About the Role:
Wolters Kluwer Global Business Services (GBS) is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and human resources. These global centers promote team collaboration using best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity, and reduce time to market for products and applications.
We now have an exciting new opportunity for a Senior IT Security Analyst – Security Incident Response (SIR) Readiness & Simulation within our Global Business Services division. This new role has been created to support organizational growth and to strengthen our global cyber readiness posture in alignment with evolving industry standards for incident response, tabletop exercises, and documentation governance.
This position is Pune, India.
In this role you will support SIR readiness, tabletop exercises, and simulation activities, designing and delivering customized incident response scenarios across Wolters Kluwer divisions and key third‑party partners. You will also maintain and continuously improve the SIR documentation ecosystem—including playbooks, runbooks, after‑action reports, communication templates, and the broader knowledge base—in alignment with industry expectations for documentation structure and audit readiness. The role further supports audits, assessments, customer questionnaires, and regulatory requests by providing accurate, timely, and evidence‑based incident‑related documentation and reporting. You will also support the delivery of technical and non‑technical training, integrating lessons learned from simulations and real incidents, and contributes to event review, escalation, and incident handling to strengthen overall response maturity.
Responsibilities:
- Designs, plans, and facilitates enterprise‑wide Security Incident Response (SIR) tabletop exercises and simulations, including scenario development, inject creation, stakeholder coordination, and structured delivery, in alignment with established SIR governance
- Produces After‑Action Reports (AARs) from tabletop exercises and simulations, documenting lessons learned, capability gaps, and recommended improvements; tracks remediation actions and provides status updates to stakeholders
- Maintains and enhances the SIR knowledge base, including incident response playbooks, runbooks, documentation templates, and standard operating procedures, ensuring content remains current and operationally relevant
- Supports audits, assessments, questionnaires, and customer inquiries by preparing timely, accurate, and evidence‑based documentation related to SIR processes, controls, and readiness
- Supports incident response activities during real events, including coordinating incident bridges, capturing timelines and key decisions, and ensuring consistent and complete incident documentation
- Partners with cross‑functional teams (Legal, Privacy, Communications, Risk Management, and others) to ensure tabletop scenarios and incident response processes reflect organizational, contractual, and regulatory requirements
- Collaborates with the Director of SIR to contribute to the planning and delivery of technical and non‑technical training for SIR team members, incorporating insights from exercises and real‑world incidents
- Contributes to the continuous improvement of incident response processes, playbooks, and simulations by integrating feedback from exercises, audits, metrics, and post‑incident reviews
- Performs work in alignment with Wolters Kluwer enterprise policies, procedures, and applicable business plans
- Participates in cross‑functional incident exercise activities, supporting adherence to defined policies and procedures
- Maintains current knowledge of IT security concepts, emerging threat scenarios, and incident response best practices
- Assists in the development of vulnerability‑ and threat‑related communications, providing technical input as needed
- Communicates findings and improvement opportunities identified during simulations and training that may require configuration changes or operational updates to appropriate teams for evaluation and execution
- Provides technical guidance and peer support to junior incident responders as needed, without formal supervisory responsibility
- Engages in continuous learning and professional development to stay current with evolving security threats, trends, and response methodologies
Skills:
- 7+ years of total experience in Information Technology
- 3+ years of professional experience in an information security function, including analyzing and applying information security risk management, and privacy practices
- Flexible working hours to support a global operation
- Demonstrated experience leading cybersecurity tabletop exercises, including scenario design, facilitation, and after‑action reporting.
- Experience coordinating or participating in audits, assessments, customer questionnaires, and compliance documentation
- Experience maintaining or developing Security or IT playbooks, runbooks, documentation, and knowledge bases
- Required Interpersonal Skills
- Excellent oral and written communication ability
- Ability to present complex technical issues and findings to diverse audiences in both technical and non-technical parlance, both orally and in writing
- Diplomacy in working with customers and stakeholders
- Ability to follow policy and procedure
- Ability to work in a team and at times perform under stress
- Demonstrate integrity in dealing with potentially sensitive data and restricted information
- Exceptionally self-motivated with a superior analytical, evaluative, and problem-solving abilities
- Ability to set and manage priorities judiciously
- Required Technical Skills
- Knowledge of basic security principles to include confidentiality, integrity, and availability; access control, authentication, and authorization; privacy and non-repudiation
- Understanding of security vulnerabilities and exposures, and from where they arise
- Familiarity with the Internet, its network protocols, and network applications and services
- Knowledge of network security issues and host/system security issues
- Understanding of malicious code of various types and various threat vectors
- Experience with Risk Analysis and Risk Management
- Basic understanding of programming and scripting
- Required Incident Handling Skills
- Through good communication and documentation, presents a consistent front to customers and stakeholders
- Ability to synthesize data from technical skills listed above to understand and identify intruder techniques
- Ability to utilize interpersonal skills listed above to communicate with customers and stakeholders and bring quick resolution
- Demonstrated ability to analyze ongoing situations for the potential of a security incident
- Ability to maintain incident records in support of WK recovery, regulatory and legal requirements
- Familiar with ITIL service management methodology.
- Prior experience in a 24x7x365 operations environment.
- Experience with ServiceNow and reporting a plus
- Strong technical skills in security assessments of external service providers, providing security guidance, and participating in mock security breach exercises
- Experience with GDPR and GDPR compliance implementations
- Experience and/or SME knowledge of the ISO 27001, NIST 800-53, NIST CSF and PCI DSS.
Our Interview Practices
To maintain a fair and genuine hiring process, we kindly ask that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to assess your individual skills, experiences, and communication style. We value authenticity and want to ensure we’re getting to know you—not a digital assistant. To help maintain this integrity, we ask to remove virtual backgrounds and include in-person interviews in our hiring process. Please note that use of AI-generated responses or third-party support during interviews will be grounds for disqualification from the recruitment process.
Applicants may be required to appear onsite at a Wolters Kluwer office as part of the recruitment process.