VP – Digital Forensics & Incident Response Manager
Location: London (Hybrid)
Sector: Global Financial Services
I’m currently working on behalf of a global financial organisation with a strong presence across EMEA, who are looking to appoint a VP-level leader to manage their Digital Forensics and Incident Response (DFIR) function within their Cyber Security team. This is a high-impact role offering the opportunity to lead advanced response capabilities, oversee incident lifecycle management, and shape the future of threat detection and response within a complex, regulated environment.
Key Responsibilities
- Lead and manage the core Digital Forensics and Incident Response team, ensuring effective detection, containment, and remediation of cyber security incidents.
- Oversee the development and refinement of security monitoring use cases, detection logic, and threat hunting initiatives.
- Investigate and manage critical incidents across the full kill chain using both host and network-based forensics techniques.
- Act as the technical escalation point and lead handler for high-severity incidents.
- Establish and improve forensics capabilities, documentation, and processes in line with industry frameworks (e.g. MITRE ATT&CK, NIST).
- Collaborate with penetration testing, red team, threat intel, and compliance teams to mitigate cyber risk.
- Drive the adoption of advanced monitoring frameworks, including the implementation of IOC- and behavior-based alerting.
- Provide strategic input into cyber security controls, architecture, and future-state operating models.
- Maintain stakeholder relationships and contribute to post-incident reviews and improvement plans.
- Participate in on-call or extended-hour coverage (between 7am–7pm as needed).
What We’re Looking For
- Proven leadership experience in Digital Forensics & Incident Response, preferably within a banking or financial services environment.
- Expertise in forensic analysis (host and network), SIEM, EDR/XDR, packet capture tools, and incident response tooling.
- Strong understanding of threat modelling frameworks such as MITRE ATT&CK, Kill Chain, Diamond Model, etc.
- Experience managing or leading DFIR analysts and developing operational capability.
- Hands-on experience with SIEM platforms, malware analysis tools, and threat hunting methodologies.
- Sound knowledge of cloud security (AWS, Azure) and vulnerability management frameworks.
- Excellent communication skills, stakeholder engagement, and an analytical mindset.
- Relevant certifications (e.g. GCIH, GCFA, GCIA) are highly desirable.
Why Apply?
- Be a senior leader in a global organisation committed to cybersecurity maturity and innovation.
- Shape the strategic direction of forensics and response operations across a high-value infrastructure estate.
- Work alongside some of the most experienced security professionals in the industry.
- Competitive salary, benefits, and hybrid working options.