Job Title

About the team:The Information Security (InfoSec) team is responsible for protecting the organization's information, systems, and data from security threats. The team delivers security services that help identify, prevent, detect, and respond to cyber risks while supporting business and regulatory requirements.Location: Mumbai/GurugramThe Role:The Cyber Security Incident Response Manager will lead and oversee WTW’s global incident response capability. This role is responsible for managing high-impact cyber incidents, driving continuous improvement in response processes, and leading a team of analysts in a fast-paced, global environment. Responsibilities of this role will include:Lead and manage high-severity security incidents, ensuring timely containment, eradication, and recoveryAct as the primary escalation point for incident response across global teamsDevelop, enhance, and maintain incident response frameworks, playbooks, and workflows aligned to industry best practicesLead technical investigations across endpoints, networks, and cloud environmentsManage and mentor a team of SOC and Incident Response analysts, driving performance and capability developmentCollaborate with SOC, Threat Intelligence, Threat Hunting, Insider Threat, and Vulnerability Management teamsWork closely with MSSPs and third-party vendors to ensure effective incident detection and responseDrive root cause analysis and post-incident reviews, ensuring lessons learned are implementedEnsure compliance with regulatory, audit, and internal security requirementsDevelop and track KPIs and metrics to measure incident response effectivenessLead tabletop exercises and simulations to enhance organizational readinessAct as a liaison between technical teams and senior business stakeholders, including Legal, HR, and ComplianceThe Requirements 8–12 years of experience in Cyber Security, with a strong focus on SOC and Incident ResponseProven experience in leading and managing incident response teamsStrong expertise in incident handling, digital forensics, and threat analysisDeep understanding of frameworks such as MITRE ATT&CK and Cyber Kill ChainHands-on experience with SIEM/SOAR tools such as Sentinel, Splunk, Carbon Black, or similarExperience operating in multi-cloud environments (AWS, Azure, GCP) with exposure to cloud-native threatsExperience working with global teams and MSSPsStrong stakeholder management skills with the ability to communicate with senior leadershipAbility to operate effectively in high-pressure, high-impact situationsSkills & CertificationsStrong understanding of enterprise security domains including network, endpoint, identity, and cloud securityExperience working in global, multi-location environmentsStrong analytical, decision-making, and problem-solving skillsPreferred / Desired Certifications:CISSPCCSPGIAC Certified Incident Handler (GCIH)GIAC Certified Forensic Analyst (GCFA)Certified Ethical Hacker (CEH)