Legal - Data breach IR investigation

1. a. Works as part of the Privacy/Legal Team, providing support on data disclosure and other security incidents, ensuring that requisite teams are engaged on an incident and following up where necessary to ensure that all appropriate steps are followed. Role includes intake and triage, written analysis, and end-to-end coordination and management of reported security incidents throughout the life cycle of an incident investigation. 
2. Provide support for the incident process, including written analysis and escalation of incidents where a response is required within a specified timeframe;
3. Communicate in writing complex ideas in a way that is easy to understand.
4. Produce periodic and ad-hoc reports for the use of the team.
5. Research and apply privacy laws and regulations to investigation outcomes and make recommendations; and track and identify privacy/legal impact to WTW. 

Responsibility:

1. Receive and provide triage reports for security incidents from across the business including:
2. Making a record of the incident and undertake triage 
3. Review and confirm facts of an incident to isolate what may be missing or misstated
4. Isolate key clauses in contracts to identify legal obligations
5. Coordinate with the Legal lead of the incident, as well as engagement of any other known stakeholders
6. Provide timely escalation of severe incidents or non-compliance to agreed service level agreement (SLA) for incident progression
7. Identify underlying trends through the production of reports, and potential control gaps
8. Ensure all incident handling and response best practices, guidelines and standards are followed
9. Ensure accurate and clear communication with stakeholders, including through direct and clear written communication
10. Ensure the timely production of reports for the team

• Demonstrable track record of:
  • Working with other teams and disciplines towards a common goal
  • A developing knowledge and enthusiasm for Legal and Privacy subject matters
  • Problem solving and maintaining SLAs
  • Working to deadlines and maintaining a high degree of organization to your work
  • Highly computer literate
  • Communicating clearly
  • Experience with business and legal writing.
• Beneficial qualifications include:
  • Law degree, or BSc with law component, or equivalent qualification
• Beneficial but not essential:
  • An understanding of cyber security
  • An understanding of privacy regulations (e.g., GDPR, HIPAA and other U.S. and global privacy laws) Privacy certification(s)