Business Risk Information Officer
Purpose of the Job
Quintet Private Bank is a leading private bank in the wealth management sector; we are committed to our clients and their families, and pride ourselves on our personalized service based on a deep understanding of what clients want to achieve. When you join Quintet you are joining a company that values diversity of background, equal access to opportunities, career development, collaboration and inclusiveness. We want our employees to feel proud of being part of a company that is committed to do the right thing.
The role of the Business Information Risk Officer (‘BIRO’), focusses specifically on data privacy/protection/cyber risks. The BIRO will report directly to Head of Business Risk Management, and he/she is expected to work closely and collaboratively with the Group BRM team, the business (Wealth Management and Asset Servicing), as well as the local 2nd and 3rd line of defense functions (compliance, risk and audit). The BIRO will also actively engage with the DPO team to respond to request and ensure 2LoD observations are understood and required remediation plans are put in place.
Key Accountabilities
1.Data Leakage Prevention (DLP) controls:
o Develop and maintain the first line controls monitoring framework, ensuring completeness, appropriateness, and process efficiency.
o Analyse control results designed to mitigate Security and Cyber risk in the context of data leakage and define measures to address weaknesses together with local business leads.
o Monitor Key Risk Indicators and maintain industry awareness, best practice insight, and regulatory knowledge.
o Escalate significant issues and lessons learned to Group Business Risk Management (BRM) management, Chief Information Security Officer (CISO), Chief Risk Officer (CRO) and/or Data Protection Officer (DPO) as required.
2.Retention and clean-up of decentralised applications:
o Coordinating the updates of the inventory of decentralized applications and the annual clean-up with the relevant business owners and outsourcers at group level.
o Produce related MRI related to retention.
3.Data sharing, access rights and classification controls:
o Monitor the adequacy of access control management controls in collaboration with IT. This may include on limitation of massive/bulk data extraction without control/ high risk access right (USB, toxic combination,…)
o Enforce practices to ensure sensitive information is not left exposed on desks or workspaces.
o Escalation of instances of excessive access rights/issues to the AMC RC
o Regularly review of confidential tagging application on confidential repositories at premise or MS365 cloud level.
In general, the BIRO will also engage with the BRM and the business to:
o Guide managers in understanding and mitigating information risks in their business areas
o Together with the second line, develop and maintain standards for handling sensitive information safely and data privacy matters
o Identify and address risks related to data usage within current operations
o Evaluate and anticipate risks from new technologies like AI
o Lead investigations and responses to security incidents involving data
o Support the annual RCSA (Risk and Control self-assessment) for data privacy risks.
Knowledge and Experience
Proven experience in Business Risk, Audit, Compliance and/or other control functions within IT or Data Management Organisations in a financial services context
Expertise in Information Security, Cyber Risk, and Data Protection
Attributes and Qualities
Strong execution skills and ability to manage conflicting demands and priorities.
Ability to communicate effectively, influence, and persuade at various levels.
Ability to evolve in a matrixed, changing, and complex environment.
Global understanding of private banking processes is a strong advantage.
Ability to collaborate with all businesses and engage stakeholders to work with a common purpose.
Technical Skills
Knowledge of Data protection and IT Cyber Risk issues.
Languages Skills
Fluent in English, any additional European language is advantageous