Cyber Security Incident Response - Assistant Manager

WTWNew York, NY
$120,000 - $160,000

About The Position

The Cyber Security Incident Response Associate Manager will play a key role in managing and responding to security incidents within WTW’s Global Cyber Security Incident Response Team. Responsibilities of this role will include serving as the primary lead for significant security incidents, coordinating response efforts across technical and business teams to minimize impact and ensure timely resolution. This role involves establishing, refining, and maintaining incident response processes, playbooks, and workflows to align with industry best practices and WTW’s organizational needs. The Associate Manager will act as the central point of contact for incident response activities, ensuring effective communication with internal and external stakeholders, including senior leadership, Legal, HR, and Compliance teams. A key aspect of this role is leveraging AI and automation to accelerate incident containment, response, and remediation, embedding AI-assisted triage, alert enrichment, and decision support into SOAR playbooks and response workflows. The position requires leading in-depth technical investigations of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery while identifying root causes and potential impact. The role demands adeptness at leading global response teams, integrating SIEM/SOAR platforms, and collaborating with MSSPs to mitigate cloud-native and supply chain attacks. Collaboration with SOC, Threat Hunting, CTI, Insider Threat, and Vulnerability Management teams is crucial for seamless coordination and information sharing during incidents. The Associate Manager will lead root cause analysis and post-incident reviews to identify gaps, implement lessons learned, and enhance the overall incident response program. Evaluating and prioritizing incidents based on potential impact and severity, and escalating issues as required, are also key responsibilities. The role includes contributing to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes, and acting as a liaison between technical teams and business stakeholders for clear communication during incidents and status updates.

Requirements

  • Significant security incidents management and response experience.
  • Experience in establishing, refining, and maintaining incident response processes, playbooks, and workflows.
  • Experience acting as a central point of contact for incident response activities.
  • Experience leveraging AI and automation for incident response.
  • Experience leading in-depth technical investigations of security incidents.
  • Experience leading global response teams.
  • Experience integrating SIEM/SOAR platforms.
  • Experience collaborating with MSSPs.
  • Experience mitigating cloud-native and supply chain attacks.
  • Experience working with SOC, Threat Hunting, CTI, Insider Threat, and Vulnerability Management teams.
  • Experience leading root cause analysis and post-incident reviews.
  • Experience evaluating and prioritizing incidents based on potential impact and severity.
  • Experience contributing to the development and maintenance of KPIs and metrics for incident response.
  • Experience acting as a liaison between technical teams and business stakeholders.

Responsibilities

  • Serve as the primary lead for significant security incidents, coordinating response efforts across technical and business teams to minimize impact and ensure timely resolution.
  • Establish, refine, and maintain incident response processes, playbooks, and workflows to align with industry best practices and WTW’s organizational needs.
  • Act as the central point of contact for incident response activities, ensuring effective communication with internal and external stakeholders, including senior leadership, Legal, HR, and Compliance teams.
  • Leverage AI and automation to accelerate incident containment, response, and remediation — embedding AI-assisted triage, alert enrichment, and decision support into SOAR playbooks and response workflows.
  • Lead the in-depth technical investigation of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery while identifying root causes and potential impact.
  • Lead global response teams, integrating SIEM/SOAR platforms, and collaborating with MSSPs to mitigate cloud-native and supply chain attack.
  • Work closely with SOC, Threat Hunting, CTI, Insider Threat, and Vulnerability Management teams to ensure seamless coordination and information sharing during incidents.
  • Lead root cause analysis and post-incident reviews to identify gaps, implement lessons learned, and enhance the overall incident response program.
  • Evaluate and prioritize incidents based on potential impact and severity, escalating issues to higher levels of management or other teams as required.
  • Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
  • Act as a liaison between technical teams and business stakeholders, ensuring clear communication during incidents and status updates.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service