South Africa
Help Centre
Post free ad

Incident Manager (Cyber), Johannesburg

Incident Manager (Cyber), Johannesburg
Description
Incident Response Manager (Cyber Incident Crisis Lead)

Location: Johannesburg (Hybrid/Remote)
Type: Permanent | Senior Level

About Redherd

Redherd is a specialist cybersecurity recruitment and advisory firm working globally with consultancies, MSSPs, and enterprise organisations. We partner with high-performing teams across incident response, DFIR, offensive security, and cyber strategy.

About The Client

Our client is a specialist cybersecurity consultancy delivering incident response, threat intelligence, and advisory services to enterprise clients across regulated industries. They are known for operating at the sharp end of complex cyber incidents, supporting organisations through high-impact events.

Role Overview Our client is seeking an Incident Response Manager to lead the coordination and management of major security incidents.

This is not a hands-on DFIR role, but it does require strong operational leadership and sufficient technical understanding to effectively coordinate technical response teams during high-pressure incidents.

During active incidents, you will act as the incident commander, responsible for coordinating stakeholders, driving decision-making, managing communications, and ensuring effective response execution under pressure.

Outside of incidents, you will support clients in improving their incident management readiness, including tabletop exercises, playbooks, incident management frameworks, and readiness assessments.

Key Responsibilities Incident Leadership

• Act as incident commander during major cyber incidents
• Coordinate cross-functional teams including technical responders, executives, legal, regulators, and external stakeholders
• Manage incident bridges, communications cadence, structured timelines, and decision tracking
• Maintain action trackers and incident logs throughout investigations
• Guide clients through containment, response, recovery, and return to business-as-usual
• Support drafting and review of executive and external communications

Client Advisory & Readiness

• Deliver executive and CSIRT tabletop exercises
• Conduct incident readiness reviews and gap assessments
• Develop and maintain incident management playbooks, runbooks, templates, and reporting frameworks
• Support onboarding and ongoing readiness activities for retained incident response clients

Internal Capability Development

• Contribute to the development of incident management methodologies
• Support training and mentoring of junior incident management team members
• Improve internal processes, tooling, and response frameworks

Required Experience

• Proven experience leading or coordinating major incidents end-to-end
• Background may include cyber incident response, IT major incident management, telecoms, aviation, healthcare, military, or emergency services
• Strong ability to operate in high-pressure, multi-stakeholder environments
• Ability to remain calm, structured, and decisive during crisis situations
• Sufficient technical literacy to understand and challenge the work of DFIR specialists without performing the investigation directly
• Ability to interpret and discuss EDR alerts, SIEM outputs, ransomware activity, credential compromise, business email compromise, and cloud-related incidents
• Excellent written and verbal communication skills, particularly for executive-level stakeholders
• Experience managing incident communications, reporting, coordination processes, and stakeholder updates

Nice To Have

• Familiarity with incident response frameworks such as NIST 800-61 or ISO 27035
• Understanding of regulatory environments including POPIA and GDPR
• Experience in consulting or client-facing environments
• Exposure to cyber incident response or DFIR teams
• Certifications such as SANS LDR553 / GIAC GCIL, GCIH, GCFA, Security+, CEH, or equivalent operational incident management certifications
• Training or experience related to crisis leadership, incident management, or cyber response coordination

Key Profile

This role is best suited to individuals who:

• Thrive in high-pressure, high-impact environments
• Are confident leading senior stakeholders during crisis situations
• Can bridge the gap between technical teams and executive leadership
• Have strong organisational and communication skills
• Are calm, methodical, and decisive under pressure
• Prefer coordination, leadership, and decision-making over hands-on technical investigation

Highlights
  • Company name
    Redherd.io
  • Job position
    Incident Manager (Cyber)
Safety Tips
Be careful with commission-based ’work-from-home’ positions that offer an unrealistically high income.
1 / 10
Related searches
More info about this ad

Incident Manager (Cyber) has been posted in the Johannesburg Other Jobs category on Locanto.

If you’re still wanting to browse, there is so much to explore in the Other Jobs category! Take a look at the ads Business Development in the agricultural space (Healthcare), Johannesburg, General Manager/Operations Manager, Johannesburg and Debtors Team Leader in Johannesburg to discover more of what you’re looking for. Right now, there are 704 classified ads in Other Jobs in Johannesburg on Locanto.

Interested in more? Widen your search to view ads in nearby areas of Johannesburg. This includes Other Jobs in Sandton, Primrose and Alberton. There are more ads within a 15 km radius for this category. If you want to view those ads, click here.