What you’ll be doing as a Cyber Response Planning Lead
Lead the design, delivery, and documentation of cyber incident simulations and exercises across IT, OT, Digital, and operational business units.
Develop and execute diverse cyber incident scenarios including ransomware, insider threats, supply chain attacks, OT compromise, and data loss.
Analyse exercise outcomes to identify lessons learned, gaps, and improvement opportunities.
Coordinate and deliver stakeholder awareness sessions and role-based training to enhance incident response readiness.
Maintain stakeholder engagement records and ensure visibility of training and preparedness activities.
Collaborate with IT, OT, and business resilience teams to strengthen organisational preparedness and alignment.
Lead periodic reviews and updates of incident response documentation, including plans, playbooks, workflows, and communication guides.
Ensure documentation aligns with evolving threats, operational changes, and regulatory requirements.
Conduct structured post-incident and post-exercise analysis to identify root causes and improvement actions.
Maintain and manage a lessons-learned register, ensuring findings are prioritised and tracked.
Facilitate review sessions with stakeholders to agree actionable recommendations.
Oversee tracking and validation of remediation and improvement actions.
Maintain audit-ready documentation including incident logs, dashboards, and governance reports.
Produce regular reporting for leadership on incident trends, exercise outcomes, and organisational readiness. Base location – Hybrid – Clearwater Court,
Reading.
Working pattern – 36 hours Monday to Friday.
What you should bring to the role Significant experience in cyber incident management, emergency planning, or IT risk management.
Experience working within critical infrastructure, utilities, or public sector environments.
Experience coordinating incident exercises and embedding continuous improvement activities.
Experience developing and maintaining incident management plans, procedures, and policies.
Strong ability to work under pressure and manage multiple priorities.
Excellent communication and interpersonal skills to engage technical and non-technical stakeholders.
Ability to build strong relationships and work collaboratively across teams.
Self-motivated with the ability to work independently and drive initiatives forward. Technical experience and skills Proficiency in incident management tools and cybersecurity technologies.
Knowledge of cybersecurity frameworks such as ISO 27001, NIST SP 800-61, and MITRE ATT&CK.
Ability to analyse incidents, exercises, and trends to drive improvements in response capability.
Experience in maintaining structured documentation, including plans, reports, and evidence sets. Desirable qualifications and experience Broader knowledge and experience within cybersecurity or information security.
Experience working with vendors and commercial or procurement teams.
Experience delivering training and simulations to improve organisational preparedness.
Experience supporting regulatory compliance aligned to industry standards (e.g., SEMD, CAF). Desirable technical skills and qualifications Bachelor’s degree in Computer Science, IT, Cyber Security, or a related field.
Professional certifications such as CISSP, CISM, or CRISC. What’s in it for you? Competitive salary between £68,000 and £78,000 per annum, depending on experience.
Annual Leave - 26 days holiday per year, increasing to 30 with the length of service. (plus bank holidays)
Generous Pension Scheme through AON.
Performance-related pay plan directly linked to company performance measures and targets.
Access to lots of benefits to help you take care of you and your family’s health and wellbeing, and your finances – from annual health MOTs and access to physiotherapy and counselling, to Cycle to Work schemes, shopping vouchers and life assurance.
Read Less
