Conduit

ArmstrongAdams

Rising
www.nccgroup.com

ArmstrongAdams provides Information risk management solutions.

Open roles
57

Company signals

Score: 72
Stale listings 0% GitHub org Yes GitHub stars 44,824 New cities (90d) 4 Buzzword-heavy listings 59% HN mentions (90d) 6 Growth-mode language 0% SEC Form D filed never

Job facts

Location
Hybrid · GBR Manchester Hardman Boulevard
Workplace
Hybrid
Type
Full-time
Department
Cyber Services and Capabilities

Last verified live 6 hours, 11 minutes ago · checked directly on the company's Pinpoint

Applications powered by
Pinpoint
Apply to this job

Director, Digital Forensics & Incident Response (Global)

at ArmstrongAdams


(Open to Associate Director with progression path to Director)

The purpose of this role is to lead NCC Group’s global Digital Forensics and Incident Response (DFIR) capability, ensuring effective preparedness, response, recovery, and continuous improvement across cyber incident management and forensic investigations. The global DFIR team will consist of regionally distributed colleagues, delivering a consistent, scalable, and market-leading service that protects client assets, reputation, and business operations. The role is responsible for setting strategic direction, driving operational excellence, evolving people, process and technology capabilities, and supporting commercial growth through the conversion of incident response engagements into ongoing security service opportunities.

The Director, DFIR will be responsible for ensuring robust cyber resilience capabilities, overseeing major cyber incidents, maintaining advanced forensic practices, and ensuring the function remains aligned with changing client requirements, regulatory obligations, and emerging cyber threats. The role also serves as a senior leader within the Cyber Intelligence and Response business, influencing stakeholders and driving continuous service improvement.

A key part of the role is engaging and collaborating with leaders across NCC Group to achieve the following ambitions:

  • Define and execute a global DFIR strategy aligned to business priorities and risk appetite.
  • Strengthen cyber incident preparedness, response, and recovery capabilities.
  • Develop and scale advanced digital forensic capabilities across endpoint, network, and cloud environments.
  • Embed lessons learned from incidents, exercises, and reviews into continuous improvement initiatives.
  • Drive operational excellence through effective capacity planning, resource management, and performance measurement.
  • Support business growth by identifying opportunities to transition incident response engagements into long-term security services.

Key Responsibilities

  • Lead the global DFIR function, ensuring effective delivery of digital forensics and incident response services across multiple regions.
  • Define and execute the global DFIR strategy, ensuring alignment with business objectives, client needs, and organisational risk appetite.
  • Manage regional performance through effective resource planning, utilisation management, and alignment to revenue forecasts and delivery demand.
  • Implement clear measures of capacity, utilisation, and operational performance to optimise scalability and efficiency.
  • Drive effective offshoring strategies that balance quality, efficiency, and cost.
  • Oversee the management of major cyber incidents and act as the senior escalation point during high-severity events.
  • Ensure coordinated incident response across technical teams, business leadership, clients, and external stakeholders.
  • Drive effective containment, remediation, recovery, and post-incident review activities.
  • Lead the development of advanced forensic capabilities across endpoint, network, cloud, and emerging technology environments.
  • Ensure forensic readiness, evidential integrity, and compliance with legal and regulatory requirements.
  • Maintain incident response plans, playbooks, and testing programmes through simulations and exercises.
  • Partner with Legal, Risk, Compliance, and senior business stakeholders to meet regulatory and client obligations.
  • Define, measure, and report on key operational KPIs, including quality, responsiveness, accuracy, and customer satisfaction.
  • Build, mentor, and lead a high-performing, diverse, and globally distributed DFIR organisation.
  • Foster a culture of innovation, collaboration, continuous learning, and operational excellence.
  • Represent NCC Group externally through industry forums, conferences, and customer engagements, demonstrating thought leadership in DFIR and cyber resilience.

Skills, Knowledge & Expertise

  • Extensive experience leading Digital Forensics and Incident Response (DFIR) teams within complex cyber security environments.
  • Proven experience developing and executing global operational strategies aligned to business objectives.
  • Strong experience managing large-scale cyber incidents, breaches, and crisis response activities.
  • Expertise in digital forensics across endpoint, network, cloud, and hybrid environments.
  • Experience building, developing, and retaining high-performing technical teams across multiple geographies.
  • Strong process improvement and operational transformation experience.
  • Experience managing budgets, forecasting demand, and optimising resource allocation.
  • Ability to influence and communicate effectively with executive stakeholders, clients, regulators, and technical teams.
  • Strong written and verbal communication skills, with the ability to translate complex cyber security concepts into business-focused language.
  • Experience leading organisational change and technology transformation initiatives.

Desirable Skills

  • Experience within Managed Security Services (MSSP) or large-scale cyber security consulting environments.
  • Experience supporting commercial growth, sales enablement, and service expansion opportunities.
  • Strong knowledge of current cyber threat trends, regulatory requirements, and industry best practices.
  • Active participation in industry forums, conferences, or recognised cybersecurity communities.

Job Benefits

What do we offer in return?

We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:

  • Flexible Working: Balance your work and personal life with our flexible working options.
  • Enhanced Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
  • Medicash & Critical Illness Scheme.
  • Financial & Investment Benefits: Pension, Life Assurance, and Share Save Scheme.
  • Community & Volunteering Programmes.
  • Green Car Scheme.
  • Cycle to Work Scheme.
  • Special Time Off for important life events.
  • Enhanced Family Planning, Maternity, and Paternity Support.