Cyber Security Incident Response

WTW (NASDAQ: WTW) is in the business of people risk and capital. With roots dating to 1828 our company has over 54000 colleagues serving more than 140 countries and markets. Our values client focus teamwork integrity respect and excellence underlie all that we do including how we behave and interact with each other. They are part of our WTW DNA. We design and deliver solutions that manage risk optimize benefits cultivate talent and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent assets and ideas the dynamic formula that drives business performance. Together we unlock potential. We are located on the internet at

About the team:

The Information Security (ICS) team is responsible for protecting the organizations information systems and data from security threats. The team delivers security services that help identify prevent detect and respond to cyber risks while supporting business and regulatory requirements.

The Role:

The Cyber Security Incident Response Manager will lead and oversee WTWs global incident response capability. This role is responsible for managing high-impact cyber incidents driving continuous improvement in response processes and leading a team of analysts in a fast-paced global environment. Responsibilities of this role will include:

• Lead and manage high-severity security incidents ensuring timely containment eradication and recovery
• Act as the primary escalation point for incident response across global teams
• Develop enhance and maintain incident response frameworks playbooks and workflows aligned to industry best practices
• Lead technical investigations across endpoints networks and cloud environments
• Manage and mentor a team of SOC and Incident Response analysts driving performance and capability development
• Collaborate with SOC Threat Intelligence Threat Hunting Insider Threat and Vulnerability Management teams
• Work closely with MSSPs and third-party vendors to ensure effective incident detection and response
• Drive root cause analysis and post-incident reviews ensuring lessons learned are implemented
• Ensure compliance with regulatory audit and internal security requirements
• Develop and track KPIs and metrics to measure incident response effectiveness
• Lead tabletop exercises and simulations to enhance organizational readiness
• Act as a liaison between technical teams and senior business stakeholders including Legal HR and Compliance

The Requirements

• 812 years of experience in Cyber Security with a strong focus on SOC and Incident Response
• Proven experience in leading and managing incident response teams
• Strong expertise in incident handling digital forensics and threat analysis
• Deep understanding of frameworks such as MITRE ATT&CK and Cyber Kill Chain
• Hands-on experience with SIEM/SOAR tools such as Sentinel Splunk Carbon Black or similar
• Experience operating in multi-cloud environments (AWS Azure GCP) with exposure to cloud-native threats
• Experience working with global teams and MSSPs
• Strong stakeholder management skills with the ability to communicate with senior leadership
• Ability to operate effectively in high-pressure high-impact situations
• Strong understanding of enterprise security domains including network endpoint identity and cloud security
• Experience working in global multi-location environments
• Strong analytical decision-making and problem-solving skills

-

Preferred / Desired Certifications:

• CISSP
• CCSP
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• Certified Ethical Hacker (CEH)
  

Were committed to equal employment opportunity and provide application interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers from the application process through to joining WTW please email.