Willis Towers Watson

Cyber Security Incident Response - Assistant Manager

Willis Towers Watson$120K — $160K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of experience in SOC or incident response management
  • Strong knowledge of cybersecurity principles and frameworks
  • Hands-on experience with cloud incident response (Azure, AWS, GCP)
  • Familiarity with AI/ML applications in security operations
  • Proven ability to lead and coordinate cross-functional teams on security incidents
  • Deep understanding of incident response methodologies (MITRE ATT&CK, cyber kill chain)
  • Exceptional communication skills for diverse audiences

Responsibilities

  • Lead primary management for significant security incidents across technical and business teams
  • Establish and refine incident response processes and playbooks according to best practices
  • Act as the central point of contact for incident response activities and communications
  • Leverage AI for enhancing incident containment and response workflows
  • Conduct in-depth investigations of escalated security incidents
  • Coordinate closely with SOC, Threat Hunting, and Vulnerability Management teams for effective response
  • Lead post-incident reviews to identify gaps and improve the incident response program

Benefits

  • Comprehensive health and welfare benefits including mental health support
  • Generous leave benefits including paid holidays and short-term/long-term disability
  • Contributory pension plan and a 401(k) plan with annual contributions
  • Employee Assistance Program and resources for work/life balance
  • Additional benefits like adoption assistance and pet insurance
Full Job Description
Job Description

The Role

The CyberSecurity Incident Response Associate Manager will play a key role in managing and responding to security incidents within WTW's Global Cyber Security Incident Response Team. Responsibilities of this role will include:
  • Serve as the primary lead for significant security incidents, coordinating response efforts across technical and business teams to minimize impact and ensure timely resolution.
  • Establish, refine, and maintain incident response processes, playbooks, and workflows to align with industry best practices and WTW's organizational needs.
  • Act as the central point of contact for incident response activities, ensuring effective communication with internal and external stakeholders, including senior leadership, Legal, HR, and Compliance teams.
  • Leverage AI and automation to accelerate incident containment, response, and remediation - embedding AI-assisted triage, alert enrichment, and decision support into SOAR playbooks and response workflows
  • Lead the in-depth technical investigation of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery while identifying root causes and potential impact.
  • Adept at leading global response teams, integrating SIEM/SOAR platforms, and collaborating with MSSPs to mitigate cloud-native and supply chain attack.
  • Work closely with SOC, Threat Hunting, CTI, Insider Threat, and Vulnerability Management teams to ensure seamless coordination and information sharing during incidents.
  • Lead root cause analysis and post-incident reviews to identify gaps, implement lessons learned, and enhance the overall incident response program.
  • Evaluate and prioritize incidents based on potential impact and severity, escalating issues to higher levels of management or other teams as required.
  • Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
  • Act as a liaison between technical teams and business stakeholders, ensuring clear communication during incidents and status updates.


Qualifications

The Requirements

  • Minimum 5 years of experience in SOC or incident response, with a strong understanding of cybersecurity principles, frameworks, and tools.
  • Understanding of AI/ML applications in security operations, including AI-augmented detection, triage, and response automation.
  • Awareness of AI-specific threats and incident types (prompt injection, model/data poisoning, sensitive-data exposure via GenAI), and familiarity with OWASP LLM Top 10 / MITRE ATLAS.
  • Hands-on cloud incident response across Azure, AWS, and/or GCP, including cloud-native log sources (Azure Activity/Entra ID sign-in logs, AWS CloudTrail) and the reality that cloud IR differs from on-prem.
  • Proven ability to lead high-stakes security incidents and coordinate cross-functional teams effectively.
  • Deep understanding of MITRE ATT&CK, cyber kill chain, and incident response methodologies.
  • Exceptional verbal and written communication skills, with the ability to convey complex technical concepts to non-technical audiences, including executives.
  • A proactive and decisive mindset with the ability to operate under pressure.
  • Strong analytical and problem-solving skills to make informed decisions in complex situations.
  • Collaborative and adaptable, with a passion for mentoring and developing team members.


Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.

Compensation and Benefits

Base salary range and benefits information for this position are being included in accordance with requirements of various state/local pay transparency legislation. Please note that salaries may vary for different individuals in the same role based on several factors, including but not limited to location of the role, individual competencies, education/professional certifications, qualifications/experience, performance in the role and potential for revenue generation (Producer roles only).

Compensation

The base salary compensation range being offered for this role is $120,000.00-$160,000.00 USD annually. This role is also eligible for an annual short-term incentive bonus.

Company Benefits

WTW provides a competitive benefit package which includes the following (eligibility requirements apply):

  • Health and Welfare: Mental health/emotional wellbeing (including Employee Assistance Program), medical (including prescription drug coverage and fertility benefits), dental, vision, Health Savings Account, Commuter Accounts, Health Care and Dependent Care Flexible Spending Accounts, company-paid life insurance, supplemental life insurance, AD&D, group accident, group critical illness, group legal, identity theft protection, wellbeing program, adoption assistance, surrogacy assistance, auto/home insurance, pet insurance, and other work/life resources.
  • Leave Benefits: Paid Holidays, Annual Paid Time Off (includes state/local paid leave where required), Short-Term Disability, Long-Term Disability, Other Leaves (e.g., Bereavement, FMLA, ADA, Jury Duty, Military Leave, and Parental and Adoption Leave), Paid Time Off (only included for Washington roles)
  • Retirement Benefits: Qualified contributory pension plan (if eligible) and 401(k) plan with annual nonelective company contribution. Non-qualified retirement plans available to senior level colleagues who satisfy the plans' eligibility requirements.


This position will remain posted for a minimum of three business days from the date posted or until sufficient/appropriate candidate slate has been identified.

About Willis Towers Watson

Willis Towers Watson is a global insurance and risk management company that provides a range of services to clients in more than 140 countries. The company was formed in 2016 through the merger of Willis Group Holdings and Towers Watson & Co. Willis Towers Watson offers a range of insurance products, including property and casualty insurance, life insurance, and health insurance. The company also provides risk management and consulting services, including actuarial services, investment consulting, and human capital consulting. Willis Towers Watson is known for its expertise in risk management and its ability to help clients navigate complex insurance and regulatory environments.
Learn more about Willis Towers Watson
Size
46,000 employees
Market Cap
$26.2 billion
Industry
Net Income
$996 million
Founded
1828
5 Year Trend
+2.7%
Revenue
$9.3 billion
NASDAQ

Similar Jobs

More Jobs at Willis Towers Watson

More Information Technology Jobs

Find similar Cyber Security Incident Response - Assistant Manager jobs: