Head of Cyber Incident Response & Resilience

My client is looking for an experienced Cyber Incident Response Lead to join their growing team. You will own the organisation’s incident response capability, including strategy, readiness, and continuous improvement. Acting as a strategic partner to the Security Operations Centre (SOC), this role defines standards for effective response, ensures preparedness across people, process, and technology, and leads the response to major cyber incidents.

The IR Lead ensures the organisation can detect, respond to, recover from, and learn from incidents, driving continuous improvement through exercises, post-incident reviews, and close alignment with security engineering and operations.

Key Responsibilities

• Partner with the SOC to provide leadership across incident detection, response, and recovery, including escalation support.
• Own IR readiness and maturity, including operating model, governance, roles, and playbooks.
• Define standards, metrics, and maturity targets aligned to business risk and threats.
• Lead response to major incidents, ensuring effective coordination, decision-making, communication, and recovery.
• Develop and maintain playbooks for priority threat scenarios and critical systems.
• Run tabletop exercises and simulations to test organisational readiness.
• Lead post-incident reviews and translate lessons into security and control improvements.
• Manage incident reporting, including executive updates and regulatory inputs.
• Coordinate cross-functional and third-party response efforts (e.g. IT, legal, communications, external partners).

Your Profile

• 4 + years in a senior incident response or security operations role.
• Experience building and maturing IR capabilities in complex environments.
• Strong hands-on knowledge of incident lifecycle (containment, eradication, recovery).
• Proven experience leading exercises and major incident responses.
• Ability to drive improvements from lessons learned.
• Strong communication and leadership skills, especially under pressure.
• Experience in regulated or compliance-driven environments.

Desirable

• Relevant certifications (e.g. CISSP, GCIH, GCED).
• Experience working closely with SOC teams and escalation models.
• Familiarity with MITRE ATT&CK and threat-led response.
• Experience with SIEM, SOAR, and automation tooling.
• Knowledge of crisis management and executive communications.
• Experience managing third-party IR providers.
• Understanding of legal/regulatory requirements (e.g. data protection, breach reporting).
• Exposure to cloud, identity, and network incident scenarios.

Salary dependent on candidate experience. Benefits: Annual Bonus Scheme. Contributory Pension. Private Medical Insurance. Life Assurance & Long-Term Disability. Employee Assistance Programme. 22 days annual leave + 10 public holidays. Continuous Learning & Development. Access to extensive training & certification resources. Lunch & Learn sessions. Additional perks including company discounts, on-site parking, and bike-to-work scheme

Based in Letterkenny, Co. Donegal. Hybrid (2 days onsite per month). Candidates must be eligible to work in Ireland/EU.

For more information, please contact David Coyle at 01 635 1748 or email [email protected]