Cyber Security Incident Response Assistant Manager

WTW


Job Location:

Madrid - Spain

Monthly Salary: Not Disclosed
Posted on: 3 days ago
Vacancies: 1 Vacancy

Job Summary

Description

The Cyber Security Incident Response Assistant Manager will play a pivotal role within WTWs Global Information and Cyber Security Defence (ICSD) function leading the response to complex security incidents and driving initiatives to enhance WTWs Cyber incident management capabilities. This mid senior-level role requires a highly experienced professional with more than 5 years of expertise in incident response and cybersecurity.
As a key player in WTWs Cyber Defense strategy you will establish and refine incident response procedures collaborate with diverse stakeholders across the organization and engage closely with other Cyber-Defense teams including SOC Threat Hunting Cyber Threat Intelligence (CTI) and Insider Threat. You will also work beyond the technical domain liaising with HR Legal Compliance and other business units to ensure effective incident management and mitigation.
The individual will work as part of a global multi-disciplined security community with strong support across the business contributing to fostering a security-aware culture while ensuring WTW remains a great place to work. With WTWs large global footprint this role offers a fascinating range of work and occasional global travel may be required.

The Role
The Cyber Security Incident Response Assistant Manager will play a key role in managing and responding to security incidents within WTWs Global Cyber Security Incident Response Team. Responsibilities of this role will include:

  • Serve as the primary lead for significant security incidents coordinating response efforts across technical and business teams to minimize impact and ensure timely resolution.
  • Establish refine and maintain incident response processes playbooks and workflows to align with industry best practices and WTWs organizational needs.
  • Act as the central point of contact for incident response activities ensuring effective communication with internal and external stakeholders including senior leadership Legal HR and Compliance teams.
  • Leverage AI and automation to accelerate incident containment response and remediation embedding AI-assisted triage alert enrichment and decision support into SOAR playbooks and response workflows
  • Lead the in-depth technical investigation of security incidents escalated from the SOC ensuring timely containment eradication and recovery while identifying root causes and potential impact.
  • Adept at leading global response teams integrating SIEM/SOAR platforms and collaborating with MSSPs to mitigate cloud-native and supply chain attack.
  • Work closely with SOC Threat Hunting CTI Insider Threat and Vulnerability Management teams to ensure seamless coordination and information sharing during incidents.
  • Lead root cause analysis and post-incident reviews to identify gaps implement lessons learned and enhance the overall incident response program.
  • Evaluate and prioritize incidents based on potential impact and severity escalating issues to higher levels of management or other teams as required.
  • Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
  • Act as a liaison between technical teams and business stakeholders ensuring clear communication during incidents and status updates.


Qualifications

The Requirements
We are looking for a candidate for Cyber Security Incident Response who has the following:

  • Minimum 5 years of experience in SOC or incident response with a strong understanding of cybersecurity principles frameworks and tools.
  • Understanding of AI/ML applications in security operations including AI-augmented detection triage and response automation.
  • Awareness of AI-specific threats and incident types (prompt injection model/data poisoning sensitive-data exposure via GenAI) and familiarity with OWASP LLM Top 10 / MITRE ATLAS.
  • Hands-on cloud incident response across Azure AWS and/or GCP including cloud-native log sources (Azure Activity/Entra ID sign-in logs AWS CloudTrail) and the reality that cloud IR differs from on-prem.
  • Proven ability to lead high-stakes security incidents and coordinate cross-functional teams effectively.
  • Deep understanding of MITRE ATT&CK cyber kill chain and incident response methodologies.
  • Exceptional verbal and written communication skills with the ability to convey complex technical concepts to non-technical audiences including executives.
  • A proactive and decisive mindset with the ability to operate under pressure.
  • Strong analytical and problem-solving skills to make informed decisions in complex situations.
  • Collaborative and adaptable with a passion for mentoring and developing team members.


Were committed to equal employment opportunity and provide application interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers from the application process through to joining WTW please email




Required Experience:

Manager

DescriptionThe Cyber Security Incident Response Assistant Manager will play a pivotal role within WTWs Global Information and Cyber Security Defence (ICSD) function leading the response to complex security incidents and driving initiatives to enhance WTWs Cyber incident management capabilities. This...

About Company

Company Logo

At WTW we provide data-driven, insight-led solutions in the areas of people, risk and capital.

View Profile View Profile