openteamtailorhydeparkvp
Incident Response Lead - Global Security
Arrive
LocationŁódź, Stockholm, London
Workplacehybrid
Posted2026-05-12T14:21:31+02:00
Last observed2026-06-13 05:24:42.471256
Job idhydeparkvp-arrive:teamtailor:e838a4bf-77c9-40c5-8d7d-fd82e3ab97e1
We’ve signed up for an ambitious journey. Join us! As Arrive, we guide customers and communities towards brighter futures and more livable cities, it isn’t a challenge just anyone could take on. Luckily, we have something to help us make it happen. Our people and our values. We Arrive Curious, Focused and Together. Just as our entire brand is inspired by the North Star, the shining light leading travelers to their destinations since time began, our values guide us. They help us be at our best. For our customers. For the cities and communities we serve. For ourselves. As a global team, we are transforming urban mobility. Let’s grow better together. Role Summary The Incident Response (IR) Lead is accountable for leading and maturing the organization’s detection and response capability, ensuring efficient execution of incident handling, investigation, and recovery activities across Arrive. This role combines operational leadership with strategic oversight, ensuring the IR function remains resilient, scalable, and aligned with the evolving threat landscape. The IR Lead drives day-to-day operations while shaping long-term improvements in processes, tooling, and methodologies. This includes ensuring incidents are identified, triaged, and resolved in a timely and structured manner, while continuously enhancing detection logic and response playbooks based on lessons learned. This role requires a strong leader who can operate at both technical and strategic levels, bridging security operations with business priorities. The IR Lead is expected to translate incident insights into actionable improvements, strengthen cross-functional collaboration, and provide clear, risk-based communication to stakeholders, including senior leadership. Reporting to the Sr. Director of Security Operations, the IR Lead plays a central role in strengthening organizational cyber resilience and ensuring a coordinated, intelligence-driven response capability. Your Mission To lead and mature Arrive's Incident Response capability, ensuring the efficient handling of security incidents while strengthening overall organizational cyber resilience. Key Responsibilities Security Monitoring & Incident Response Own and lead the Incident Response function, including strategy, governance, and operational execution. Direct and optimize daily IR operations, ensuring efficient handling of security incidents, escalations, and threat hunting activities. Act as the central coordination point during major incidents, ensuring structured response, clear communication, and minimal business disruption. Design, maintain, and continuously improve incident response playbooks, workflows, and escalation procedures. Review and quality-assure investigations, ensuring consistency in analysis, evidence handling, and decision-making. Collaborate with internal teams and external partners to ensure seamless incident management. Leadership & Team Management Lead, mentor, and develop the IR team, promoting technical excellence, accountability, and continuous learning. Support crisis management activities, including participation in tabletop exercises and real-world incident coordination. Ensure alignment with regulatory, legal, and compliance requirements related to incident response and breach handling. Detection Strategy: Drive integration between detection engineering, threat intelligence, and response to enhance overall security effectiveness. Threat Intelligence & Hunting: Proactively hunt for threats and integrate intelligence to anticipate attacks. Develop and refine detection content and rules (e.g., SIEM, EDR) to map against adversary tactics. Identify gaps in current capabilities and lead initiatives to enhance tooling, automation, and operational maturity. MSSP and Security Partners’ Collaboration Build and maintain a strong collaboration with all are strategic MSSP and security vendors to enhance security operations and fully utilise available resources and expertise. Reporting & Commu
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.