• Duration: 6 Months
• Day Rate: £560/day inside IR35
• Location:Knutsford - Hybrid working 2-3 days onsite

Role Overview

As part of the CEP Incident Management Enhancements project, this role focuses on the enhancement and operationalisation of the ServiceNow SecOps Security Incident Response (SIR) capability. The position combines hands-on platform implementation with Security Incident Management responsibilities, supporting the Runbook Modernisation workstream within a regulated financial services environment.

The role ensures that cyber incident response tooling, workflows, and processes are robust, automated where possible, and aligned to industry-standard frameworks and regulatory expectations.

Key platform exposure will be within ServiceNow, specifically the SecOps Security Incident Response module.

Key Responsibilities

1. ServiceNow SecOps (SIR) Implementation & Optimisation

• Lead configuration, implementation, and optimisation of ServiceNow SecOps Security Incident Response (SIR).
• Design and maintain end-to-end incident lifecycle workflows aligned to the organisations operating model.
• Configure playbooks, workflows, and integrations to ensure consistent, auditable incident handling.
• Support automation initiatives to improve response speed and reduce operational risk.

2. Security Incident Management & Operating Model Alignment

• Act as a Security Incident Manager within the implementation context.
• Ensure incident response processes support effective triage, coordination, escalation, and decision-making.
• Align incident response practices with cyber security standards including National Institute of Standards and Technology guidance.
• Embed governance, risk, and compliance requirements into incident workflows.

3. Runbook Development & Modernisation

• Design, develop, and maintain cyber incident response runbooks as part of the modernisation programme.
• Ensure runbooks are actionable, standardised, and aligned to ServiceNow SIR workflows.
• Apply structured process modelling principles aligned with Business Process Model and Notation (BPMN).
• Maintain documentation to reflect tooling, process, and regulatory changes.

4. Knowledge Transfer & Operational Enablement

• Deliver training and knowledge transfer to operational security and incident response teams.
• Support adoption of enhanced SIR capabilities and updated runbooks.
• Produce high-quality operational documentation to support service continuity and improvement.

Skills & ExperienceEssential

• Proven experience implementing and supporting ServiceNow SecOps Security Incident Response (SIR).
• Experience operating as, or closely supporting, a Security Incident Manager.
• Strong understanding of cyber incident response frameworks (including NIST).
• Experience designing incident runbooks, workflows, and automation-driven processes.
• Strong process design and documentation capability (BPMN or equivalent).
• Experience working within regulated financial services environments.
• Strong understanding of governance, risk, and compliance in cyber incident management.

Desirable

• Experience supporting incident management transformation or runbook modernisation programmes.
• Familiarity with service transition, operational readiness, and enablement activities.
• Experience integrating security tooling within enterprise ServiceNow environments.

If this matches your skills and experience, please apply today!