Head of Cyber Security - Incident Response (IR)

We are seeking to onboard a seasoned and highly driven cybersecurity leader for the role of Head – Incident Response (IR) at the Adani Group.

This is a strategic leadership position responsible for strengthening the Group's enterprise-wide cybersecurity posture and driving excellence across incident response, threat management, and support in cybersecurity operations. The role will play a pivotal part in building resilient capabilities, leading high-impact response initiatives, and ensuring preparedness against evolving cyber threats.

At Adani, we are committed to the highest standards of governance, security, and operational excellence. We look forward to engaging with industry experts who can contribute to advancing our cybersecurity maturity and safeguarding our digital ecosystem.

The detailed job description is attached for your reference.

Strategic Roles and Responsibilities

Leadership and Strategy Development:

• Lead enterprise-wide cybersecurity incident response strategy, ensuring alignment with business objectives and organizational risk appetite.
• Act as the primary incident commander for high-severity (P1/P0) cybersecurity incidents, driving decisive action under pressure.
• Define and mature the organization's incident response operating model, playbooks, escalation paths, and KPIs.
• Provide strategic guidance to SOC and security teams to improve detection fidelity, response efficiency, and resilience.
• Present incident posture, trends, and security maturity insights to senior leadership and executive stakeholders.

Risk Management:

• Assess and prioritize cybersecurity incidents based on business impact, threat severity, and operational risk.
• Ensure root cause analysis (RCA) is conducted post-incident to identify control gaps and systemic risks.
• Translate incident learnings into corrective and preventive actions, reducing recurrence risks.
• Support enterprise risk assessments by contributing incident data, threat trends, and exposure insights.
• Coordinate with business units to manage residual risk and track remediation to closure.

Secure Software Development Lifecycle (SDLC):

• Collaborate with application and product teams to integrate incident learnings into secure SDLC practices.
• Provide guidance on incident-driven improvements to secure coding, dependency management, and environment hardening.
• Engage with development teams during security incidents involving applications, APIs, or CI/CD pipelines.
• Support post-incident reviews to strengthen preventive controls across design, development, and deployment stages.

Application Security Testing and Tools:

• Support application-level investigations, including log analysis, attack-path validation, and exploitation assessment.
• Leverage application security testing outputs (SAST, DAST, SCA) to correlate findings with real-world incidents.
• Work with AppSec teams to validate exploitability of vulnerabilities identified during incidents.
• Ensure application-level remediation actions are verified and tracked to closure.

Compliance and Governance:

• Ensure incident response processes align with industry standards and regulatory requirements (NIST, ISO 27001, company policies).
• Maintain and update incident response SOPs, playbooks, and governance documentation.
• Support audits and compliance reviews by providing incident evidence, metrics, and response effectiveness reports.
• Track business unit adherence to incident remediation SLAs and governance requirements.

Incident Response and Threat Intelligence:

• Lead end-to-end incident response activities: detection, triage, containment, eradication, and recovery.
• Work closely with SOC analysts in a 24x7 environment to validate alerts and escalate high-risk threats.
• Perform hands-on investigations using SIEM, EDR, and forensic tools across endpoints, networks, and cloud environments.
• Conduct malware analysis, log correlation, and threat hunting to identify advanced or persistent threats.
• Integrate threat intelligence (IOCs, TTPs, MITRE ATT&CK mapping) into proactive detection and response improvements.

Training and Awareness:

• Mentor SOC analysts and junior incident responders on investigation techniques and response best practices.
• Conduct incident response simulations, tabletop exercises, and post-incident knowledge-sharing sessions.
• Drive continuous skill development across security operations teams.
• Promote a strong incident response culture with accountability and learning focus.

Collaboration with Other Security Teams:

• Partner with SOC, Vulnerability Assessment, Network, Cloud, Application, and Infrastructure teams during incidents.
• Coordinate endpoint-level remediation with IT and infrastructure teams to ensure timely closure.
• Act as a central bridge between security operations and business units during crisis situations.
• Foster cross-team collaboration while enforcing response and remediation accountability.

Tool Selection and Automation:

• Lead or influence selection and optimization of SIEM, EDR, SOAR, and forensic tools.
• Identify opportunities to automate alert triage, incident enrichment, and response workflows.
• Continuously improve tooling coverage and effectiveness based on incident feedback and threat evolution.
• Ensure tools are tuned to reduce false positives while maintaining high detection accuracy.

Vendor and Third-Party Risk Management:

• Coordinate incident response activities involving third-party vendors or service providers.
• Assess security incidents impacting vendors and evaluate downstream business risk.
• Support remediation tracking and compliance verification for third-party incident-related actions.
• Work with procurement and governance teams to incorporate incident response expectations into vendor engagements.

Non‑Negotiable & Role-Critical Requirements:

• 15+ years of cybersecurity experience, with 5+ years in hands-on incident response.
• Proven leadership during high-severity, business-impacting security incidents.
• Strong, practical expertise in SIEM, EDR, malware analysis, and threat hunting.
• Deep understanding of network security, TCP/IP, cloud security, and modern attack techniques.
• Certifications such as GCIH, GCFA, or equivalent are mandatory.
• On-site availability in Ahmedabad (no remote/hybrid flexibility).

People Management

Key Stakeholders - Internal:

• Executive Leadership
• Department Heads
• System Administrators and Operations
• Internal Auditors
• Legal and Compliance
• Security Awareness and Training Teams

Key Stakeholders - External:

• External Security Consultants
• Regulatory and GovernmentBodies
• Contractors and Service Providers
• Customers and Clients
• Insurance Providers
• Industry Peers

Job Profile

Educational Background & Professional Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a closely related technical discipline.
• Advanced degree such as a Master's or MBA in Cybersecurity, Information Assurance, Information Security, or Risk Management is preferred.
• Industry-recognized incident handling and response certifications such as GCIH, GCFA, GCIA, CEH, or CISSP.
• Additional SOC, Threat Hunting, and platform-specific certifications (SIEM, EDR, SOAR tools) are considered a strong advantage.
• Demonstrated proficiency in SIEM platforms, EDR solutions, and forensic analysis tools.
• Hands-on experience with malware analysis, log analysis, threat hunting, and incident investigations.
• Strong foundation in TCP/IP networking, network security architecture, and cloud security principles.
• Working knowledge of leading security frameworks and methodologies, including NIST, MITRE ATT&CK, and ISO 27001.