Cyber Security Consultant - Incident Management

T00:00:00.000Z

London

Capabilities: full

Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people‑centred, safe, and designed for the future.

Our human touch sets us apart from other consultancies, system integrators and software houses – with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet.

We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them.

Predominantly focused on the public‑sector, Methods is now building a significant private sector client portfolio.

Methods was acquired by the Alten Group in early 2022.

This role sits at the intersection of incident response, governance, and risk management. Rather than operating solely as a technical responder, you will focus on how incidents are managed, assured, reported, and improved across the organisation.

You’ll support clients in designing, operating, and assuring incident response frameworks that stand up to regulatory scrutiny, audit, and real‑world pressure.

Think "Are we responding correctly, consistently, and defensibly?" not just "Is the alert closed?"

• Define and maintain incident response policies, playbooks, and escalation models
• Ensure incidents are classified, handled, and closed in line with organisational risk appetite
• Act as a governance point of contact during significant cyber incidents

• Assess incidents for control failures, systemic risk, and regulatory impact
• Map incident response activities to frameworks such as NIST, ISO/IEC 27001, and organisational risk policies
• Support audits, assurance reviews, and post‑incident evidence packs

• Lead or support lessons‑learned reviews and root‑cause analysis
• Translate technical findings into risk, control, and governance outcomes
• Track remediation actions and ensure they are owned, prioritised, and delivered

• Brief senior stakeholders on incident impact, response posture, and residual risk
• Produce clear, defensible reporting suitable for boards, regulators, and auditors
• Bridge the gap between SOC teams, technical specialists, risk, and leadership

• Cyber security, incident management, risk, assurance, or GRC background
• Experience working with or alongside SOC / IR teams (without needing to live on shift)
• Exposure to regulated or high‑assurance environments (public sector, finance, critical services, etc.)

• Strong understanding of incident response lifecycle from a governance perspective
• Ability to translate technical incidents into business risk and control language
• Familiarity with security and risk frameworks (NIST, ISO 27001, CAF, etc.)
• Confident producing documentation that survives audit without inducing migraines

• Calm under pressure, structured in chaos
• Comfortable saying "this is a governance issue" when everyone else says "just fix it" Naturally curious about why incidents happen

This role will require you to have or be willing to go through Security Clearance. As part of the onboarding process candidates will be asked to complete a Baseline Personnel Security Standard; details of the evidence required to apply may be found on the government website  If you are unable to meet this and any associated criteria, then your employment may be delayed, or rejected.

Details of this will be discussed with you at interview.

Methods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy.

• Autonomy…