IT Investigations Operating Model Lead

IT Investigations Operating Model Lead (Consulting Engagement)
Location: London (Hybrid)
Engagement Type: Contract Inside IR35
Length: 6-12 months

We are supporting a large, globally regulated financial institution in establishing a formalised IT Investigations capability aligned to its enterprise Legal Investigations Framework.
This engagement will design and stand up a Target Operating Model (TOM) for IT Investigations across EMEA, with integration into US-based SOC operations. The objective is to enable consistent, defensible, and timely IT investigation support across regions and investigation types, including insider risk matters.
This is a strategic build role focused on operating model design, governance, and cross-functional integration — not day-to-day investigative casework.
Key Responsibilities Target Operating Model Design

• Design and document the IT Investigations Target Operating Model (people, process, technology, governance)
• Define service catalogue, case types, and regional coverage model
• Establish engagement patterns between IT, Legal, HR, Compliance, Privacy, and Security

Governance & RACI

• Develop end-to-end RACI across the investigations lifecycle
• Define decision rights, escalation pathways, and conflict resolution mechanisms
• Review IAM provisions to ensure appropriate access controls and evidential integrity

Triage & Case Management

• Design intake and triage model (classification, severity scoring, routing rules)
• Define SLAs and prioritisation framework
• Clarify routing between IT-led, Legal-led, and SOC-led investigations

Evidence & Defensibility

• Establish evidential handling standards (chain-of-custody, defensibility principles)
• Define evidence export standards and audit trail requirements
• Align controls with regulatory expectations in financial services

Insider Risk Integration

• Integrate insider risk detection workflows into investigation intake
• Define handoffs between insider risk program owners and investigations teams
• Prevent duplication across security and legal functions

Tooling & Roadmap

• Map current and future-state investigation tooling landscape
• Align with Legal-procured tools and SOC capabilities
• Deliver implementation roadmap and transition plan into BAU

Metrics & Continuous Improvement

• Establish KPIs, dashboards, and QA model
• Define governance forums and reporting structures
• Develop role-based training and skills framework

Required Experience

• 8 years in Digital Forensics, IT Investigations, or Forensic Technology
• Experience designing or implementing an Investigations or Forensics Operating Model
• Strong understanding of evidential handling and defensibility standards
• Experience within financial services or other highly regulated environments
• Proven ability to operate across Legal, HR, Compliance, Security, and Technology functions
• Experience integrating Insider Risk or DLP-led investigations

Highly Desirable

• Big 4 forensic consulting background
• Experience building investigations governance within global organisations
• Familiarity with eDiscovery platforms and enterprise case management tooling
• Experience aligning SOC and investigations functions