Cyber Security Incident Response

WTW (NASDAQ: WTW) is in the business of people, risk and capital. With roots dating to 1828, our company has over 54,000 colleagues serving more than 140 countries and markets. Our values – client focus, teamwork, integrity, respect and excellence – underlie all that we do, including how we behave and interact with each other. They are part of our WTW DNA. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets, and ideas — the dynamic formula that drives business performance. Together, we unlock potential. We are located on the internet at wtwco.com

About the team:

The Information Security (InfoSec) team is responsible for protecting the organization's information, systems, and data from security threats. The team delivers security services that help identify, prevent, detect, and respond to cyber risks while supporting business and regulatory requirements. 

The Role:

Please enter the responsibilities of the role 

The Cyber Security Incident Response Assistant Manager will play a key role in managing and responding to security incidents within WTW’s Global Cyber Security Incident Response Team. Responsibilities of this role will include: 

• Serve as the primary lead for significant security incidents, coordinating response efforts across technical and business teams to minimize impact and ensure timely resolution. 

• Establish, refine, and maintain incident response processes, playbooks, and workflows to align with industry best practices and WTW’s organizational needs. 

• Act as the central point of contact for incident response activities, ensuring effective communication with internal and external stakeholders, including senior leadership, Legal, HR, and Compliance teams. 

• Lead the in-depth technical investigation of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery while identifying root causes and potential impact. 

• Adept at leading global response teams, integrating SIEM/SOAR platforms, and collaborating with MSSPs to mitigate cloud-native and supply chain attack. 

• Work closely with SOC, Threat Hunting, CTI, Insider Threat, and Vulnerability Management teams to ensure seamless coordination and information sharing during incidents. 

• Lead root cause analysis and post-incident reviews to identify gaps, implement lessons learned, and enhance the overall incident response program. 

• Provide mentorship and guidance to junior analysts and conduct tabletop exercises to improve team preparedness. 

• Ensure incident handling complies with relevant regulations and prepare detailed reports for regulatory or internal purposes. 

• Evaluate and prioritize incidents based on potential impact and severity, escalating issues to higher levels of management or other teams as required. 

• Assist in developing and fine-tuning automation scripts and workflows to enhance incident detection and response efficiency. 

• Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes. 

• Act as a liaison between technical teams and business stakeholders, ensuring clear communication during incidents and status updates.

• Maintain up-to-date records of all incident handling activities in incident management systems, ensuring alignment with internal policies and audit requirements. 

The Requirements 

Please enter the minimum criteria, skills, education, licenses etc. required to do this job 

We are looking for a candidate for Cyber Security Incident Response who has the following: 

• Minimum 5 years of experience in SOC or incident response, with a strong understanding of cybersecurity principles, frameworks, and tools.

• Proven ability to lead high-stakes security incidents and coordinate cross-functional teams effectively. 

• Deep understanding of MITRE ATT&CK, cyber kill chain, and incident response methodologies. 

• Exceptional verbal and written communication skills, with the ability to convey complex technical concepts to non-technical audiences, including executives. 

• Anyone working as SOC L3 or managing SOC; internal or as MSSP would be a good value add. 

• Experience with platforms like Sentinel, Splunk, Carbon Black, or similar technologies. 

• A proactive and decisive mindset with the ability to operate under pressure. 

• Strong analytical and problem-solving skills to make informed decisions in complex situations. 

• Collaborative and adaptable, with a passion for mentoring and developing team members. 

Skills & Certifications

• Experience in working with a dynamic multi location team. 

• Ability to multitask and manage communications with multiple stakeholders concurrently. 

• Understand, maintain, and manage complex and ever-changing IT control environments covering access, change, IT operations, cybersecurity and governance.   

Behaviors:
 

• Resourcefulness and organizational agility
• Problem Solving
• Delivery focused
• Strong communications and stakeholder management

Qualifications:

• Educated to degree level or equivalent 

• 10+ years’ experience with IT and technology controls/audit related engagements

• Experience of working within a Global Financial organization 

• CISSP, CCSP, CISA ISO27001 certified

• Resourcefulness and organizational agility
• Problem Solving
• Delivery focused
• Strong communications and stakeholder management
   

We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidatehelpdesk@wtwco.com.