Description
Control Manager, 12-month contract, €450-€500 per day, Esch-sur-Alzette, Luxembourg.
What will you do?
Working on behalf of the business to co-ordinate and manage privacy incidents and breaches:
Manage Privacy Incident Reports (PIRs) as they arise. This includes working with the business unit's employees to ensure that the PIRs are clear, accurate and complete
Ensure action has been taken to correct issues documented in PIRs and monitor timely completion
Maintain the records of incident & breaches in the I&TS central PIR log or equivalent
Ensure that the business Process RCSA (level 3) and Personal Data Process Inventories are updated
Provide the LPO with periodical report on remedial action plan and privacy reporting completions
Attend, as delegate of the BU, the PIRC meetings to explain volume of minor breaches being exceeding the risk appetite fixed at the legal entity level and explain moderate and above breaches in their units.
Accountable for day-to-day execution of Privacy Risk Management policies, procedures and standards
Meet with the LPO to discuss changes in processes or regulations that would impact the business unit's privacy risk or when there are new initiatives that would require a PIA to be performed
Ensure senior management awareness of privacy Risk management practices and assist senior management in ensuring staff complete the Fundamentals of Privacy and Security training course
In conjunction with the LPO, ensure additional training is provided as required
Maintain a Training Log of any Privacy training received by staff in addition to the Fundamentals of Privacy and Security course
Cascade periodic enterprise-level Privacy related communications to unit employees to reinforce awareness.
Perform and support some of the activities of the wider regional Operational Control Team:
Review Operational Risk Events to understand root causes, process deficiencies and control failures
Escalate Operational Risk Events/Identified Control Gaps and Issues on a timely basis to Operational Control Management and Management of Business
Follow up on identified issues and actions on a regular basis as required by the Operational Control Practices and escalate any non-compliance/delays identified.
Using a risk/control-based approach, support the Business-level, Country-level and Enterprise-level Operational Risk and Control Self-Assessments Program to ensure standardization and consistency of practices in the end-to-end process
Execute control-related Enterprise initiatives as assigned.
What do you need to succeed?
- Experience in financial services and experience in a control function
- Awareness of privacy risk and breach management process
- Demonstrated ability to lead discussions on privacy and control related topics
- Strong analytical and problem-solving skills
- Strong attention to detail
- Good understanding of GDPR requirements
- Good business process knowledge within asset servicing
- Good understanding of risk management
- Strong written and verbal communication skills
- Self-motivated with strong sense of initiative