Job description
The incident response manager role will be working in the Cyber Response Services (CRS) Team within our Risk Consulting practice. Cyber security is one of the areas which KPMG has identified for tremendous investment and growth. Our clients face a challenging cyber threat and look to us to help them understand and respond to that threat.
This is a hands-on and operational management role with opportunities to grow into service line leadership. The successful candidate is expected to manage a broad range of cyber-security incidents as well as perform digital forensics (disk, volatile memory, network packets, logfiles) and help advance KPMG's incident response processes and methodologies.
In this role we are looking for a person who can demonstrate strong technical background, significant experience in incident response and digital forensics and is looking to grow into an incident response leadership role as part of a growing team. You will be expected to lead a number of incident response case managers and practitioners, as well as have the opportunity to work with, and learn from, the service leadership as part of your continuous development.
When not responding to incidents, you may be helping our clients to build their in-house incident response capabilities, which could include: building and developing cyber-response tools, authoring and adapting runbooks/playbooks, assessing the incident response maturity, assisting in table-top cyber-scenario exercises. When not engaged in client work, you will be helping to develop our own delivery capability, including operational efficiency, standard operating procedures, team learning and development, tooling and platforms, lab development and orchestration.
Candidates should have a proven track record of incident management, with a strong competency in digital forensics. KPMG will provide training and coaching to help you continually improve both your management and technical skills. Strong technical competency and experience of managing a range of complex cyber incidents; from ransomware to advanced network intrusions is a pre-requisite.
Our clients expect that cyber-incidents will be tackled with urgency, therefore, there is an expectation that you will be flexible in terms of working hours. In addition, you should be prepared to travel on short notice for periods up to 2 or 3 weeks at a time.
Above all, KPMG is looking for someone who is passionate about helping our clients with their cyber security challenges, often at a time of critical need. In return, we are committed to helping you to enjoy the role and develop your skills and career within the KPMG with the objective of progressing into a senior leadership role.
Summary of Role Purpose:
Cyber Response is one of the eight capabilities in Cyber and is seeing a high level of service demand. This role will focus on growing Cyber Recovery (remediation/ transformation) revenue after an initial cyber response. We need a senior skilled individual, who can interface with our response team and the client and can identify where cross sell opportunity exists beyond the initial (often insurance paid) recovery period.
Description of the role:
Manage and co-ordinate cyber security incidents for our clients, working closely with the cyber response leadership team (1 Partner and 2 Directors).
Digital forensics of relevant incident data (disk, volatile memory, network packets, log files).
Maintaining a current view of the cyber threat and being able to advise clients on the threat landscape and attacks which may be relevant to them.
Manage the development of KPMG's in house cyber-response tools.
Assess client incident response capability maturity.
Help stand-up or improve clients' own incident response capabilities.
Project management of engagements to deliver high quality work in a timely manner, including:
Scoping and costing of engagements
Financial management of projects
Engagement and risk management
Production and review of deliverables to a high standard.
Liaising with clients on delivery, implementation and project issues.
Ability to generate well-structured responses to bids and requests for proposals.
Role dimensions:
Leadership & Management:
We run a matrix capability in Cyber Response. As a Manager you will be a Case Manager for response jobs and manage response consultants on a case-by-case basis - typically 1-3 in total. You are likely to respond to large, more complex response cases and therefore manage larger numbers in those cases. You will performance manager (usually up to three staff) and coach/ mentor junior response consultants. The team is circa. 30 people.
Stakeholder Interaction & challenges:
This Sectors aligned role reflects the demand we are seeing in this market. You will however work cross-market and respond on complex jobs. We typically respond 1-3 times per week;
Impact, Risk, Accountability & Governance:
This is a high impact role and will directly help with strategic objectives to grow the response business. Demand is high and focus is required on key clients across the FS, Sectors and IGH coverage groups. You will Engagement Manage and hold responsibility for core risk management processes.
The Person:
You should have approximately 4 to 8 years of experience in cyber-security and incident response. For example: You should be able to guide a client through a unstructured incident response process (such as an advanced network intrusion) - managing resources and defining objectives at each stage of the incident response process; scoping and triage, containment, evidence preservation and extraction, eradication, recovery, forensic analysis and investigation.
1. A broad understanding of the cyber security threat landscape.
2. Strong technical background in computers and networks, and programming skills.
3. Significant and proven experience of dealing with cyber security incidents and associated response measures.
4. Experience of managing a rapid deployment incident response team.
5. Excellent interpersonal, written and communication skills.
6. Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques.
7. A genuine interest and desire to develop and mention junior team members.
8. Strong attention for detail and the ability to manage multiple simultaneous cases.