Global Head of Incident Response and Cyber Threat

The Global Head of Incident Response & Cyber Threat Intelligence leads a multi-discipline team within our Cyber Defence and Security Operations function. This person will need to have a good technical aptitude, a calm approach under pressure, excellent communicative skills to technical and non-technical audiences, and have a genuine passion for security.

The role is aligned to our hybrid working style, predominant based from home with office travel when required. This may include travel between offices beyond your base location and on occasion, international travel.

The Incident Response & Cyber Threat Intelligence team forms just one of the pillars in our wider Cyber Defence function and so there will be career development opportunities to broaden your experience in other pillars such as SOC, Penetration Testing etc.

**The Role**

Work closely with the Director of Cyber Defence and Chief Information Security Officer in defining and implementing overall strategies of Incident Response and Threat Intelligence.
- Define service maturity model and roadmap.
- Identify ways to utilize resources effectively and efficiently.
- Flag and declare service and capability limitations and boundaries.

Leadership, performance and development.
- Make sure all direct reports and their direct reports have performance objectives and career development plans, monitoring results vs objectives.
- Create plans to improve performance gaps and monitor them accordingly.
- Create, monitor and support career development plans.

Provide oversight and direction to Information and Cyber Security Defence (ICSD) members for Incident Response under the guidance of the Global Director for Cyber Defence and Security Operations.
- Designates relevant additional tasks and functions to ICSD members.
- Engages with External Teams as required such as Incident Response Retainer Services.
- Ensures that Quality Assurance and that the Lessons learned process is conducted and fed into the Continuous Service Improvements.
- Ensures this incident response plan is properly implemented, followed, reviewed, and updated accordingly.
- Facilitates efficient and secure communications and information flow.
- Provides appropriate status updates to the Director of Cyber Defence and Security Operations/CSIG/GCISO.

Maintains the Incident Response Plan.
- Assist with the appropriate cyber security incident management training for ICSD members.
- Facilitates an annual review of the ICSIRP, incorporating updates and revisions to the document.
- Maintains Information and Cyber Security Incident Response Plan (ICSIRP) revision approval documentation.
- Supports annual testing of the ICSIRP as part of the Annual Cyber Tabletop run by an independent External Third-Party.
- Escalate Severity 1 and 2 incidents to CSIG.

Ensure delivery of quality service and achieve goals by leveraging Key Performance Indicators (KPI) and Metrics.
- Establish a set of performance measurements for all managed teams and capabilities and set threshold where possible.
- Regularly record KPI/Metrics results and report them to relevant stakeholders and working groups.
- Inform Leadership Team of any potential red flags or trends that will have significant impact to WTW.

Support audit and regulatory requirements and requests.
- Ensure timely submission of requested documents, evidence, etc.
- Act as owners for relevant security controls.
- Attend sessions and conduct walk-throughs in response to audit queries.
- Be accountable for the management and closure of agreed Management Action Plans (MAP’s).

Review efficient use of technology and toolsets.
- Regularly assess efficacy (cost, coverage, etc) of used toolsets and recommend them for renewal or transformation.
- Support relevant technology POC or testing.

Participate in Projects that have elements of Incident Response (IR) and Threat Intelligence (TI).
- Contribute to listing requirements that have a direct and indirect impact on IR and TI.
- Attend regular project meetings and provide needed support.

Perform other tasks assigned by the ICS Leadership Team.
- Lead and participate on relevant working groups and committees.

**The Requirements**
- Experience in leading and managing Incident Response and comfortable talking to stakeholders and colleagues on both a technical and non-technical level.
- Experience of managing a team of Information Security / Cyber professionals and had an impact in their career development.
- You will be working as part of the Information and Cyber Security team across different locations and therefore you must be a true team player, with the ability and desire to engage with colleagues and clients, on some occasions, to deliver the highest standards of service and support.
- Extensive experience working as part of a cyber defence centre, information and cyber security or security operations centre and handled a variety of security job domains.
- To be effective, you need to have great troubleshooting skill