Incident and Service Management Specialist (Cybersecurity)

Role Purpose

The Incident and Service Management Specialist is responsible for owning and commanding all major service events across assigned customers, including Major Incidents, Major Changes, Major Releases, and Major Security Incidents.

Acting as the single operational owner on duty, the role ensures effective ground-level execution through disciplined coordination of internal delivery teams and external vendors, while maintaining clear, timely, and confident communication with customers and senior stakeholders during high-impact situations.

This role is not hands-on technical, but requires strong situational awareness, sound operational judgement, and the ability to direct multi-disciplinary teams under pressure. The role plays a critical part in protecting service outcomes, customer confidence, and contractual commitments during major events.

Key Responsibilities

• Assume end-to-end ownership for all major events during assigned duty windows, including:
• Major Incidents
• High-risk / high-impact Changes
• Major Releases and deployments
• Major Security or cyber events
• Act as the single point of command and accountability until event stabilisation and formal handover.
• Initiate, chair, and control war rooms involving internal delivery teams, vendors, and partners.
• Maintain continuous situational awareness and ensure actions remain outcome-focused (service stability, customer impact minimisation).
• Direct and coordinate multi-disciplinary delivery teams across infrastructure, applications, cloud, network, security, and EUC.
• Drive vendor engagement and accountability during major events, including:
• Escalation management
• SLA / OLA risk management
• Timely mobilisation of appropriate vendor resources
• Challenge ineffective responses or delays and ensure focus remains on resolution and customer outcomes.
• Oversee major changes and releases, ensuring:
• Readiness of delivery teams
• Clear rollback and contingency planning
• Controlled execution and communication
• Coordinate with Security Operations for major security incidents
• Lead all customer-facing communications during major events, ensuring:
• Serve as the operational representative of the account, escalating to Account Managers / Executives where required.
• Translate technical information into business-impact language suitable for senior customer stakeholders.
• Ensure post-event customer communications are completed, including summaries, action tracking, and follow-ups. Ensure all major events are documented with clear timelines, decisions, communications, and outcomes.
• Support and coordinate Post-Incident Reviews (PIRs) and major event retrospectives.
• Track corrective and improvement actions through to closure.
• Ensure adherence to contractual obligations, service governance, and organisational policies during major events.

Required Skills and Competencies

• Technical Skills:
• Broad understanding (not hands-on) of enterprise IT environments, including:
• Infrastructure, cloud, network, applications, and security operations
• Ability to understand technical symptoms, dependencies, and risks.
• Familiarity with ITSM tools (e.g., ServiceNow) and structured incident/change processes.
• Communication and Operational Skills
• Exceptional verbal and written communication skills.
• Ability to translate technical issues into clear customer-facing narratives.
• Experience managing customer expectations during service-impacting events.
• Confident engagement with senior customer stakeholders and internal leadership.
• Ability to lead without authority across multiple technical and vendor teams.
• Excellent judgement, prioritisation, and decision-making under pressure.

Qualifications & Experience

• Education / Certifications
• Diploma or Degree in IT, Business, Engineering, or a related discipline.
• ITIL Foundation or equivalent service management knowledge is preferred.
• Security or risk-related certifications are advantageous but not mandatory.
• Optional but advantageous:
• Experience and/or certification in application monitoring tools (e.g., Dynatrace Associate, New Relic, AppDynamics).
• Experience and/or certification in system monitoring tools (e.g., SolarWinds, Dynatrace, Zabbix).
• Basic DevOps-related certifications (e.g., AWS Developer Associate, Azure Developer Associate) if supporting modern apps.
• Firewall vendor certifications (Fortinet NSE, Palo Alto ACE)
• Experience
• 13 years experience in incident management, client success manager, service delivery management.
• Experience supporting enterprise or managed-service customers in multi-vendor environments
• Technical Competency
• Understanding of application components (frontend, backend, API gateway, middleware).
• Familiarity with common application issues (timeouts, dependency failures, code exceptions).
• Ability to interpret basic stack traces or error messages (not hands-on development).
• Ability to interpret common cloud issues (latency, resource limits, region outages).
• Familiarity with cloud networking concepts (VPC, NSG, load balancing).
• Knowledge of Windows/Mac systems, AD authentication, group policies.