Job Information

WTW Privacy Incident Response Handler and Privacy Administrator in Mumbai, India

  1. a. Works as part of the Privacy/Legal Team, providing management support on certain reported fraud-related incidents, ensuring that requisite teams are engaged on an incident and following up where necessary to ensure that all appropriate steps are followed. This will include intake and triage, end-to-end coordination and management of reported security incidents throughout the life cycle of an incident.

  2. Provide operational support for the incident process, including escalation of incidents where a response is required within a specified timeframe;

  3. Provide input of incident details to designated IT systems. Produce periodic and ad-hoc reports for the use of the team

  4. In addition to the core Privacy/Legal role described in a. above, this role may include support for other incident types, for example for Data Loss Prevention (DLP) incidents, as well as where data is incorrectly disclosed (for example emailed to the wrong user), or a 3rd party is breached, and Privacy/Legal needs to support the Information and Cyber Security (ICS) incident response process, and track and identify privacy/legal impact to WTW; .

The role interacts directly with users from our business, and liaise with specialist teams such as legal, privacy, business information security officers, and cyber major incident response where needed to resolve incidents. The role is not a hands-on technical cyber security role, but you will be interacting on a daily basis with specialist teams.

2.a. Works with the Privacy Team, providing general administrative support for the privacy software platform, OneTrust. Tasks may include providing user access to the software, maintaining the organizational structure within the software, and organizing the modules into a coherent folder structure;

b. Maintain the registers of activities within the OneTrust modules and provide escalation where a response is required within a specified timeframe.

c. After adequate training and orientation, is able to provide support within specified SLAs (to be determined) for the OneTrust modules which WTW has purchased, for example: input/update privacy notices into the Privacy Notice Management module, input/create new assessments in the Assessment Module, derive metrics and utilization statistics across the entire platform.

We are looking for a collaborative team player, with brilliant coordination and communication skills who likes to work in a fast pace environment. They will contribute to and work as part of a global multi-disciplined privacy and legal community with clear vision and direction, and top-down support across the business.

The Role


  1. Receive and provide triage reports for security incidents from across the business including:

  2. Making a record of the incident and undertake triage to determine the severity of the incident

  3. Coordinate the Legal Lead engagement of the incident, as well as engagement of any other known stakeholders (such as Treasury, HR, etc), including scheduling calls, issuing, and tracking actions, collection of evidence

  4. Provide timely escalation of severe incidents or non-compliance to agreed SLAs for incident progression

  5. Identify underlying trends through the production of reports, and potential control gaps

  6. Ensure all incident handling and response best practices, guidelines and standards are followed

  7. Ensure accurate and clear communication with all stakeholders

  8. Ensure the timely production of reports for the team, using Excel and PowerBI software tools2.Provide administrative support for the Privacy function software platform, OneTrust:

  9. Maintain control of privilege access of users to the software environment

  10. Review and maintain the WTW organization structure used by the software

  11. Review and maintain the folder structure within the modules, to effectively control access to the relevant data files for users

  12. Provide timely escalation of active tasks to ensure their completion, including but not limited to DPIAs, Notices and Cookie implementations, assessments, etc.

  13. Ensure reports are generated for the team, from within the OneTrust environment

  • Demonstrable track record of:

  • Working with other teams and disciplines towards a common goal

  • A developing knowledge and enthusiasm for Legal and Privacy subject matters

  • Problem solving and maintaining SLAs in a highly available environment

  • Working to deadlines and maintaining a high degree of organization to your work

  • Highly computer literate

  • Communicating clearly

  • Beneficial but not essential:

  • An understanding of Cyber Security

  • An understanding of privacy regulations (e.g., GDPR, CCPA and other U.S. and global privacy laws)Beneficial qualifications include:

  • BSc or equivalent experience in an Information Security field

  • Privacy certification(s)