Rodeo
ResourcesPartnersSign in

KPMG UK

Cyber Response & Recovery - Manager (Remedian focus)

Manchester
Posted 1 day ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Cyber Response & Recovery Manager (Remediation)

This role requires current SC or DV clearance, or eligibility and willingness to obtain clearance.

About the role

The Cyber Response & Recovery Manager role will sit within the Cyber Response Services team in KPMG’s Cyber Advisory practice.

Your specific focus will be in the domain of recovery and remediation post incident. Our clients continue to face increasingly destructive cyber threats, particularly ransomware, destructive malware, business email compromise, Active Directory compromise, cloud compromise and advanced network intrusions. In these situations, clients look to KPMG not only to investigate and contain the incident, but also to help them recover securely, rebuild critical services, reduce the risk of reinfection and improve their long-term resilience.

This is a hands-on cyber response and recovery manager role, focused on supporting clients through the most operationally critical phase of a cyber incident: restoring business services safely and securely. The role will work closely with incident response leads, forensic teams, legal advisers, crisis management teams, technology teams and client executives to convert incident findings into practical remediation, rebuild and recovery actions.

As a cyber response recovery manager, you will help clients stabilise their environment, remove attacker persistence, restore identity and infrastructure services, support patching and vulnerability remediation, advise on secure rebuild patterns, review and redesign network architecture, establish isolated recovery environments, and define phased recovery and security improvement roadmaps.

This role is particularly suited to someone with strong hands-on infrastructure, systems administration and cyber security experience, who can operate effectively during high-pressure incidents and provide pragmatic, technically credible advice to clients. The successful candidate should be comfortable working across Windows, Linux, Active Directory, virtualisation, networking, cloud and enterprise infrastructure technologies, and should be able to translate technical remediation requirements into clear recovery plans for both technical and senior stakeholder audiences.

KPMG is one of a small number of Tier 1 incident response providers in the UK. As such, this role provides the opportunity to work on complex, high-profile cyber incidents across a wide range of sectors. You will gain significant experience supporting clients during moments of critical need and will have the opportunity to develop both your technical recovery expertise and incident leadership capability.

When not responding to live incidents, you may support clients with cyber resilience, recovery readiness and post-incident transformation engagements. This may include developing recovery playbooks, designing isolated recovery environments, assessing Active Directory and infrastructure resilience, supporting ransomware recovery planning, reviewing network segmentation, improving backup and restore strategies, and helping clients define cyber security improvement roadmaps.

You will also contribute to the development of KPMG’s own cyber recovery capability, including standard operating procedures, technical recovery playbooks, tooling, automation, lab environments, recovery architecture patterns and team training.

Our clients expect that cyber-incidents will be tackled with urgency, therefore, there is an expectation that you will be flexible in terms of working hours and be on call (on a rotation basis). In addition, you should be prepared to travel on short notice for periods up to 2 or 3 weeks at a time.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Above all, KPMG is looking for someone who is passionate about helping clients recover from cyber incidents in a safe, structured and sustainable way. In return, KPMG is committed to supporting your development, technical growth and progression into senior cyber response and recovery leadership roles.

Why join us?

  • One of only nine UK Tier 1 incident response providers
  • Access to nationally significant incidents
  • Exposure across government and critical infrastructure
  • Investment in certifications and training
  • Opportunity to shape a rapidly growing capability

What will you be doing?

This role is not a pure incident response role. It is a hands-on cyber recovery role focused on helping clients restore services, remediate compromised infrastructure and build stronger security foundations after a cyber incident.

The ideal candidate will combine:

  • Deep infrastructure and systems administration experience.
  • Strong cyber security and incident response understanding.
  • Hands-on remediation and recovery capability.
  • Active Directory, Windows, Linux and network architecture expertise.
  • The ability to lead technical workstreams during high-pressure incidents.
  • The ability to define and execute short, medium and long-term security roadmaps.

