Cyber Response & Recovery Manager (Remediation)
This role requires current SC or DV clearance, or eligibility and willingness to obtain clearance.
About the role
The Cyber Response & Recovery Manager role will sit within the Cyber Response Services team in KPMG’s Cyber Advisory practice.
Your specific focus will be in the domain of recovery and remediation post incident. Our clients continue to face increasingly destructive cyber threats, particularly ransomware, destructive malware, business email compromise, Active Directory compromise, cloud compromise and advanced network intrusions. In these situations, clients look to KPMG not only to investigate and contain the incident, but also to help them recover securely, rebuild critical services, reduce the risk of reinfection and improve their long-term resilience.
This is a hands-on cyber response and recovery manager role, focused on supporting clients through the most operationally critical phase of a cyber incident: restoring business services safely and securely. The role will work closely with incident response leads, forensic teams, legal advisers, crisis management teams, technology teams and client executives to convert incident findings into practical remediation, rebuild and recovery actions.
As a cyber response recovery manager, you will help clients stabilise their environment, remove attacker persistence, restore identity and infrastructure services, support patching and vulnerability remediation, advise on secure rebuild patterns, review and redesign network architecture, establish isolated recovery environments, and define phased recovery and security improvement roadmaps.
This role is particularly suited to someone with strong hands-on infrastructure, systems administration and cyber security experience, who can operate effectively during high-pressure incidents and provide pragmatic, technically credible advice to clients. The successful candidate should be comfortable working across Windows, Linux, Active Directory, virtualisation, networking, cloud and enterprise infrastructure technologies, and should be able to translate technical remediation requirements into clear recovery plans for both technical and senior stakeholder audiences.
KPMG is one of a small number of Tier 1 incident response providers in the UK. As such, this role provides the opportunity to work on complex, high-profile cyber incidents across a wide range of sectors. You will gain significant experience supporting clients during moments of critical need and will have the opportunity to develop both your technical recovery expertise and incident leadership capability.
When not responding to live incidents, you may support clients with cyber resilience, recovery readiness and post-incident transformation engagements. This may include developing recovery playbooks, designing isolated recovery environments, assessing Active Directory and infrastructure resilience, supporting ransomware recovery planning, reviewing network segmentation, improving backup and restore strategies, and helping clients define cyber security improvement roadmaps.
You will also contribute to the development of KPMG’s own cyber recovery capability, including standard operating procedures, technical recovery playbooks, tooling, automation, lab environments, recovery architecture patterns and team training.
Our clients expect that cyber-incidents will be tackled with urgency, therefore, there is an expectation that you will be flexible in terms of working hours and be on call (on a rotation basis). In addition, you should be prepared to travel on short notice for periods up to 2 or 3 weeks at a time.
Above all, KPMG is looking for someone who is passionate about helping clients recover from cyber incidents in a safe, structured and sustainable way. In return, KPMG is committed to supporting your development, technical growth and progression into senior cyber response and recovery leadership roles.
Why join us?
What will you be doing?
This role is not a pure incident response role. It is a hands-on cyber recovery role focused on helping clients restore services, remediate compromised infrastructure and build stronger security foundations after a cyber incident.
The ideal candidate will combine:
Further responsibilities will include:
The Person
You should have a strong background in cyber-security and incident response. For example: You should be able to guide a client through an unstructured incident response process (such as an advanced network intrusion) – managing resources and defining objectives at each stage of the incident response process; scoping and triage, containment, evidence preservation and extraction, eradication, recovery, forensic analysis and investigation.
Skills we’d love to see/Amazing Extras:
The successful candidate will demonstrate competency in computing and networks as well as in cyber-security either by having the relevant work experience, completed a degree or obtained industry relevant certification. Therefore the qualifications below should be seen as means to demonstrate competency and not as a requirement. The desired skill and qualification is provided below:
Location:
Our core hubs for this role are either:
You must be within commutable distance to one of these locations. Current KPMG policy is 60% of the week with clients or our offices, 40% elsewhere (that can include working from home).
Copyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.