Incident Response Lead - Global Security

Role Summary

The Incident Response (IR) Lead is accountable for leading and maturing the organization’s detection and response capability, ensuring efficient execution of incident handling, investigation, and recovery activities across Arrive. This role combines operational leadership with strategic oversight, ensuring the IR function remains resilient, scalable, and aligned with the evolving threat landscape. The IR Lead drives day-to-day operations while shaping long-term improvements in processes, tooling, and methodologies.

This includes ensuring incidents are identified, triaged, and resolved in a timely and structured manner, while continuously enhancing detection logic and response playbooks based on lessons learned. This role requires a strong leader who can operate at both technical and strategic levels, bridging security operations with business priorities. The IR Lead is expected to translate incident insights into actionable improvements, strengthen cross-functional collaboration, and provide clear, risk-based communication to stakeholders, including senior leadership.

Reporting to the Sr. Director of Security Operations, the IR Lead plays a central role in strengthening organizational cyber resilience and ensuring a coordinated, intelligence-driven response capability.

To lead and mature Arrive's Incident Response capability, ensuring the efficient handling of security incidents while strengthening overall organizational cyber resilience.

• Own and lead the Incident Response function, including strategy, governance, and operational execution.
• Direct and optimize daily IR operations, ensuring efficient handling of security incidents, escalations, and threat hunting activities.
• Act as the central coordination point during major incidents, ensuring structured response, clear communication, and minimal business disruption.
• Design, maintain, and continuously improve incident response playbooks, workflows, and escalation procedures.
• Review and quality-assure investigations, ensuring consistency in analysis, evidence handling, and decision-making.
• Collaborate with internal teams and external partners to ensure seamless incident management.

• Lead, mentor, and develop the IR team, promoting technical excellence, accountability, and continuous learning.
• Support crisis management activities, including participation in tabletop exercises and real-world incident coordination.
• Ensure alignment with regulatory, legal, and compliance requirements related to incident response and breach handling.

• Drive integration between detection engineering, threat intelligence, and response to enhance overall security effectiveness.
• Threat Intelligence & Hunting:
  Proactively hunt for threats and integrate intelligence to anticipate attacks.
• Develop and refine detection content and rules (e.g., SIEM, EDR) to map against adversary tactics.
• Identify gaps in current capabilities and lead initiatives to enhance tooling, automation, and operational maturity.

• Build and maintain a strong collaboration with all are strategic MSSP and security vendors to enhance security operations and fully utilise available resources and expertise.

• Produce and present executive-level reporting, including incident trends, root cause analysis, and business impact assessments.
• Develop and maintain a repeatable incident orchestration standard to regular security incident tickets.

• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or a related discipline - a plus.
• 10+ years of experience in cybersecurity, with significant hands‑on involvement in Incident Response and Detection & Response functions.
• Demonstrated experience leading and managing IR or SOC teams in complex environments.
• Strong expertise in incident response methodologies, digital forensics, threat hunting, and attacker tactics, techniques, and procedures (TTPs).
• Relevant certifications such as GCIH, GCFA, GSOM, or equivalent industry-recognized credentials -…