications (e.g. GCIH, GCED, CISSP, CISM, CompTIA Security+).
Personal Attributes
•    Calm, methodical, and resilient during high pressure situations.
•    Strong attention to detail with a structured approach to problem solving.
•    Collaborative mindset with the ability to coordinate across multiple teams.
•    Professional judgement and discretion when handling sensitive incidents.