VP – Digital Forensics & Incident Response Manager

Location: London (Hybrid)

Sector: Global Financial Services

I’m currently working on behalf of a global financial organisation with a strong presence across EMEA, who are looking to appoint a VP-level leader to manage their Digital Forensics and Incident Response (DFIR) function within their Cyber Security team. This is a high-impact role offering the opportunity to lead advanced response capabilities, oversee incident lifecycle management, and shape the future of threat detection and response within a complex, regulated environment.

Key Responsibilities

• Lead and manage the core Digital Forensics and Incident Response team, ensuring effective detection, containment, and remediation of cyber security incidents.
• Oversee the development and refinement of security monitoring use cases, detection logic, and threat hunting initiatives.
• Investigate and manage critical incidents across the full kill chain using both host and network-based forensics techniques.
• Act as the technical escalation point and lead handler for high-severity incidents.
• Establish and improve forensics capabilities, documentation, and processes in line with industry frameworks (e.g. MITRE ATT&CK, NIST).
• Collaborate with penetration testing, red team, threat intel, and compliance teams to mitigate cyber risk.
• Drive the adoption of advanced monitoring frameworks, including the implementation of IOC- and behavior-based alerting.
• Provide strategic input into cyber security controls, architecture, and future-state operating models.
• Maintain stakeholder relationships and contribute to post-incident reviews and improvement plans.
• Participate in on-call or extended-hour coverage (between 7am–7pm as needed).

What We’re Looking For

• Proven leadership experience in Digital Forensics & Incident Response, preferably within a banking or financial services environment.
• Expertise in forensic analysis (host and network), SIEM, EDR/XDR, packet capture tools, and incident response tooling.
• Strong understanding of threat modelling frameworks such as MITRE ATT&CK, Kill Chain, Diamond Model, etc.
• Experience managing or leading DFIR analysts and developing operational capability.
• Hands-on experience with SIEM platforms, malware analysis tools, and threat hunting methodologies.
• Sound knowledge of cloud security (AWS, Azure) and vulnerability management frameworks.
• Excellent communication skills, stakeholder engagement, and an analytical mindset.
• Relevant certifications (e.g. GCIH, GCFA, GCIA) are highly desirable.

Why Apply?

• Be a senior leader in a global organisation committed to cybersecurity maturity and innovation.
• Shape the strategic direction of forensics and response operations across a high-value infrastructure estate.
• Work alongside some of the most experienced security professionals in the industry.
• Competitive salary, benefits, and hybrid working options.