Head of Cyber Incident Response & Threat Intelligence

Willis Towers Watson ,
Reigate, Surrey
More Details
Job Type: Full-time

Overview

Summary of Role The Head of Cyber Incident Response & Threat Intelligence is responsible for the provision of two closely related key services globally including directly leading teams, creating processes, and management of technologies & 3rd parties that make up the services. The role reports to the Director of Cyber Defence & Security Operations, and this is a key and visible role in the leadership team of the Cyber function. The role will work closely alongside the rest of the Cyber Leadership Team (e.g. SOC Leadership) and leaders in operational IT teams to ensure timely and appropriate resolution of security incidents through mitigating actions to contain the impact. They will also work closely with stakeholders from across the business to ensure that incidents are appropriately escalated, communicated and resolved, and that threats are understood and mitigated. The role is extremely visible within the business and provides both operational decisions making and key liaison & authoritative source for cyber incidents. We are looking for a collaborative team player, with a deep technical knowledge and the ability to lead others. The successful candidate will be able to shape and mature security services in a large multinational organisation. They will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top down support across the business. They will help the wider community in fostering a culture which is both security aware and is a great place to come to work. The Role Create, maintain and execute appropriate incident response processes to enable timely escalation, containment and recovery of cyber incidents. Operational ownership of security incidents on behalf of the Director of Cyber Defence & Security Operations. Produce consumable, relevant and actionable threat intelligence relevant to Willis Towers Watson Work with other security teams such as Global SOC and Vulnerability Management to identify recurring patterns and propose strategic actions to reduce risk. Work with Global SOC leadership to lead and coordinate threat hunting and purple team activities. Provide clear, concise and easily consumable communication with key technical and non-technical stakeholders so that threats and incidents are understood and appropriately addressed. Build, lead and support teams of security experts specialised in the detection, response, and recovery from cyber incidents. Measure and report the maturity, effectiveness and efficiency of Incident Response and Threat Intelligence services Understand the elements involved within the exception requests and their importance - data sensitivity assessment, control implementation and maintenance plan, assessing the legal, compliance, reputation, and operational risks associated with the exception. Ensure accurate and clear communication with all stakeholders. Provide appropriate MI to key stakeholders. The Requirements Experience of leading mature cyber incident response activities in a multinational organisation Skilled in building and leading effective security teams Experienced in Information exchange with commercial and government organisations, and turning this into actionable intelligence that can be consumed to better protect the business Understanding of how to contain, respond and recover from cyber incidents Experience with cyber threat landscape and the techniques, tactics & procedures of advanced adversaries Experienced in threat hunting and purple team exercises Sound experience in threat modelling and operational risk management Experience in relevant security frameworks, and solutions Certifications with CREST, GIAC, CISSP or CISM preferred Equal Opportunity Employer

People also viewed