Cyber Security Incident Response Lead

Company

WTW

Location

Ipswich, England, United Kingdom

Posted At

7/24/2025

Advertise with us by contacting: [email protected]

Disclaimer: Hunt UK Visa Sponsors aggregates job listings from publicly available sources, such as search engines, to assist with your job hunting. We do not claim affiliation with WTW. For the most up-to-date job details, please visit the official website by clicking "Apply Now."

Description

Description

Defend. Investigate. Make an Impact.

At WTW, we’re building a strong and collaborative Cyber Defense team, and we’re looking for a Cyber Security Incident Response Lead to help us stay ahead of evolving threats. In this role, you won’t just respond to incidents—you’ll help shape how we respond, strengthen how we prepare, and ensure we’re always one step ahead.

You'll work side-by-side with talented professionals in SOC, Threat Hunting, Cyber Threat Intelligence (CTI), and Insider Threat teams, bringing your technical expertise and investigative mindset to every challenge. From managing live incidents to refining playbooks and collaborating across the business, your contribution will be key to protecting our people, clients, and systems.

You’ll play a key role in strengthening our incident response capabilities—refining processes, documenting findings, and helping us stay ahead of emerging threats. We’re looking for someone with solid experience in cybersecurity and a proactive mindset, who enjoys problem-solving and thrives in fast-moving environments.

This is your chance to make a real impact in a supportive, inclusive team where your expertise is valued and your growth is encouraged.

Ready to help shape the future of cyber defense at WTW? Let’s talk.

The Role

The colleague will work as part of a global, multi-disciplined security community with strong support across the business, contributing to fostering a security-aware culture while ensuring WTW remains a great place to work. With WTW’s large global footprint, this role offers a fascinating range of work, and occasional global travel may be required.

The Incident Response Lead will play a key role in managing and responding to security incidents within WTW’s Cyber Security Incident Response Team.

Responsibilities Of This Role Will Include

Support the investigation of security incidents escalated from the SOC, ensuring timely containment, eradication, and recovery.
Collaborate in the development and refinement of incident response processes, playbooks, and workflows to enhance efficiency and consistency.
Perform initial evaluation of security events, log data, and alerts to identify potential threats and identify the scope of incidents.
Work closely with other Cyber Defense teams, including SOC, Threat Hunting, and CTI, to ensure seamless information sharing and coordination during incidents.
Document incidents thoroughly and prepare post-incident reports, including root cause examination and recommendations for improvement.
Monitor emerging threats, vulnerabilities, and attack trends to enhance incident detection and response capabilities.
Ensure all incident-handling activities comply with applicable regulations and internal policies.
Participate in root cause examination and post-incident review meetings to ensure lessons learned are applied to future incidents.
Ensure incident handling complies with relevant regulations and prepare detailed reports for regulatory or internal purposes.
Evaluate and prioritize incidents based on potential impact and severity, escalating issues to higher levels of management or other teams as required.
Assist in developing and fine-tuning automation scripts and workflows to enhance incident detection and response efficiency.
Contribute to the development and maintenance of key performance indicators (KPIs) and metrics to measure the effectiveness of incident response processes.
Act as a liaison between technical teams and business stakeholders, ensuring clear communication during incidents and status updates.
Maintain up-to-date records of all incident handling activities in incident management systems, ensuring alignment with internal policies and audit requirements.

At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution. We understand flexibility is key to supporting an inclusive and diverse workforce and so we encourage requests for all types of flexible working as well as location-based arrangements. Please speak to your recruiter to discuss more.

Qualifications

The Requirements

Should have experience in incident response, with a strong understanding of cybersecurity principles, frameworks, and tools.
Proficient in forensic analysis, malware analysis, and network traffic analysis. Experience with SIEM tools, EDR platforms, and threat intelligence integration is essential.
Proven ability to deal with high-stakes security incidents and coordinate cross-functional teams effectively.
Good understanding of MITRE ATT&CK, cyber kill chain, and incident response methodologies.
Exceptional verbal and written communication skills, with the ability to convey complex technical concepts to non-technical audiences, including executives.
Industry certifications such as CISSP, GCIH, GCFA, or CISM are good to have.
Experience with platforms like Sentinel, Splunk, Carbon Black, or similar technologies.
A enterprising and decisive mindset with the ability to operate under pressure.
Strong systematic and problem-solving skills to make informed choices in complex situations.
Collaborative and adaptable, with a passion for mentoring and developing team members.

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.

We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email [email protected].

You don't need to have an account in ATS to apply for the jobs. Once you click apply, get started right away by simply using your email. Your profile will be created and kept up to date automatically as you enter details for each of your job applications.

Advertise with us by contacting: [email protected]