Incident Response Director

  • Anywhere
  • Anywhere



PwC is a market leading provider of cyber security services to major organisations worldwide. Our global team of over 4,850 cybersecurity professionals includes specialised consultants, former law enforcement officials, forensic investigators, intelligence analysts, data scientists, legal professionals and industry leaders in cybersecurity and privacy. We are rated as a leader by multiple industry analysts for Global, EMEA and Asia-Pacific Cybersecurity Consulting services.

Our Cyber Incident Response practice is central to this. Our team supports PwC’s clients in crisis across our global network to respond, remediate and recover from cyber attacks. We are accredited by the UK National Cyber Security Centre under the Cyber Incident Response scheme, to respond to sophisticated attacks on networks of national significance. Recent incidents we have responded to include human operated ransomware attacks on some of the world’s largest corporates and state-sponsored intrusions at small NGOs. Now is an exciting time to join the team and help shape and execute ambitious plans over the next 5 years.

Our Cyber Incident Response practice works closely alongside many other of our front-line technical teams to deliver an end to end incident response capability to clients, including our global threat intelligence team, our Managed Cyber Defence threat hunting team and our ethical hacking practice. We also work with PwC’s dedicated crisis coordination team to provide support to clients at all levels of their organisations.


We’re looking for passionate, motivated and experienced incident and crisis leaders. We want team members with a strong technical understanding of how to respond to cyber attacks and assist organisations with remediation and recovery. You should have a proven ability to lead teams investigating intrusions and data breaches, as well as helping senior stakeholders through challenging situations.
We are also looking for leaders excited about being a part of ambitious growth plans, with experience leading practice and capability development, defining innovative strategies for commercial growth, and in mentoring and leading high performing teams.

You will ideally have experience such as:

  • Acting as a trusted advisor to senior stakeholders (CISO, CIO, CTO etc.) in crisis and breach situations, and providing strategy and decision support to enable them to successfully resolve and remediate security incidents, or rapidly recover IT environments after ransomware attacks.
  • Planning and coordination of large-scale security incident response efforts involving multiple parties and teams, aligned to good practice methodologies.
  • Formal line management responsibilities for technical crisis response or investigative teams.
  • Coordinating written and verbal briefings to a variety of audiences, including boards, law enforcement, intelligence agencies, insurers, or legal counsel.
  • A robust understanding of the principles of:
    • digital forensics, technical incident response and remediation/containment strategies;
    • crisis and incident lifecycle management methodologies;
    • enterprise security operations capabilities and tooling;
    • enterprise IT networks and Active Directory;
    • cloud services such as Azure, GCP, and AWS; and,
    • common attacker techniques and associated frameworks (such as MITRE ATT&CK).
  • Familiarity with, or experience delivering, incident readiness and preparedness services, such as tabletop exercises, threat briefings, incident playbooks or runbooks, and capability gap analysis.


  • Lead client engagements across our reactive and proactive incident response services portfolio, acting as the key point of contact for senior client stakeholders, setting direction for the project teams, and being accountable for the technical excellence of our delivery;
  • Provide oversight, challenge and input to capability development, proposition development and thought leadership initiatives;
  • Provide mentoring and oversight to the incident response practice to help the team grow and develop;
  • Act as a leader within PwC’s wider Cyber Security practice, sharing insights gained from responding to incidents and helping other teams win and deliver work;
  • Originate, cultivate and maintain relationships with clients and prospects, and support outreach and business development efforts in collaboration with other teams, such as our Threat Intelligence practice;
  • Develop, enhance or refine the portfolio of incident response services in line with market trends, emerging threats, or opportunities for innovation or market disruption;
    Shape business strategy and its execution, for example through relationships with law firms, insurers, or technology alliance partners; and,
  • Play a key role in PwC’s global incident response community to support knowledge sharing, practice development and to pursue opportunities in collaboration with global colleagues.
  • Help to grow PwC’s reputation in the cyber security market, building trusted relationships with clients and external partners.

We’re a leading provider of trust in the digital world – in the eyes of our people, our clients and our stakeholders. Today’s business environment is different. More complex. More connected. Companies not only face new and unknown risks, but also new and untapped opportunities. Our team is at the forefront of this change, join us to be a part of transforming how risk is perceived and capitalised on.

Not the role for you?
Did you know PwC offer flexible contract arrangements as well as contingent work (ie temporary or day rate contracting)?

The skills we look for in future employees
All our people need to demonstrate the skills and behaviours that support us in delivering our business strategy. This is important to the work we do for our business, and our clients. These skills and behaviours make up our global leadership framework, ‘The PwC Professional’ and are made up of five core attributes; whole leadership, technical capabilities, business acumen, global acumen and relationships.
Learn more here:

The Deal
We want all of our people to feel empowered to be the best that they can be, which is why we have ‘The Deal’.
Find out more about our firmwide Employee Value Proposition:

Valuing Difference. Driving Inclusion.
We work in a changing world which offers great opportunities for people with diverse backgrounds and experiences. We seek to attract and employ the best people from the widest talent pool because creating value through diversity is what makes us strong as a business, enabling us to solve important problems and deliver value to our clients. We encourage an inclusive culture where people can be themselves, are valued for their strengths and are empowered to be the best they can be. As an organisation with an increasingly agile workforce, we also support different ways of working offering flexible working arrangements. Learn more here about our work to support an inclusive culture.

To apply for this job please visit

To apply for this job please visit

Contact us


Related Jobs