Further responsibilities will include:

The Cyber Response Recovery Manager will be responsible for leading and supporting cyber recovery workstreams during active cyber incidents and post-incident remediation programmes. Responsibilities will include:

  • Lead cyber recovery workstreams during major incidents, working closely with incident response, forensic, client IT, legal, insurer and senior stakeholder teams, translating incident findings into clear remediation and recovery actions.
  • Deliver hands-on remediation across enterprise environments, including Active Directory recovery and hardening, Windows/Linux systems, network, cloud, endpoint and security tooling, with a focus on removing attacker persistence and restoring trust.
  • Drive patching and vulnerability remediation activities, prioritising actions based on business risk, threat actor behaviour and incident context.
  • Review and redesign network architecture and security controls, including segmentation, firewall rules, and administrative access pathways, to reduce reinfection risk and improve resilience.
  • Establish and support secure recovery environments and rebuild strategies, including isolated environments, backup validation, restore sequencing, and secure restoration of business-critical services.
  • Define and execute phased recovery and transformation plans, including immediate stabilisation, structured remediation, and security improvement roadmaps and rebuild standards.
  • Manage end-to-end delivery of recovery engagements, including stakeholder communication, project management, reporting, proposals, capability development, and mentoring junior team members.

The Person

You should have a strong background in cyber-security and incident response. For example: You should be able to guide a client through an unstructured incident response process (such as an advanced network intrusion) – managing resources and defining objectives at each stage of the incident response process; scoping and triage, containment, evidence preservation and extraction, eradication, recovery, forensic analysis and investigation.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

A broad understanding of the cyber security threat landscape. Strong technical background in computers and networks, and programming skills. Significant and proven experience of dealing with cyber security incidents and associated response measures. Experience of managing a rapid deployment incident response team. Excellent interpersonal, written and communication skills. Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques. A genuine interest and desire to develop and mentor junior team members. Strong attention for detail and the ability to manage multiple simultaneous cases.

Skills we’d love to see/Amazing Extras:

The successful candidate will demonstrate competency in computing and networks as well as in cyber-security either by having the relevant work experience, completed a degree or obtained industry relevant certification. Therefore the qualifications below should be seen as means to demonstrate competency and not as a requirement. The desired skill and qualification is provided below:

  • Excellent communication skills (both written and oral) and project management skills.
  • Strong hands-on experience across enterprise infrastructure, including Windows Server, Active Directory, Linux, networking, and cloud environments (e.g. Azure, AWS, Microsoft 365), with the ability to operate at a systems administrator level during recovery scenarios.
  • Proven experience supporting cyber incident recovery, including ransomware, Active Directory compromise, network intrusion, or large-scale infrastructure incidents, with the ability to translate incident findings into practical remediation and recovery actions.
  • Demonstrated capability in leading and executing remediation activities, including identity and Active Directory hardening, patching and vulnerability remediation, secure system rebuild, backup validation, and restoration of business-critical services.
  • Solid understanding of network architecture and security, including segmentation, firewall design, administrative access paths, and the ability to review and redesign environments to reduce reinfection risk and improve resilience.
  • Experience developing and delivering structured recovery plans, remediation trackers, and security roadmaps aligned to immediate recovery, medium-term stabilisation, and long-term transformation.
  • Strong stakeholder management and communication skills, with the ability to engage both technical and executive audiences, manage high-pressure situations, and produce clear, high-quality deliverables and reporting.
  • Effective project and delivery management capability, including scoping, prioritisation, financial oversight, and managing multiple workstreams during complex, time-sensitive cyber recovery engagements.

Location:

Our core hubs for this role are either:

  • London (Canary Wharf); or
  • Manchester (St Peter’s Square).

You must be within commutable distance to one of these locations. Current KPMG policy is 60% of the week with clients or our offices, 40% elsewhere (that can include working from home).

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Cyber Incident Recovery
Active Directory Hardening
Infrastructure Remediation
Network Architecture
Stakeholder Management
Vulnerability Remediation
Cloud Security
Incident Response Leadership
Project Management
Systems Administration
Secure Rebuild Patterns
Backup Validation

Location

Manchester, England, United Kingdom

Sign up to applySee more jobs like this