Group Data Protection Officer

Purpose of the Job

Quintet Private Bank is a leading private bank in the wealth management sector; we are committed to our clients and their families, and pride ourselves on our personalised service based on a deep understanding of what clients want to achieve. Compared to others, we are small (<2,000 employees across 50 European and UK locations) with an ambition to stay true to our purpose to be the most trusted fiduciary of family wealth. When you join Quintet you are joining a company that values diversity of background, equal access to opportunities, career development, collaboration and inclusiveness. We want our employees to feel proud of being part of a company that is committed to do the right thing. You will have the opportunity to grow your career while developing personally and professionally through various resources and programmes.

The successful candidate will provide group data protection advisory and awareness for Quintet employees, execute control monitoring programme and contact point for data subject requests/ claims and Data Protection Authority, and ensure that legal/contractual and operational data protection measures are effectively in place at each location.
 

Key Accountabilities

• Deploy and maintain Group data protection framework/ Methodology/ Training & tools to be used
• Design and update groupwide data protection monitoring program
• Advice upon business request regarding Data protection aspects based on regulations/laws and good practices for implementation.
• Maintain the consolidated inventories of processing’s of personal data based on business entity declaration and support business partners for other inventories (IT asset/ 3rd parties/3rd countries transfer) maintenance
• Review data protection impact assessment ("DPIA") and data protection by design/by default analysis at earliest stage of any new project, review Data protection third parties due diligence/certification of  outsourced services and provide a central DPO opinion 
• Respond to Data Subject exercise request (DSR) and complaint in collaboration with Data Protection delegates and maintain the consolidated inventories of data subjects/complaints and data breaches. 
• Notify data breach to Group Head of DPO and when relevant to Lead Supervisory Authority / ICO  when there is a residual data subject risk identified.
• Challenge the control’s assessment from the 1st LoD & testing regarding data protection risk  (RCSA) and assess maturity level. 
• Execute data protection monitoring and testing activities and escalate significant findings to management and DPOs (UK and Group).
• Analyse non compliances identified within the Group by 1LoD/ 2LoD/3LoD and consolidate Group Heatmaps, dashboard and KRI for escalation to AMC/Board. 
• Based on his/her seniority, advice and follow strategic and innovative projects within the Group ( e.g. cloud storage,  …) regarding data protection compliance and escalate any residual risk to stakeholders, Group Heads and Group Data Protection Committee
   

Knowledge and Experience

• Knowledge of national data protection laws and best practices including an in-depth understanding of the GDPR/UK GDPR Sound data protection and related legal background for more than 7 years
• Some experience in one or (preferably) several of the following areas: IT, compliance, risk management, audit, business process, information security, legal … 
• Expertise of banking activities and services is a strong asset 
   

Attributes and Qualities

• Ability to learn quickly 
• Strong communication skills, ability to bridge the gap between technical and business languages.
   

Technical Skills

• Onetrust / IT security and e-discovery tools knowledge
   

Languages Skills

• Fluent English and German and any other corporate language (French /Dutch) are also considered as an advantage.