DPO is positioned in the 2nd line of Defense (within RISK function) and will constitute his/her DPO office for the scope outlined under his/her responsibility. 

DPOs are appointed to perform any tasks required by the applicable law, identify and implement appropriate risk-based personal data protection controls and procedures to meet priority Privacy requirements, monitor compliance with Data Protection regulations and internal policies and perform independent testing of personal data processing activities by the first line of defense. Statutory DPOs ensure communication with the Data Protection Authorities and provide oversight of communication towards individuals (in particular customers and employees). 

Covering Germany and Austria, respectively around 70/30% workload allocation.
 

The key responsibilities of a Data Protection Officer are:

• Those mandated by the applicable law
• Communication with internal (eg employees), external stakeholders, data protection authorities and data subjects
• Contribute to the monitoring of the regulatory landscape on data protection regulations and the relevant communication performed by Legal
• Participate in committees on / in relation to personal data protection at different levels
• Oversee and advice regarding the overall personal data protection framework on:
  • Implementation of policies and guidelines on Personal Data Protection and Privacy by design principles
  • Provide advice on Privacy Impact Assessment (PIA)
  • Review and advise on implementation of Personal Data Security principles and management of personal data breaches
  • Oversee the Records of processing activities
  • Contribute towards building and implementing an awareness program
• Define and operate the second level controls and independent resting on personal data protection framework in order to monitor compliance with personal data protection legislation and internal policies and guidelines
   

Language skills: 

• German 
• English 

Qualifications & Experiences 

• Master’s degree in Law (or Economics/IT) or related field required
• Sound knowledge of the General Data Protection Regulation (GDPR) and other Data Protection related Laws and Regulations
• 5 + years of Data Protection related experience as Data Protection Officer or within similar roles
• Data Protection certification required
• Project Management experience preferred

Skills and Knowledge

• Demonstrated experience with Data Protection compliance risk management, including risk identification, evaluation, mitigation and management
• Experience regarding the development of Data Protection compliance management systems; Data Protection compliance management framework development and execution
• Demonstrates ability to prioritize workload
• Strong communication skills with extensive experience working directly with executive leadership, and board of directors as needed to present, review, discuss compliance management topics
• Ability to navigate within a matrix environment and execute for multiple stakeholders, managing active discussions and negotiations, and operating under stringent expectations and deadlines
• Strong analytical and data interpretation skills including the ability to review, interpret and present data in a concise and precise manner; 
• Strong interpersonal and communication skills, both oral and written; with excellent attention to detail
• Proficient in full suite of Microsoft Office applications
• General knowledge of financial services industry preferred