We are seeking an Incident Response Lead to lead on the University’s cybersecurity incident response and operational resilience efforts. The postholder will be responsible for the development and adoption of a University wide standardised approach to Incident Response, advancing the University’s capability to manage cyber incidents effectively, and thereby protecting our students, staff, research, and contractual obligations. Based within the Information Security team, you will be the sole Incident Response Lead, providing direction and knowledge to navigate and effectively handle incidents.

You will ensure effective incident management by overseeing the effective coordination and escalation across internal departments while engaging with external stakeholders, vendors, and UK authorities such as the National Cyber Security Centre (NCSC) .

This is an exciting opportunity for a proactive professional to shape and strengthen the University’s approach to cyber incident management.

Job  Purpose

The Incident Response Lead will lead on the University’s/Information Security’s response to operational resilience incidents (cyber) as well as the University’ engagement with external stakeholders and vendor engagement. The lead will be expected to engage with a range of internal stakeholder to ensure appropriate escalation and coordination between functional groups/departments. You will be familiar with and expected to engage with UK authorities including National Cyber Security Centre (NCSC) and others.

Aside from coordination and engagement of stakeholders, the post will also lead on the development of an incident response framework as part of the university’s’ continuous improvement to its resilience.

Main Duties and Responsibilities

*         Lead and mature Incident Policy and Response.

*         Lead and support the University’s’ response to operational resilience incidents reported to us by regulated firms; including Critical Third Parties.

*         Lead on operational desktop simulation and engage with key stakeholders to action effectively.

*         Development of an incident response framework including accountability. Support stakeholders to own roles and understand their responsibility.

*         Review and continually update disaster recovery and business continuity plans for the incident response function.

*         Identifying new standards and ensuring the university keep relevant playbooks in relation to incident response and ensuring key stakeholders are engaged and implementing/responding effectively.

*         Develop a record/tracking mechanism in conjunction with the risk and governance analyst

*         Provide upstream and downstream reporting and updates on major incidents to appropriate authorities and to staff, students and senior stakeholders.

*         Liaise with existing Information Security team members and provide Incident response SME coaching and mentoring techniques.

*         Lead and support incident review processes for operational resilience incidents, developing the maturity of the university’s response.

*         Leading strategic analysis of incidents for portfolios arising from cyber-attack or technology disruptions and liaise with the risk and governance analyst to convey this through regular reporting.

Knowledge, Qualifications, Skills and Experience

Knowledge/Qualifications

Essential:

A1 Scottish Credit and Qualification Framework level 9,10 or 11 (Ordinary/Honours Degree, Post Graduate Qualification), or equivalent, including being professionally qualified in relevant discipline, with a broad range of professional experience in a management role(s).

OR Ability to demonstrate the competencies required to undertake the duties associated with this level of post, having acquired the necessary professional knowledge and management skills similar or number of different specialist roles.

A2 Extensive knowledge and understanding of Resilience and Incident Management and Response.

A3 Excellent knowledge of governance and assurance best practices.

Desirable:

B1 Accreditation Incident Management or relevant experience.

B2 Appreciation of all areas of technology and accompanying disciplines (architecture, development etc).

B3 Knowledge of information and cyber security concepts, processes and industry best practices.

Skills

Essential:

C1 Demonstrable track record of coordinating fast paced incidents and engaging stakeholders effectively.

C2 Proven ability to summarise incident control effectiveness and present suggesting improvements.

C3 Demonstrable track record of assessing priorities and managing own workload effectively.

C4 Excellent interpersonal skills: with ability to communicate and liaise effectively with other technical specialists, business stakeholders on complex problems and to provide clear and informative explanations.

C5 Excellent communication skills being able to influence stakeholders.

C6 Produce clear and concise assessments of security incidents and associated risks and explaining technical subject matter to a non-technical audience.

C7 Use considerable judgment, lateral thinking and discretion to provide professional, specialised innovative and practical solutions based on knowledge and experience.

Experience

Essential:

E1 Track record of motivating, leading and delivering through others.

E2 Demonstrable experience of assessing operational resilience capabilities.

E3 Broad experience across a number of technology & cyber resilience management domains.

E4 Exposure to and understanding of resilience management frameworks (e.g. NIST).

E5 Exceptional analytical capability with appropriate application of judgement and diligence; can demonstrate taking pride in work and ensuring it is of the highest standard.

E6 Excellent interpersonal skills with evidence of team working, confidence and credibility, and an ability to interact effectively with a range of stakeholders.

E7 Track record of being able to respond to fast moving incidents, including providing briefings to seniors.

E8 Excellent judgement and attention to detail, including under time pressure.

E9 Developing resilience improvement strategies.

E10 Coordinated Desktop simulation with key stakeholders.

Desirable:

F1 Experience of working in educational or public sector institutions.

F2 Experience of partnering with supplier and contract management and dealing with major incidents.

F3 Experience of working at a large establishment with multi hierarchical functions/teams.

Informal enquiries should be directed to Danielle Cairns, Cyber Risk and Assurance Manager,  Danielle.Cairns@glasgow.ac.uk

https://www.gla.ac.uk/explore/jobs/appointments/securityrecruitment/

Terms and Conditions

Salary will be Grade 8, £49,559 - £57,422 per annum.

This post is full time (35 hours per week) and open ended. Relocation assistance will be provided where appropriate.

As part of Team UofG you will be a member of a world changing, inclusive community, which values ambition, excellence, integrity and curiosity.

As a valued member of our team, you can expect:

1 A warm welcoming and engaging organisational culture, where your talents are developed and nurtured, and success is celebrated and shared.

2 An excellent employment package with generous terms and conditions including 41 days of leave for full time staff,  pension , benefits and discount packages.

3 A flexible approach to working.

4 A commitment to support your  health and wellbeing.

We believe that we can only reach our full potential through the talents of all. Equality, diversity and inclusion are at the heart of our values. Applications are particularly welcome from across our communities and in particular people from the Black, Asian and Minority Ethnic (BAME) community, and other protected characteristics who are under-represented within the University. Read more on how the University promotes and embeds all aspects of equality and diversity within our community  here.

We endorse the principles of  Athena Swan and hold bronze, silver and gold awards across the University.

We are investing in our organisation, and we will invest in you too. Please visit our website  https://www.jobs.gla.ac.uk/benefits-salary-and-flexible-working for more information.

Closing date : 27 June 2025 @23:45