Business Risk Information Officer 2884

Purpose of the Job

Quintet Private Bank is a leading private bank in the wealth management sector; we are committed to our clients and their families and pride ourselves on our personalized service based on a deep understanding of what clients want to achieve. When you join Quintet you are joining a company that values diversity of background equal access to opportunities career development collaboration and inclusiveness. We want our employees to feel proud of being part of a company that is committed to do the right thing.

The role of the Business Information Risk Officer (BIRO) focusses specifically on data privacy/protection/cyber risks. The BIRO will report directly to Head of Business Risk Management and he/she is expected to work closely and collaboratively with the Group BRM team the business (Wealth Management and Asset Servicing) as well as the local 2nd and 3rd line of defense functions (compliance risk and audit). The BIRO will also actively engage with the DPO team to respond to request and ensure 2LoD observations are understood and required remediation plans are put in place.

Key Accountabilities

Leakage Prevention (DLP) controls:
o Develop and maintain the first line controls monitoring framework ensuring completeness appropriateness and process efficiency.
o Analyse control results designed to mitigate Security and Cyber risk in the context of data leakage and define measures to address weaknesses together with local business leads.
o Monitor Key Risk Indicators and maintain industry awareness best practice insight and regulatory knowledge.
o Escalate significant issues and lessons learned to Group Business Risk Management (BRM) management Chief Information Security Officer (CISO) Chief Risk Officer (CRO) and/or Data Protection Officer (DPO) as required.

and cleanup of decentralised applications:
o Coordinating the updates of the inventory of decentralized applications and the annual cleanup with the relevant business owners and outsourcers at group level.
o Produce related MRI related to retention.

sharing access rights and classification controls:
o Monitor the adequacy of access control management controls in collaboration with IT. This may include on limitation of massive/bulk data extraction without control/ high risk access right (USB toxic combination)
o Enforce practices to ensure sensitive information is not left exposed on desks or workspaces.
o Escalation of instances of excessive access rights/issues to the AMC RC
o Regularly review of confidential tagging application on confidential repositories at premise or MS365 cloud level.

In general the BIRO will also engage with the BRM and the business to:
o Guide managers in understanding and mitigating information risks in their business areas
o Together with the second line develop and maintain standards for handling sensitive information safely and data privacy matters
o Identify and address risks related to data usage within current operations
o Evaluate and anticipate risks from new technologies like AI
o Lead investigations and responses to security incidents involving data
o Support the annual RCSA (Risk and Control selfassessment) for data privacy risks.

Knowledge and Experience

Proven experience in Business Risk Audit Compliance and/or other control functions within IT or Data Management Organisations in a financial services context
Expertise in Information Security Cyber Risk and Data Protection

Attributes and Qualities

Strong skills and ability to manage conflicting demands and priorities.
Ability to communicate effectively influence and persuade at various levels.
Ability to evolve in a matrixed changing and complex environment.
Global understanding of private banking processes is a strong advantage.
Ability to collaborate with all businesses and engage stakeholders to work with a common purpose.

Technical Skills

Knowledge of Data protection and IT Cyber Risk issues.

Languages Skills

Fluent in English any additional European language is advantageous