Tanya Fleming
Hawes,North Yorkshire
Summary
Accomplished cyber security leader with extensive expertise in aligning security strategies with business objectives to enhance organisational resilience. Proven track record in leading global incident response, embedding intelligence-led security operations, and ensuring compliance with SOC2, ISO27001, GDPR, and financial sector regulations. Adept at spearheading large-scale risk reduction programmes, optimising security technologies, and driving executive-level engagement through strategic risk briefings. Demonstrates exceptional leadership in managing high-performing teams across cyber defence assurance, threat intelligence, and forensics while fostering organisational buy-in for transformative security initiatives.
Overview
6
6
years of professional experience
1
1
Certification
Work history
ICS Security Strategy and Governance
WTW
Leeds
10.2024 - Current
- Strategic Leadership & Cyber Risk Reduction – Spearheading a large-scale cyber acceleration programme to enhance security posture and reduce enterprise risk.
- Governance & Compliance Frameworks – Establishing and embedding governance structures that align with business objectives and regulatory requirements.
- Programme & Change Management – Leading the execution of strategic security initiatives, managing Statements of Work (SoWs), securing funding, and driving organisational buy-in.
- Executive & Stakeholder Engagement – Developing executive-level reporting, presenting to senior leadership, and aligning security initiatives with business goals.
- Security Communications & Awareness – Crafting and executing strategic communications to ensure stakeholder engagement and awareness.
Head of Incident Response and Threat Intelligence
WTW
04.2022 - 10.2024
- Strategic Leadership – Led and oversaw global cyber incident response and threat intelligence functions, ensuring seamless coordination between multiple security teams.
- Team Leadership – Managed the Cyber Defence Assurance Team, Threat Intelligence, Threat Hunting, and Forensics teams , ensuring alignment with business security objectives.
- Incident Response & Crisis Management – Developed and embedded a comprehensive Incident Response Plan aligned with the organisation's Crisis Management approach , ensuring a cohesive response to cyber threats at all levels.
- Threat Intelligence Operations – Integrated threat intelligence insights into security operations to proactively mitigate risks and inform strategic security decisions.
- Cyber Risk Reduction & Governance – Established governance within Cyber Defence to ensure compliance with SOC2, ISO27001, and other regulatory requirements and best practices..
- Security Operations Centre (SOC) Collaboration – Partnered with GSOC, including a six-month interim leadership period.
- Incident Testing & Readiness – Designed and led incident response testing at all levels , from SOC operations to board-level simulations , enhancing organisational preparedness for cyber threats.
- Executive Incident Briefings – Served as a primary escalation point, delivering real-time updates and risk assessments to the board.
- Security Technology & Process Optimisation – Led SIEM transitions, MDR implementation, and tooling reviews to enhance security posture.
- Change Management & Stakeholder Engagement – Ensured business buy-in for security initiatives through clear communication and collaboration.
- Providing recommendations to resolve incidents, and identify underlying trends, risks, and potential control gaps.
- Managed supplier relationships for technology services and Incident response retainers.
- Conducted tooling reviews, resource reviews and lead on technology change management projects, including SIEM transition and MDR implementation.
- Managed influential stakeholder relationships across a variety of disciplines, including Legal, business leadership, business continuity, client assurance and vendors to ensure a cohesive approach to cyber risk management.
Global Major Incident Handling Team Manager
WTW
09.2020 - 04.2022
- Built & Scaled Global Incident Response – Developed a high-performing major incident management function.
- Led Major Cyber Incidents – Managed critical security incidents from detection to resolution, ensuring minimal business disruption.
- Enhanced Incident Management Frameworks – Strengthened response procedures to align with evolving threats and regulatory requirements.
- Improved Data Disclosure Handling – Acted as an incident handler and escalation point for sensitive security and privacy incidents.
- Fostered a Culture of Continuous Improvement – Led post-incident reviews, driving lessons learned and capability enhancements.
Senior Information Governance Officer
Veritau Ltd
09.2019 - 09.2020
- Consulted on Cyber & Data Security – Led advisory services for public sector clients on data security, privacy, and governance.
- Managed Security Incidents – Investigated and resolved information security breaches, ensuring regulatory compliance.
- Implemented Data Protection Strategies – Conducted DPIAs, advised on governance frameworks, contracts and led security training initiatives.
Skills
- Cyber Security Strategy & Risk Management – Aligning security initiatives with business objectives to enhance organisational resilience
- Incident Response & Crisis Leadership – Leading global cyber incident response, coordinating crisis-level incidents, and ensuring rapid threat containment
- Threat Intelligence & Cyber Defence – Embedding intelligence-led security operations to proactively mitigate cyber risks
- Governance, Compliance & Regulatory Alignment – Ensuring adherence to SOC2, ISO27001, GDPR, and financial sector security regulations
- Cyber Risk Reduction & Programme Leadership – Spearheading large-scale security initiatives to reduce enterprise risk
- Incident Response Planning & Testing – Developing and embedding incident response plans, integrating them with crisis management, and leading testing at all levels
- Executive Engagement & Board-Level Reporting – Acting as a primary escalation point, delivering risk briefings, and driving strategic security discussions
- Change Management & Stakeholder Engagement – Bringing people on the journey, ensuring organisational buy-in for security improvements
- Security Technology & Process Optimisation – Leading SIEM transitions, MDR implementation, and security tooling reviews
- Leadership & Team Development – Managing and mentoring high-performing cyber security teams, including Cyber Defence Assurance, Threat Intelligence, Threat Hunting, and Forensics
Accomplishments
WTW Technology Vision to Victory award 2024
Certification
PECB Certified Data Protection Officer
PECB ISO/IEC 27001 Lead Implementer
APMG Cyber Incident Response and Planning
BCS Certificate in Information Security Management Principals
CMI Level 7 in Strategic Management and Leadership
APMP Project Management
ILM Level 3 in Coaching
Timeline
ICS Security Strategy and Governance
WTW
10.2024 - Current
Head of Incident Response and Threat Intelligence
WTW
04.2022 - 10.2024
Global Major Incident Handling Team Manager
WTW
09.2020 - 04.2022
Senior Information Governance Officer
Veritau Ltd
09.2019 - 09.2020
PECB Certified Data Protection Officer
PECB ISO/IEC 27001 Lead Implementer
APMG Cyber Incident Response and Planning
BCS Certificate in Information Security Management Principals
CMI Level 7 in Strategic Management and Leadership
APMP Project Management
ILM Level 3 in Coaching
Similar Profiles
Samantha BinkleySamantha Binkley
Real Estate Manager at WTWReal Estate Manager at WTW
Damaris BacchusDamaris Bacchus
Benefits Accounts at WTWBenefits Accounts at WTW
Kelly RhodesKelly Rhodes
Client Success Manager at WTWClient Success Manager at WTW
YING YING FOOYING YING FOO
Assistant Manager - Placement Team at WTWAssistant Manager - Placement Team at WTW
Gemma NuttallGemma Nuttall
Customer Service Agent at WavecrestCustomer Service Agent at Wavecrest