Incident Response Manager (Cyber Incident Crisis Lead) Location: Johannesburg (Hybrid/Remote)Type: Permanent | Senior Level About Redherd Redherd is a specialist cybersecurity recruitment and advisory firm working globally with consultancies, MSSPs, and enterprise organisations. We partner with high-performing teams across incident response, DFIR, offensive security, and cyber strategy. About The Client Our client is a specialist cybersecurity consultancy delivering incident response, threat intelligence, and advisory services to enterprise clients across regulated industries. They are known for operating at the sharp end of complex cyber incidents, supporting organisations through high-impact events. Role Overview Our client is seeking an Incident Response Manager to lead the coordination and management of major security incidents. This is not a hands‑on DFIR role, but it does require strong operational leadership and sufficient technical understanding to effectively coordinate technical response teams during high‑pressure incidents. During active incidents, you will act as the incident commander, responsible for coordinating stakeholders, driving decision‑making, managing communications, and ensuring effective response execution under pressure. Outside of incidents, you will support clients in improving their incident management readiness, including tabletop exercises, playbooks, incident management frameworks, and readiness assessments. Key Responsibilities Incident Leadership Act as incident commander during major cyber incidents Coordinate cross‑functional teams including technical responders, executives, legal, regulators, and external stakeholders Manage incident bridges, communications cadence, structured timelines, and decision tracking Maintain action trackers and incident logs throughout investigations Guide clients through containment, response, recovery, and return to business‑as‑usual Support drafting and review of executive and external communications Client Advisory & Readiness Deliver executive and CSIRT tabletop exercises Conduct incident readiness reviews and gap assessments Develop and maintain incident management playbooks, runbooks, templates, and reporting frameworks Support onboarding and ongoing readiness activities for retained incident response clients Internal Capability Development Contribute to the development of incident management methodologies Support training and mentoring of junior incident management team membersImprove internal processes, tooling, and response frameworks Required Experience Proven experience leading or coordinating major incidents end‑to‑end Background may include cyber incident response, IT major incident management, telecoms, aviation, healthcare, military, or emergency services Strong ability to operate in high‑pressure, multi‑stakeholder environments Ability to remain calm, structured, and decisive during crisis situations Sufficient technical literacy to understand and challenge the work of DFIR specialists without performing the investigation directly Ability to interpret and discuss EDR alerts, SIEM outputs, ransomware activity, credential compromise, business email compromise, and cloud‑related incidents Excellent written and verbal communication skills, particularly for executive‑level stakeholders Experience managing incident communications, reporting, coordination processes, and stakeholder updates Nice To Have Familiarity with incident response frameworks such as NIST 800-61 or ISO 27035 Understanding of regulatory environments including POPIA and GDPR Experience in consulting or client‑facing environments Exposure to cyber incident response or DFIR teams Certifications such as SANS LDR553 / GIAC GCIL, GCIH, GCFA, Security+, CEH, or equivalent operational incident management certifications Training or experience related to crisis leadership, incident management, or cyber response coordination Key Profile This role is best suited to individuals who: Thrive in high‑pressure, high‑impact environments Are confident leading senior stakeholders during crisis situations Can bridge the gap between technical teams and executive leadership Have strong organisational and communication skills Are calm, methodical, and decisive under pressure Prefer coordination, leadership, and decision‑making over hands‑on technical investigation #J-18808-Ljbffr