Description:
As a Cyber Insurance Incident Manager at Willis, you will serve as an advisor and support lead for internal colleagues and clients facing cyber incidents. This role requires strong coordination and communication skills to support clients through high-stress events such as ransomware attacks, data breaches, and business email compromises.
You will help ensure rapid response, align incident actions with insurance policy terms, and manage relationships with insurers, legal counsel, and technical vendors to protect client interests and minimize disruption. You will also support the coordination of incident support capabilities; including pre-, during and post- incident services.
The Role
- Client Advocacy: Working alongside our cyber broking team to function as the incident manager for clients experiencing a cyber event—providing strategic guidance, triaging issues and supporting communication across stakeholders.
- Policy Interpretation: Help clients understand how their cyber insurance coverage applies in real time during an incident, identifying covered and uncovered elements and setting expectations accordingly.
- Vendor Coordination: Facilitate introductions to approved breach response vendors (forensics firms, privacy counsel, crisis communications, etc.) and ensure prompt engagement through insurer protocols.
- Insurer Liaison: Work closely with Willis Cyber Claims to escalate urgent needs and track the status of incidents and service provider approvals.
- Documentation & Reporting: Maintain detailed incident notes and assist clients in gathering documentation required for claims submissions and regulatory reporting.
- Post-Incident Review: Lead debrief sessions with client’s post-incident to identify lessons learned and recommend risk mitigation improvements.
- Client Education: Collaborate with producers and account executives to develop incident readiness materials, tabletop exercises, and client training. Also, present Willis’ wider incident management services as part of a new (or existing) client engagement
- Internal Enablement: Share incident trends, case studies, and feedback with broking and sales teams to strengthen coverage strategies and renewals.
- Stakeholder coordination: Develop a close collaboration with Coverage Advisory, Broking, Consulting and Claims to execute a comprehensive incident management offering.
- External media response and proactively drive brand awareness.
Qualifications
What you'll bring
- Extensive experience in cyber insurance, incident response coordination, or cyber risk advisory—ideally within a brokerage, legal, or insurance services environment.
- All-Inclusive understanding of cyber insurance products, including coverages for breach response, business interruption, extortion, and regulatory liability.
- Familiarity with key cyber incident types (e.g., ransomware, email compromise, data exfiltration) and typical response workflows.
- Efficient interpersonal and client-facing skills; calm under pressure and able to build trust quickly.
- Excellent organizational skills and the ability to manage multiple high-priority cases simultaneously
- Extensive experience participating in managing or supporting cyber incidents.
Additional Skills And Experience
- Experience in a client advisory role at a cyber insurance brokerage, insurance company or breach response firm.
- Professional certifications such as CIPP/US, GCIH or equivalent are desirable.
- Familiarity with insurer cyber panels and incident response ecosystems.
- Understanding of cyber and data privacy regulations.