About Us
Rothschild & Co is a leading global financial services group with seven generations of family control and a history spanning over 200 years at the centre of the world's financial markets.
Our expertise, intellectual capital and global network enable us to provide a distinct perspective that makes a meaningful difference to our clients, communities and planet.
We have 4,200 talented specialists on the ground in over 40 countries worldwide, delivering a unique global perspective across four market-leading business divisions – Global Advisory, Wealth Management, Asset Management and Five Arrows.
As a family-controlled business built on relationships, we place a huge emphasis on our people and finding the right colleagues to take our business forward.
Rothschild & Co is committed to an inclusive and supportive environment where diversity and different perspectives are valued. We focus on attracting and recruiting, developing and retaining, and progressing high-calibre talent to ensure we and our clients benefit from the value of difference.
Overview of Role
The Information Security & Data Protection team at Rothschild & Co Bank AG defines and oversees the delivery of the information/cyber security strategy and data protection programme. This team is part of the wider Group Information Security within the Group Risk function.
The Data Protection Specialist will play a key role in liaising with the regional Information Security Officer, DPO and Group Information Security to ensure consistent delivery of data protection and information security across all R&CoBZ locations.
This role is suitable for a security & data protection specialist with primary experience in Data Protection and additional knowledge in Information Security. The ideal candidate would have a solid understanding of regulatory landscapes such as FADP, GDPR, FINMA and the EBA, as well as cyber security and risk management concepts and frameworks.
Responsibilities
* Assist the Data Protection Officer in delivering, maintaining and monitoring the Data Protection program (e.g., registry of processing activities, policies, procedures and tools), ensuring regular identification and inventorying of all data subject to protection, and their proper safeguarding against unauthorized access.
* Support the Business in executing Data Protection Impact Assessments, designing and performing recurrent data privacy assessments/audits.
* Define data protection requirements during business and IT projects and ensure their implementation (Privacy by design and by default).
* Liaise with local legal departments to ensure adherence to applicable regulatory frameworks for Data Protection.
* Liaise with group security and data protection functions to ensure adherence to group standards.
* Contribute to ongoing improvement of various information security initiatives, including education and awareness, risk and control maturity improvement, data loss prevention, third-party risk management and data protection.
* Support the execution of regular Information Security and Data Protection audits and assessments (e.g., internal, external, regulatory).
* Promote security awareness within the firm by assisting security awareness and education activities.
* Assist in performing risk assessments and control maturity assessments, ensuring risks, control gaps and remediation activities are clearly communicated to business stakeholders.
* Apply above-mentioned tasks to subsidiaries of R&CoBZ when applicable.
Experience, Skills and Competencies Required
* A minimum of three years of working experience in Data Protection & Information Security, preferably in the financial sector or consulting.
* Bachelor's or Master's degree in Law, Privacy or Information Security-related fields.
* Strong knowledge of GDPR and FADP.
* Knowledge of Swiss and EBA banking regulations and their application to technology.
* Knowledge of international security standards and frameworks such as NIST, CIS, ISO27001, etc.
* Self-motivated and delivery-focused – the candidate must be able to work independently and switch between several simultaneous projects, effectively prioritizing work.
* Team playing and communication skills – the candidate must be a team player and effectively interact with other team members of the R&CoBZ Information Security team.
* Strong problem-solving and analytical skills.
* Good knowledge of English language; German language desirable but not necessary.
* Desirable Qualifications – CIPP/E, ISACA CISA, CRISC or CISM.