Business Risk Information Officer
When you join Quintet you are joining a company that values diversity of background, equal access to opportunities, career development, collaboration and inclusiveness. We want our employees to feel proud of being part of a company that is committed to do the right thing.The role of the Business Information Risk Officer (BIRO), focuses specifically on data privacy/protection/cyber risks.
The BIRO will report directly to the Head of Business Risk Management, and he/she is expected to work closely and collaboratively with the Group BRM team, the business (Wealth Management and Asset Servicing), as well as the local 2nd and 3rd line of defense functions (compliance, risk and audit).
The BIRO will also actively engage with the DPO team to respond to requests and ensure 2LoD observations are understood and required remediation plans are put in place. Key Accountabilities Data Leakage Prevention (DLP) controls:Develop and maintain the first line controls monitoring framework, ensuring completeness, appropriateness, and process efficiency.Analyse control results designed to mitigate Security and Cyber risk in the context of data leakage and define measures to address weaknesses together with local business leads.Monitor Key Risk Indicators and maintain industry awareness, best practice insight, and regulatory knowledge.Escalate significant issues and lessons learned to Group Business Risk Management (BRM) management, Chief Information Security Officer (CISO), Chief Risk Officer (CRO) and/or Data Protection Officer (DPO) as required.Retention and clean-up of decentralised applications:Coordinating the updates of the inventory of decentralized applications and the annual clean-up with the relevant business owners and outsourcers at group level.Produce related MRI related to retention.Data sharing, access rights and classification controls:Monitor the adequacy of access control management controls in collaboration with IT.
This may include limitations on massive/bulk data extraction without control/high-risk access rights (USB, toxic combination, etc.).Enforce practices to ensure sensitive information is not left exposed on desks or workspaces.Escalate instances of excessive access rights/issues to the AMC RC.Regularly review confidential tagging applications on confidential repositories at premise or MS365 cloud level.In general, the BIRO will also engage with the BRM and the business to:Guide managers in understanding and mitigating information risks in their business areas.Together with the second line, develop and maintain standards for handling sensitive information safely and data privacy matters.Identify and address risks related to data usage within current operations.Evaluate and anticipate risks from new technologies like AI.Lead investigations and responses to security incidents involving data.Support the annual RCSA (Risk and Control self-assessment) for data privacy risks.
Knowledge and Experience Proven experience in Business Risk, Audit, Compliance and/or other control functions within IT or Data Management Organisations in a financial services context.Expertise in Information Security, Cyber Risk, and Data Protection.Attributes and Qualities Strong execution skills and ability to manage conflicting demands and priorities.Ability to communicate effectively, influence, and persuade at various levels.Ability to evolve in a matrixed, changing, and complex environment.Global understanding of private banking processes is a strong advantage.Ability to collaborate with all businesses and engage stakeholders to work with a common purpose.
Technical Skills Knowledge of Data protection and IT Cyber Risk issues. Languages Skills Fluent in English, any additional European language is advantageous.