Global Cyber Incident Response Lead

The Role Canopius is a market ‑ leading cyber insurer with an in ‑ house Cyber Incident Management Team (CIMT) that delivers immediate, expert support to our policyholders during their most critical moments. As an Incident Manager, you’ll be the first point of contact when a client faces a cyber event—whether business email compromise, ransomware, social engineering, data theft, or other attacks. You will triage and lead the response, mobilize our expert panel (forensics, legal, PR, and specialist advisors), and project ‑ manage recovery from containment through restoration, providing calm, clear communication throughout. Operating in a global, follow ‑ the ‑ sun model across Sydney, London, and Chicago, you’ll ensure true 24/7 coverage for new notifications, collaborate closely with our Claims team to support timely coverage assessment, and help clients navigate local legal and regulatory obligations. Sitting at the coal face of live incidents, you’ll also capture structured insights and trends that inform our underwriting, analytics, and ongoing service evolution, all while meeting and exceeding internal SLAs. Responsibilities Own the incident from notification to closure Be the first point of contact for policyholder incident notifications. Rapidly triage, assess severity, and set the response plan and cadence. Orchestrate specialist vendors (IR firms, forensics, legal, PR, ransom advisors), ensuring right‑sized support at the right time. Maintain clear timelines, decisions, and next steps Deliver best in class customer service‑in‑class customer service Provide calm, empathetic guidance under pressure; translate technical issues into clear business impact and options. Set and manage expectations on milestones (containment, restoration, notifications) and costs. Conduct welcome/onboarding calls; explain how to notify, what to expect, and how the IR panel operates. Capture and act on policyholder feedback to continuously improve service. Hit internal SLAs (acknowledgement, triage, vendor mobilization, comms cadence). Operate within a global, 24/7 team model Participate in rota/on call coverage to ensure true follow the sun response. ‑call coverage to ensure true follow‑the‑sun response. Perform structured handovers across regions; maintain accurate case notes and status. Evolve the service offering Contribute to playbook/runbook enhancements and decision trees (e.g., ransomware, BEC, DDoS, data exfil). Recommend panel/vendor improvements and measure vendor SLAs and outcomes. Support content development (guides, FAQs, tabletop scenarios). Collaborate with Claims, Underwriting and Insights & Analytics Partner with the Claims team to ensure smooth coverage confirmation and claim handling. Surface material facts, costs, and causation signals; ensure incident files are complete and timely. Escalate complex matters promptly and appropriately. Sit “at the coal face” of live incidents and distil timely, high-quality insights (threat vectors, controls efficacy, vendor performance, and industry signals). ‑quality insights (threat vectors, controls efficacy, vendor performance, Provide structured post incident summaries and trend themes for underwriters and leadership. ‑incident summaries and trend themes for underwriters and leadership. Ensure precise, consistent capture of incident metadata and outcomes (e.g., root cause, initial access, controls in place, dwell time, MTTA/MTTR, costs). Champion data quality standards; work with Analytics to refine taxonomies and dashboards. Collaborate in delivery of incident preparedness sessions, tabletops, and executive simulations for insureds. ‑deliver incident preparedness sessions, tabletops, and executive simulations for insureds. Feed real world lessons learned into control uplift recommendations. ‑world lessons learned into control uplift recommendations. Skills and Experience A minimum of two years working in the cybersecurity field, ideally with hands ‑ on involvement in incident handling or response activities. Strong foundational knowledge of cyber ‑ attack methods, threat behaviors, and the end ‑ to ‑ end lifecycle of incident response. Demonstrate ability to solve complex problems and make sound judgements quickly, especially when operating in high pressure or fastmoving situations. ‑pressure or fast‑moving situations. Excellent organisational habits with a focus on accuracy and thoroughness in all tasks. Clear and confident communication skills—both written and verbal—with the capability to explain technical issues in an accessible way for non-technical audiences. ‑technical audiences. Basic data skills to partner with Analytics (e.g., Excel/Power BI; familiarity with SQL/Python advantageous). High empathy, composure under pressure, and a service mindset. Salary Range: $70,000 - 84,500 #J-18808-Ljbffr Canopius