Role Title: Security Incident Manager Duration: contract to run until 30/10/2026 Location: Knutsford, Hybrid 3 days per week onsite Rate: up to £579.60 p/d Umbrella inside IR35 Role purpose / summary As part of the CEP Incident Management Enhancements project, the Security Incident Manager will play a key role in enhancing the ServiceNow SecOps Security Incident Response (SIR) module as a core deliverable of the Runbook Modernisation workstream. This role is focused on implementing, configuring, and operationalising the SIR capability while ensuring incident response processes, runbooks, and tooling align with regulatory expectations and recognised cyber security frameworks. The role combines hands-on ServiceNow SecOps (SIR) implementation responsibilities with the accountabilities of a Security Incident Manager, supporting effective cyber incident response and operational readiness within a regulated financial services environment. Key Responsibilities ServiceNow SecOps (SIR) Implementation and Optimisation Lead the configuration, implementation, and optimisation of the ServiceNow SecOps Security Incident Response (SIR) module.
Ensure the SIR platform supports the end‑to‑end cyber incident lifecycle in line with the organisation’s security incident management operating model.
Configure workflows, playbooks, and integrations to enable consistent, efficient, and auditable incident response.
Support automation and tooling integration to enhance response speed and reduce operational risk.
Security Incident Management and Operating Model Alignment Act as a Security Incident Manager within the implementation context, ensuring processes, runbooks, and tooling support effective incident coordination and decision‑
Ensure alignment with recognised cyber incident response frameworks, including NIST.
Embed governance, risk, and regulatory considerations into incident workflows and response procedures.
Incident Runbook Development and Maintenance Design, develop, and maintain cyber incident response runbooks as part of the runbook modernisation initiative.
Ensure runbooks are practical, actionable, and aligned to ServiceNow SIR workflows and automation.
Apply structured process design approaches in line with recognised modelling standards such as BPMN.
Maintain runbooks to reflect changes in tooling, processes, and regulatory requirements.
Knowledge Transfer and Operational Enablement Deliver knowledge transfer and enablement activities to operational security and incident response teams.
Support adoption of the enhanced ServiceNow SIR capability and updated runbooks.
Produce clear documentation to support operational use, governance, and continuous improvement.
Skills and Experience Essential Proven experience implementing and supporting ServiceNow SecOps Security Incident Response (SIR).
Demonstrated experience operating in or supporting a Security Incident Manager function.
Strong understanding of cyber incident response operating models and frameworks such as NIST.
Strong capability in runbook design, including automation and tooling integration.
Solid process development and documentation skills aligned to frameworks such as BPMN.
Experience working in a regulated financial services environment.
Strong understanding of governance, risk, and regulatory expectations for cyber incidents. Desirable Experience supporting incident management or runbook modernisation programmes.
Familiarity with operational readiness, service transition, and enablement activities." All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply