We are seeking a Partner-grade Cyber and Digital Forensic Investigations practitioner to join our client in Sydney. The ideal candidate will hold senior incident-response and digital-forensics credentials with at least 15 years of relevant experience, the most recent 3+ years at Partner, Managing Director or equivalent practice-leadership level, and a market reputation as an incident-command and threat-attribution authority under APRA / OAIC / ACSC scrutiny. The successful candidate will have a portable book of senior client and law-firm-partner relationships, a sustained personally-originated cyber-investigations revenue track record, and the brand presence to lead a cyber-investigations practice in the Sydney market. They will be responsible for taking incident commander positions on the most complex bet-the-company breaches, leading the highest-profile cross-jurisdictional matters end to end, originating and growing breach-coach and CISO-advisory mandates, and setting practice strategy on AI-assisted DFIR governance, hiring, pricing and methodology.

Confidential Client. Applying to this position means that you are interested to have an initial confidential discussion about how we can help you to identify and join a new cyber and digital forensic investigations practice at Partner level. With your authorisation we will exclusively run the entire application and recruitment process for you, keeping you apprised at every step. With over 30 years' combined experience of helping the most talented cyber-investigations practitioners to make safe exits to launch rewarding new careers, we have the experience, network and ability to help you.

Key Responsibilities:

• Take incident commander or technical lead positions on the most complex bet-the-company cyber matters - high-stakes, often privileged, often regulator-and-class-action-facing engagements running AUD 2m - 18m+ in fees - with full P&L responsibility for the cyber-investigations engagement portfolio.
• Originate, win and grow Partner-instructed breach-coach and cyber-investigations mandates by carrying a portable book of senior relationships at General Counsel, CISO, Chief Risk Officer and Chief Compliance Officer level, and at relevant law firm partner level.
• Convert reactive case work into multi-year retainer engagements covering incident-response retainer, managed-detection-and-response (MDR), threat-hunting, tabletop-exercise programmes, CISO-advisory work and SOCI-Act / APRA-CPS compliance-advisory work; build the practice's standing-retainer book.
• Take signed-off authority positions on threat-actor attribution, root-cause findings, ransomware-payment governance under the Cyber Security Act 2024 reporting framework and AI-assisted DFIR doctrine on bet-the-company matters; serve as cyber-investigations Partner before APRA, OAIC, ACSC, ASD, AUSTRAC and the Federal Court of Australia where required.
• Lead the most complex multi-jurisdictional incidents - notably APAC-wide hyperscaler-cloud compromises, supply-chain attacks against SOCI-Act CII operators, and nation-state-aligned intrusions - across host / network / cloud / memory forensics depth.
• Set the practice's strategy on tooling adoption (such as Splunk / Sentinel / Falcon / Defender stacks and the AI-assisted DFIR frontier), hiring, pricing and market positioning; shape the firm's incident-command doctrine and signed-off declaration practice.
• Build the practice's external IP and brand presence on cyber-investigations themes through published thought leadership and conference-level speaking engagements; pursue and maintain SANS, ISACA, FIRST and AISA Director-level positioning where applicable.
• Hire, develop, mentor and advocate for the practice staff - Senior Directors, Directors, Senior Managers and the wider bench - championing advancement at firm-wide promotion rounds, sponsoring sustained upskilling on emerging methodology and AI tooling, and shaping their external profile-building. Contribute to firm strategy beyond the cyber-investigations sub-practice.

Required Qualifications and Skills:

