The Role
The Cyber Security Incident Response Associate Manager will play a key role in managing and responding to security incidents within WTW’s Global Cyber Security Incident Response Team. Responsibilities of this role will include:
Serve as the primary lead for significant security incidents, coordinating response efforts across technical and business teams to minimize impact and ensure timely resolution.
Establish, refine, and maintain incident response processes, playbooks, and workflows to align with industry best practices and WTW’s organizational needs.
Act as the central point of contact for incident response activities, ensuring effective communication with internal and external stakeholders, including senior leadership, Legal, HR, and Compliance teams.
Leverage AI and automation to accelerate incident containment, response, and remediation — embedding AI-assisted triage, alert enrichment, and decision support into SOAR playbooks and response workflows
Lead the in-depth technical investigation of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery while identifying root causes and potential impact.
Adept at leading global response teams, integrating SIEM/SOAR platforms, and collaborating with MSSPs to mitigate cloud-native and supply chain attack.
Work closely with SOC, Threat Hunting, CTI, Insider Threat, and Vulnerability Management teams to ensure seamless coordination and information sharing during incidents.
Lead root cause analysis and post-incident reviews to identify gaps, implement lessons learned, and enhance the overall incident response program.
We have colleagues all around the world, working remotely or in our offices. Together, we make a difference for clients in over 140 countries and markets, from the Middle East to Latin America, from Manila to New York.