Defend. Investigate. Make an Impact.
At WTW, we’re building a strong and collaborative Cyber Defense team, and we’re looking for a Cyber Security Incident Response Lead to help us stay ahead of evolving threats. In this role, you won’t just respond to incidents—you’ll help shape how we respond, strengthen how we prepare, and ensure we’re always one step ahead.
You'll work side-by-side with talented professionals in SOC, Threat Hunting, Cyber Threat Intelligence (CTI), and Insider Threat teams, bringing your technical expertise and investigative mindset to every challenge. From managing live incidents to refining playbooks and collaborating across the business, your contribution will be key to protecting our people, clients, and systems.
You’ll play a key role in strengthening our incident response capabilities—refining processes, documenting findings, and helping us stay ahead of emerging threats. We’re looking for someone with solid experience in cybersecurity and a proactive mindset, who enjoys problem-solving and thrives in fast-moving environments.
This is your chance to make a real impact in a supportive, inclusive team where your expertise is valued and your growth is encouraged.
Ready to help shape the future of cyber defense at WTW? Let’s talk.
The Role
The colleague will work as part of a global, multi-disciplined security community with strong support across the business, contributing to fostering a security-aware culture while ensuring WTW remains a great place to work. With WTW’s large global footprint, this role offers a fascinating range of work, and occasional global travel may be required.
The Incident Response Lead will play a key role in managing and responding to security incidents within WTW’s Cyber Security Incident Response Team.
Responsibilities of this role will include:
• Support the investigation of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery.
• Collaborate in the development and refinement of incident response processes, playbooks, and workflows to enhance efficiency and consistency.
• Perform initial evaluation of security events, log data, and alerts to identify potential threats and identify the scope of incidents.
• Work closely with other Cyber Defense teams, including SOC, Threat Hunting, and CTI, to ensure seamless information sharing and coordination during incidents.
• Document incidents thoroughly and prepare post-incident reports, including root cause examination and recommendations for improvement.
• Monitor emerging threats, vulnerabilities, and attack trends to enhance incident detection and response capabilities.
• Ensure all incident-handling activities comply with applicable regulations and internal policies.
• Participate in root cause examination and post-incident review meetings to ensure lessons learned are applied to future incidents.
• Ensure incident handling complies with relevant regulations and prepare detailed reports for regulatory or internal purposes.
• Evaluate and prioritize incidents based on potential impact and severity, escalating issues to higher levels of management or other teams as required.
• Assist in developing and fine-tuning automation scripts and workflows to enhance incident detection and response efficiency.
• Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
• Act as a liaison between technical teams and business stakeholders, ensuring clear communication during incidents and status updates.
• Maintain up-to-date records of all incident handling activities in incident management systems, ensuring alignment with internal policies and audit requirements.
At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution. We understand flexibility is key to supporting an inclusive and diverse workforce and so we encourage requests for all types of flexible working as well as location-based arrangements. Please speak to your recruiter to discuss more.