• Multiple senior incident-response and / or digital-forensics credentials, such as GCFA plus GREM plus CISSP, or GNFA plus GCIH plus CISM plus an offensive-security credential (OSCP / CRTO) - the recognised stacking pattern at Partner level.
• At least 15 years of relevant experience in cyber investigations, incident response or digital forensics, with the most recent 3+ years at Partner, Managing Director or equivalent practice-leadership level.
• Demonstrable track record of leading the most complex regional cyber-investigations matters with full P&L accountability and signed-off threat-attribution and root-cause positions under APRA / OAIC / ACSC regulator review and class-action proceedings.
• Demonstrable, sustained, personally-originated cyber-investigations revenue track record. Sydney market guide: AUD 2m - 4m+ annually originated on cyber-investigations and breach-coach work, calibrated to the engaging firm.
• Portable senior client relationships at General Counsel, CISO, Chief Risk Officer, Chief Compliance Officer and Audit Committee Chair level, and at relevant law firm partner level (cyber and data-breach practice, regulatory enforcement, white-collar crime, internal-investigations and class-action / privacy-litigation practices) who refer and instruct cyber-investigations work - credibly portable subject to non-compete and non-solicit posture; named accounts with multi-year history are the strongest evidence.
• Experience running a cyber-investigations sub-practice or country-team P&L: revenue, utilisation, gross margin, partner-time leverage, hire-and-promote responsibility, tooling and licensing strategy.
• Authority on the Australian cyber-incident framework: APRA prudential standards on information security and operational risk, the Security of Critical Infrastructure (SOCI) Act 2018 and 2022 amendments including critical-infrastructure-asset class obligations, the Cyber Security Act 2024 and Cyber Incident Review Board, the Privacy Act 1988 NDB scheme at post-2024 Optus / Medibank enforcement-pattern depth, ACSC critical-infrastructure reporting obligations, and the ASD / ACSC Essential Eight maturity model.
• Cross-border fluency on US incident-response practice (FTC, SEC cyber-disclosure rules, FBI IC3 referral), EU NIS2 and GDPR Article 33-34 breach notification, UK NCSC and ICO breach reporting, Singapore CSA / IMDA / MAS / PDPC, Hong Kong HKMA Supervisory Policy Manual on operational resilience / SFC / PCPD, and PRC CSL / DSL / PIPL data-export sequencing.
• Familiarity with industry-standard DFIR tooling at Partner-policy depth, including SIEM (Splunk, Sentinel, QRadar, Elastic), EDR (CrowdStrike, SentinelOne, Carbon Black, Defender), forensic-imaging (EnCase, Magnet Axiom, X-Ways, FTK), memory-analysis (Volatility, Rekall), network-forensics (Wireshark, Zeek, Arkime), and reverse-engineering (IDA Pro, Ghidra, x64dbg).
• Realistic engagement on notice periods and non-compete / non-solicit obligations given the senior nature of the move and the relationship-led nature of the practice.

Preferred Experience:

• Offensive-security stacking (such as OSCP, OSCE, CRTO or CRTP) for Partners whose practice covers adversary-emulation and breach-and-attack-simulation work.
• Australian Government security clearance (NV1 or above) for Partners engaging on government and defence sector matters.
• Authoring or co-authoring credit on FIRST, ENISA, MITRE, SANS or AISA publications.
• Postgraduate qualification: Master's in computer science, information security, digital forensics, MBA, or LLM with cyber-law / privacy / regulatory relevance.
• Visible market profile in the Australian / Trans-Tasman cyber-investigations community: published author, conference speaker, recognised authority on incident-command or attribution, named in legal directories and industry rankings.
• Track record of testifying or signed-off declaration on cyber-investigations issues in Australian-court, arbitration or APRA / OAIC regulator proceedings.
• Demonstrable conversion of one-off breach-response engagements into multi-year incident-response retainer and CISO-advisory work.
• Visible thought leadership on the AI developments reshaping cyber and digital forensic investigations and a documented growth-mindset operating posture: candidates who set the practice direction on tooling adoption (such as AI-assisted DFIR via CrowdStrike Charlotte AI or Microsoft Sentinel Copilot, prompt-injection defence, AI-system-compromise investigations, or LLM-aided malware-analysis triage under APRA CPS 234 / SOCI Act expectations), advocate for and develop their practice staff on emerging methodologies, and have a track record of upskilling-programme delivery within the sub-practice.

Compensation:

Partner-level package commensurate with origination, portable book and seniority. Includes base, profit-share / partnership-distribution, equity participation and long-term incentive arrangements.

Next Steps:

This opportunity is open to Australian citizens, permanent residents and qualified candidates with relevant Australian work-rights status who match the above criteria. Please apply to receive prompt confidential contact from an experienced and specialist cyber and digital forensic investigations recruitment Partner.

Search & Counsel is a trading style of Feltan Associates Pte Ltd; an international Executive Search, Recruitment and Consulting business based in Singapore, licensed and regulated by the Singapore Ministry of Manpower to conduct recruitment services for clients. UEN: 202225620G. EA Licence 23S1672. All rights reserved.