2024-259 Data Protection Officer (m/f/d)

The DPO is positioned in the 2nd line of Defense (within the RISK function) and will constitute his/her DPO office for the scope outlined under his/her responsibility.

DPOs are appointed to perform any tasks required by the applicable law, identify and implement appropriate risk-based personal data protection controls and procedures to meet priority Privacy requirements, monitor compliance with Data Protection regulations and internal policies, and perform independent testing of personal data processing activities by the first line of defense. Statutory DPOs ensure communication with the Data Protection Authorities and provide oversight of communication towards individuals (in particular customers and employees).

Covering Germany and Austria, with a workload allocation of approximately 70/30% respectively.

The key responsibilities of a Data Protection Officer are:

• Those mandated by the applicable law
• Communication with internal (e.g., employees), external stakeholders, data protection authorities, and data subjects
• Contribute to the monitoring of the regulatory landscape on data protection regulations and the relevant communication performed by Legal
• Participate in committees on/in relation to personal data protection at different levels
• Oversee and advise regarding the overall personal data protection framework on:
  • Implementation of policies and guidelines on Personal Data Protection and Privacy by design principles
  • Providing advice on Privacy Impact Assessment (PIA)
  • Reviewing and advising on the implementation of Personal Data Security principles and management of personal data breaches
  • Overseeing the Records of processing activities
  • Contributing towards building and implementing an awareness program
• Define and operate the second level controls and independent testing on the personal data protection framework to monitor compliance with personal data protection legislation and internal policies and guidelines.

• German

Qualifications & Experiences

• Master’s degree in Law (or Economics/IT) or related field required
• Sound knowledge of the General Data Protection Regulation (GDPR) and other Data Protection related Laws and Regulations
• 5+ years of Data Protection related experience as Data Protection Officer or within similar roles

Skills and Knowledge

• Demonstrated experience with Data Protection compliance risk management, including risk identification, evaluation, mitigation, and management
• Experience in the development of Data Protection compliance management systems; Data Protection compliance management framework development and execution
• Demonstrates ability to prioritize workload
• Strong communication skills with extensive experience working directly with executive leadership and board of directors as needed to present, review, and discuss compliance management topics
• Ability to navigate within a matrix environment and execute for multiple stakeholders, managing active discussions and negotiations, and operating under stringent expectations and deadlines
• Strong analytical and data interpretation skills, including the ability to review, interpret, and present data in a concise and precise manner
• Strong interpersonal and communication skills, both oral and written; with excellent attention to detail
• Proficient in the full suite of Microsoft Office applications
• General knowledge of the financial services industry preferred