Cyber Security Incident Response Lead

Defend. Investigate. Make an Impact.

At WTW were building a strong and collaborative Cyber Defense team and were looking for a Cyber Security Incident Response Lead to help us stay ahead of evolving this role you wont just respond to incidentsyoull help shape how we respond strengthen how we prepare and ensure were always one step ahead.

Youll work side-by-side with talented professionals in SOC Threat Hunting Cyber Threat Intelligence (CTI) and Insider Threat teams bringing your technical expertise and investigative mindset to every challenge. From managing live incidents to refining playbooks and collaborating across the business your contribution will be key to protecting our people clients and systems.

Youll play a key role in strengthening our incident response capabilitiesrefining processes documenting findings and helping us stay ahead of emerging threats. Were looking for someone with solid experience in cybersecurity and a proactive mindset who enjoys problem-solving and thrives in fast-moving environments.

This is your chance to make a real impact in a supportive inclusive team where your expertise is valued and your growth is encouraged.

Ready to help shape the future of cyber defense at WTW Lets talk.

The Role

The colleague will work as part of a global multi-disciplined security community with strong support across the business contributing to fostering a security-aware culture while ensuring WTW remains a great place to work. With WTWs large global footprint this role offers a fascinating range of work and occasional global travel may be required.

The Incident Response Lead will play a key role in managing and responding to security incidents within WTWs Cyber Security Incident Response Team.

Responsibilities of this role will include:
Support the investigation of security incidents escalated from the SOC ensuring timely containment eradication and recovery.
Collaborate in the development and refinement of incident response processes playbooks and workflows to enhance efficiency and consistency.
Perform initial evaluation of security events log data and alerts to identify potential threats and identify the scope of incidents.
Work closely with other Cyber Defense teams including SOC Threat Hunting and CTI to ensure seamless information sharing and coordination during incidents.
Document incidents thoroughly and prepare post-incident reports including root cause examination and recommendations for improvement.
Monitor emerging threats vulnerabilities and attack trends to enhance incident detection and response capabilities.
Ensure all incident-handling activities comply with applicable regulations and internal policies.
Participate in root cause examination and post-incident review meetings to ensure lessons learned are applied to future incidents.
Ensure incident handling complies with relevant regulations and prepare detailed reports for regulatory or internal purposes.
Evaluate and prioritize incidents based on potential impact and severity escalating issues to higher levels of management or other teams as required.
Assist in developing and fine-tuning automation scripts and workflows to enhance incident detection and response efficiency.
Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
Act as a liaison between technical teams and business stakeholders ensuring clear communication during incidents and status updates.
Maintain up-to-date records of all incident handling activities in incident management systems ensuring alignment with internal policies and audit requirements.

At WTW we trust you to know your work and the people tools and environment you need to be successful. The majority of our colleagues work in a hybrid style with a mix of remote in-person and in office interactions dependent on the needs of the team role and clients. Our flexibility is rooted in trust and hybrid is not a one-size-fits-all solution. We understand flexibility is key to supporting an inclusive and diverse workforce and so we encourage requests for all types of flexible working as well as location-based arrangements. Please speak to your recruiter to discuss more.

The Requirements

• Should have experience in incident response with a strong understanding of cybersecurity principles frameworks and tools.
• Proficient in forensic analysis malware analysis and network traffic analysis. Experience with SIEM tools EDR platforms and threat intelligence integration is essential.
• Proven ability to deal with high-stakes security incidents and coordinate cross-functional teams effectively.
• Good understanding of MITRE ATT&CK cyber kill chain and incident response methodologies.
• Exceptional verbal and written communication skills with the ability to convey complex technical concepts to non-technical audiences including executives.
• Industry certifications such as CISSP GCIH GCFA or CISM are good to have.
• Experience with platforms like Sentinel Splunk Carbon Black or similar technologies.
• A enterprising and decisive mindset with the ability to operate under pressure.
• Strong systematic and problem-solving skills to make informed choices in complex situations.
• Collaborative and adaptable with a passion for mentoring and developing team members.

At WTW we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.

Were committed to equal employment opportunity and provide application interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers from the application process through to joining WTW please email .

You dont need to have an account in ATS to apply for the jobs. Once you click apply get started right away by simply using your email. Your profile will be created and kept up to date automatically as you enter details for each of your job applications.