Incident Response Lead

At Tetra Pak we commit to making food safe and available, everywhere; and we protect what's good – protecting food, protecting people, and protecting the planet. By doing so we touch millions of people's lives every day.

And we need people like you to make it happen.

We empower you to reach your potential with opportunities to make an impact to be proud of – for food, people and the planet.

As the face of information security to Cluster and Market Company management, responsible for:

managing information security risks; managing and leading significant information security incidents both globally and at the cluster level; Expertly advising on information security issues and questions within the cluster; driving information security and data privacy awareness and education for the cluster; ensuring compliance on information security and data privacy related matters for the cluster. Responsible for leadnig or managing informaiton security intiative on a global level.

Role and Responsibilities

In this role, you will be part of the ISIRT and Cyber Threat Intelligence team, which falls under the parent group named Security Operations. Working closely with the IR Manager and IR Leads in other time zones, you will be responsible for leading cybersecurity incident management efforts, ensuring quick, effective response and communication. You will guide teams, both internal and external (e.g. suppliers, customers, Managed Security Service Providers, other industry groups, etc) through containment, investigation, recovery, document incident details, and drive continuous improvement via training and tabletop exercises, as well as performing post-incident analysis. This role therefore requires strong coordination, communication, and stakeholder management skills.

Key Responsibilities

• Serving as a point of escalation and incident commander, manage a team of incident responders for ISIRT response and interact with cybersecurity leadership and business stakeholders
• Coordinate and ensure ISIRT incidents are prioritized at all hours of the day
• Implement a cross-functional team of analysts working closely with cybersecurity, IT and developers
• Review ISIRT incidents that may be related to ransomware, host compromise, account compromise, phishing, anomalous user behavior, third parties and data leakage
• Ensure the ISIRT response team is following processes embraced by leadership and adhering to best practices
• Measure and give feedback to the team to improve mean time to respond, key performance indicators (KPIs) and service-level objectives
• Proactively adjust to upcoming company changes affecting the operation to modify ISIRT response processes
• Possess advanced knowledge of attackers' methods of escalation; lateral movement; and tactics, techniques and procedures
• Present incident analysis and trend reporting to leadership, highlighting KPIs
• Review events and process effectiveness and make recommendations for change to leadership
• Require participation in ISIRT tabletop exercises designed to identify gaps, improve skills, enhance communication and engage with key stakeholders
• Oversee IR playbooks, policies, procedures and guidelines to ensure they align with industry best practices
• Collaborate with infrastructure, IT, vulnerability, threat intelligence and application security leads
• Participate in monitoring internal and external events and stay tightly aligned with infrastructure and third-party, hosted, on-premises and end-user systems
• Review and communicate ISIRT incident details from initial investigation through root cause analysis and post-mortem

Technical Skills

• Security Expertise: Over 2 years of experience in IT and/or OT security technologies.
• Security Operations: Hands-on experience in Security Operations Center (SOC) and Information Security Incident Response Team (ISIRT) processes, procedures, and tools.
• Tool Proficiency: Familiar with SIEM, SOAR, EDR, forensic tools, and ticketing platforms.

Non-Technical Skills

• Leadership: Proven ability to lead teams both onsite and remotely.
• Composure Under Pressure: Self-aware and able to remain calm, organized, and collaborative under high-pressure situations; skilled in prioritizing and responding within defined SLAs.
• Communication: Strong written and verbal communication skills across all organizational levels.
• Decision-Making: Excellent judgment and quick decision-making capabilities in complex scenarios.
• Security Knowledge: Solid understanding of threats, vulnerabilities, ISIRT incident response principles, and chain of custody.
• Compliance & Standards: Familiar with industry standards and frameworks including NIST, ISO 27001, NIS 2, and CRA.
• Professional Integrity: Demonstrated track record of integrity, pride in work, curiosity, flexibility, and professionalism.

We Offer You

• A variety of exciting challenges with ample opportunities for development and training in a truly global landscape
• A culture that pioneers a spirit of innovation where our industry experts drive visible results
• An equal opportunity employment experience that values diversity and inclusion
• Market competitive compensation and benefits with flexible working arrangements

Apply Now

If you are inspired to be part of our promise to protect what's good; for food, people, and the planet, apply through our careers page at

If you have any questions about your application, please contact Ephraim Kwa.

Diversity, equity, and inclusion is an everyday part of how we work. We give people a place to belong and support to thrive, an environment where everyone can be comfortable being themselves and has equal opportunities to grow and succeed. We embrace difference, celebrate people for who they are, and for the diversity they bring that helps us better understand and connect with our customers and communities worldwide.