Director of Response, Hong Kong

About Blackpanda

Blackpanda is a Lloyd's of London–accredited insurance coverholder and Asia's leading local cyber incident response firm, delivering end-to-end digital emergency support across the region. We are pioneering the A2I (Assurance-to-Insurance) model in cybersecurity — uniting preparation, response, and insurance into a seamless pathway that minimizes financial and operational impact from cyber attack.

Through expert consulting services, response assurance subscriptions, and innovative cyber insurance, we help organisations get ready, respond, and recover from cyber attacks — all delivered by local specialists working in concert. Our mission is clear: to bring complete cyber peace of mind to every organisation in Asia, from the first moment of breach through full recovery and beyond.

How We Work

Blackpanda is a tech-enabled services team. We invest heavily in AI and are constantly pushing to do better, faster, and at scale. You are given freedom to use the approved tools in the team, but you are to take ownership of outcomes. We prefer smart work over hard work, welcome good ideas regardless of where they come from, and have deliberately kept red tape out of the way of innovation. If you want to join a team building the best response practice in Asia — and shaping the tools and methods that get us there — you'll be in good company.

Your Mission: Director of Response, Hong Kong

Reporting to the Head of Operations, the Director of Response leads Blackpanda's Cyber Incident Response practice in Hong Kong — growing the local team, owning client relationships, and serving as our senior technical authority on the ground.

This is a leadership role for an operator who has lived through real incidents and can bring clarity, calm, and direction when organisations are at their most exposed. You will still take the lead on select engagements where your seniority is required, but your primary job is to scope work, guide consultants, grow the bench, and represent Blackpanda in the Hong Kong market — in lockstep with the wider global team.

Core Responsibilities

Local Leadership and Team Development

• Grow and retain the Hong Kong response team — hiring, developing, and building a bench capable of handling the full spectrum of incidents in the local market.
• Mentor consultants in DFIR tradecraft, client communication, and operational discipline; guide them through investigations without taking the keyboard.
• Own the well-being, performance, and progression of the local team, ensuring sustainable workloads in a high-pressure practice.
• Partner with peers in the wider global team to share intelligence, align methodology, and ensure consistent quality across regions.
  
  

Client Advisory and Engagement Leadership

• Act as senior technical advisor on active incidents — guiding clients through containment, eradication, recovery, and post-incident strategy.
• Advise executives on risk, regulatory exposure, and strategic options as they work to emerge from a difficult situation.
• Lead scoping conversations on new engagements, translating client needs into clear response plans and accurate proposals.
• Maintain trusted relationships with clients, legal counsel, insurers, regulators, and law enforcement throughout the incident lifecycle.
  
  

Delivery Oversight and Selective Hands-On Work

• Own delivery quality across Hong Kong engagements, reviewing findings, reports, and client deliverables before they go out.
• Step into delivery on the most complex, sensitive, or high-profile matters that require senior judgment.
• Guide investigations across Windows, Linux, macOS, and cloud environments, drawing on EDR, SIEM, network, and forensic data.
  
  

Regulatory Awareness and Threat Landscape

• Maintain a current view of the Hong Kong and broader APAC regulatory environment, including expectations from the PCPD, HKMA, and SFC, as well as the Protection of Critical Infrastructures (Computer Systems) Ordinance.
• Track active threat actors, ransomware groups, and sector-specific risks, and translate that context into practical guidance for clients.
• Act as the local authority during regulatory conversations and notifications, ensuring clients are well-positioned and well-represented.
  
  

External Presence, Brand, and Cross-Functional Collaboration

• Represent Blackpanda at conferences, industry events, and roundtables in Hong Kong and the region to support marketing, brand, and pipeline.
• Build a strong personal and firm reputation across the local cyber community through speaking, publishing, and thought leadership.
• Partner with sales and the global response leadership team — providing technical insight in pre-sales and helping position Blackpanda's capabilities with precision.
  
  

Minimum Requirements

• 8+ years of hands-on experience in cyber incident response, digital forensics, or threat intelligence, including substantial time in a client-facing consulting environment.
• 3+ years leading or managing a response, DFIR, or security consulting team, with demonstrated ownership of hiring, mentoring, and performance.
• Track record of leading complex, high-stakes incidents end-to-end — ransomware, BEC, nation-state intrusions, data exposure — including direct engagement with executives, legal, regulators, and insurers.
• Strong technical foundations across enterprise networks, endpoints, and cloud (Windows, Linux, macOS, AWS / Azure / GCP).
• Working fluency with the modern DFIR toolkit — EDR, SIEM, network forensics, and forensic suites (e.g. Splunk, ELK, SentinelOne, CrowdStrike, Velociraptor, X-Ways).
• Precise, articulate communicator — able to translate complex technical findings into clear, strategic guidance for boardrooms, regulators, and war rooms alike.
• Working knowledge of the Hong Kong regulatory environment and an informed view of the APAC threat landscape.
• Cantonese fluency, with English fluent enough to communicate clearly with global leadership.
• Calm, decisive presence under pressure, with proven judgment in ambiguous, high-stakes situations.
  
  

Preferred Qualifications

• Certifications such as GCFA, GNFA, GREM, GCIH, OSCP, or equivalent.
• Experience presenting at industry conferences and contributing public thought leadership.
• Established network across Hong Kong's cyber, legal, regulatory, and insurance communities.
• Mandarin, in addition to Cantonese and English.
• Prior exposure to OT/ICS or critical infrastructure environments.
  
  

Benefits

• Eligible for multiple company-sponsored SANS Institute course training and certifications
• 40 total days available for leave, inclusive of public holidays, which you can take at the time of your choosing
• 1 week of Work-From-Anywhere per quarter
• 1 day per week of Work-From-Home (Friday), and manager discretion for other days
• Two weeks of paid work travel per year to the company, Onsite and Offsite, in the Asia region
  
  

Why This Role

You will own Hong Kong: the team, the clients, the relationships, and the reputation — with the backing of a regional firm purpose-built for cyber crisis. We're not here to check boxes; what matters most is your judgment and the calm authority you bring when others look to you to follow. If you've led teams through real crises and want to build the leading local response practice in Hong Kong, we want to talk.