Cyber Insurance Incident Manager

WTW Benefits

Enjoy a benefits package designed to help you thrive, both professionally and personally. You'll receive 25 days of annual leave plus an extra WTW day to relax and recharge. Our comprehensive health and wellbeing offering includes private healthcare, life insurance, group income protection, and regular health assessments, all giving you peace of mind. Secure your future with our defined contribution pension scheme, featuring matched contributions up to 10% from the company.

We support your growth and balance with hybrid working options, access to an employee assistance programme, and a fully paid volunteer day to make a difference in your community. On top of these, you can opt into a variety of additional perks including an electric vehicle car scheme, share scheme, cycle-to-work programme, dental and optical cover, critical illness protection, and much more. Start making the most of your career and wellbeing with a range of benefits tailored for you.

The Role

As a Cyber Insurance Incident Manager at Willis, you will serve as an advisor and support lead for internal colleagues and clients facing cyber incidents. This role requires strong coordination and communication skills to support clients through high-stress events such as ransomware attacks, data breaches, and business email compromises. You will help ensure rapid response, align incident actions with insurance policy terms, and manage relationships with insurers, legal counsel, and technical vendors to protect client interests and minimize disruption.

You will also support the coordination of incident support capabilities; including pre-, during and post- incident services.

Key Responsibilities:

• Client Advocacy: Working alongside our cyber broking team to function as the incident manager for clients experiencing a cyber event—providing strategic guidance, triaging issues and supporting communication across stakeholders.
• Policy Interpretation: Help clients understand how their cyber insurance coverage applies in real time during an incident, identifying covered and uncovered elements and setting expectations accordingly.
• Vendor Coordination: Facilitate introductions to approved breach response vendors (forensics firms, privacy counsel, crisis communications, etc.) and ensure prompt engagement through insurer protocols.
• Insurer Liaison: Work closely with Willis Cyber Claims to escalate urgent needs, and track the status of incidents and service provider approvals.
• Documentation & Reporting: Maintain detailed incident notes and assist clients in gathering documentation required for claims submissions and regulatory reporting.
• Post-Incident Review: Lead debrief sessions with client's post-incident to identify lessons learned and recommend risk mitigation improvements.
• Client Education: Collaborate with producers and account executives to develop incident readiness materials, tabletop exercises, and client training. Also, present Willis' wider incident management services as part of a new (or existing) client engagement
• Internal Enablement: Share incident trends, case studies, and feedback with broking and sales teams to strengthen coverage strategies and renewals.
• Stakeholder coordination: Develop a close collaboration with Coverage Advisory, Broking, Consulting and Claims to execute a comprehensive incident management offering.
• External media response and proactively drive brand awareness.

The Requirements

• Extensive experience in cyber insurance, incident response coordination, or cyber risk advisory—ideally within a brokerage, legal, or insurance services environment.
• All-Inclusive understanding of cyber insurance products, including coverages for breach response, business interruption, extortion, and regulatory liability.
• Familiarity with key cyber incident types (e.g., ransomware, email compromise, data exfiltration) and typical response workflows.
• Efficient interpersonal and client-facing skills; calm under pressure and able to build trust quickly.
• Excellent organizational skills and the ability to manage multiple high-priority cases simultaneously
• Extensive experience participating in managing or supporting cyber incidents.

Additional Skills and Experience

• Experience in a client advisory role at a cyber insurance brokerage, insurance company or breach response firm.
• Professional certifications such as CIPP/US, GCIH or equivalent are desirable.
• Familiarity with insurer cyber panels and incident response ecosystems.
• Understanding of cyber and data privacy regulations.

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued, and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.

We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email