07/04/2026

Cyber Security Incident Response - Assistant Manager

Job Description

The Role

 

The Cyber Security Incident Response Associate Manager will play a key role in managing and responding to security incidents within WTW’s Global Cyber Security Incident Response Team. Responsibilities of this role will include:

  • Serve as the primary lead for significant security incidents, coordinating response efforts across technical and business teams to minimize impact and ensure timely resolution.

  • Establish, refine, and maintain incident response processes, playbooks, and workflows to align with industry best practices and WTW’s organizational needs.

  • Act as the central point of contact for incident response activities, ensuring effective communication with internal and external stakeholders, including senior leadership, Legal, HR, and Compliance teams.

  • Leverage AI and automation to accelerate incident containment, response, and remediation — embedding AI-assisted triage, alert enrichment, and decision support into SOAR playbooks and response workflows

  • Lead the in-depth technical investigation of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery while identifying root causes and potential impact.

  • Adept at leading global response teams, integrating SIEM/SOAR platforms, and collaborating with MSSPs to mitigate cloud-native and supply chain attack.

  • Work closely with SOC, Threat Hunting, CTI, Insider Threat, and Vulnerability Management teams to ensure seamless coordination and information sharing during incidents.

  • Lead root cause analysis and post-incident reviews to identify gaps, implement lessons learned, and enhance the overall incident response program.

  • Evaluate and prioritize incidents based on potential impact and severity, escalating issues to higher levels of management or other teams as required.
  • Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
  • Act as a liaison between technical teams and business stakeholders, ensuring clear communication during incidents and status updates.

Apply Now