Rothschild & Co is a leading global financial services group with seven generations of family control and a history spanning over 200 years at the centre of the world's financial markets.
Our expertise, intellectual capital, and global network enable us to provide a distinct perspective making a meaningful difference to our clients, communities, and planet.
We have 4,200 talented specialists on the ground in over 40 countries worldwide, enabling us to deliver a unique global perspective across four market-leading business divisions – Global Advisory, Wealth Management, Asset Management, and Five Arrows.
As a family-controlled business built on relationships, we place a huge emphasis on our people and finding the right colleagues to take our business forward.
Rothschild & Co is committed to an inclusive and supportive environment where diversity and different perspectives are valued. We focus on attracting, recruiting, developing, retaining, and progressing high-calibre talent to ensure we and our clients benefit from the value of difference.
Overview of Role
The Information Security & Data Protection team at Rothschild & Co Bank AG (R&CoBZ) is responsible for defining and overseeing the delivery of the information/cyber security strategy and data protection programme. The team is part of the wider Group Information Security within the Group Risk function.
The Data Protection Specialist will play a key role in liaising with the regional Information Security Officer, DPO, and Group Information Security to ensure consistent delivery of data protection and information security to all R&CoBZ locations.
This role is suitable for a security and data protection specialist with primary experience in Data Protection and additional knowledge in Information Security. The ideal candidate would have a solid understanding of regulatory landscapes such as FADP, GDPR, FINMA, and the EBA, and cyber security and risk management concepts and frameworks.
Responsibilities
1. Assist the Data Protection Officer in delivering, maintaining, and monitoring the Data Protection program (e.g., registry of processing activities, policies, procedures, and tools). Ensure regular checks that all data subjects have been properly identified and inventoried, and remain safeguarded from unauthorized access.
2. Support the Business in executing the Data Protection Impact Assessments, designing, and performing recurrent data privacy assessments/audits.
3. Define data protection requirements during business and IT projects and ensure their implementation (Privacy by design and by default).
4. Liaise with local legal departments to ensure proper adherence to regulatory frameworks applicable to Data Protection.
5. Liaise with group security and data protection functions to ensure adherence to group standards.
6. Contribute to ongoing improvements in various information security initiatives, including education and awareness, risk and control maturity improvement, data loss prevention, third-party risk management, and data protection.
7. Support the execution of regular Information Security and Data Protection audits and assessments (e.g., internal, external, regulatory).
8. Promote security awareness within the firm by assisting security awareness and education activities.
9. Assist in performing risk assessments and control maturity assessments and ensure risks, control gaps, and remediation activities are clearly communicated to business stakeholders.
10. Ensure proper application of these tasks to subsidiaries of R&CoBZ when applicable.
Experience, Skills, and Competencies Required
1. At least 3 years of working experience in Data Protection and Information Security, preferably in the financial sector or consulting.
2. Bachelor's or Master's degree in Law, Privacy, or Information Security-related fields.
3. Strong knowledge of GDPR and FADP.
4. Knowledge of Swiss and EBA banking regulations and their application to technology.
5. Knowledge of international security standards and frameworks such as NIST, CIS, ISO27001, etc.
6. Self-motivated and delivery-focused, the candidate must be able to work independently and switch between several simultaneous projects effectively prioritizing work.
7. Team playing and communication skills – the candidate must be a team player and interact effectively with other team members of the R&CoBZ Information Security team.
8. Strong problem-solving and analytical skills.
9. Good knowledge of English language; German language desirable but not necessary.
10. Desirable Qualifications – CIPP/E, ISACA CISA, CRISC, or CISM.
Rothschild & Co is committed to safeguarding and enhancing the health and wellbeing of all its employees. To support this, Rothschild & Co provides all employees with a range of healthcare services and benefits aiming to support their overall wellbeing.
We aim to create a working environment and culture where people can succeed.
We offer a variety of in-house trainings, as well as tuition assistance for further education and training courses.
Everyone can choose to incorporate agile working principles into their working week.
We have learned a great deal about the adaptability, commitment, and resilience of our people. We believe there are opportunities for all of us to enhance our working lives and outcomes by applying a more flexible approach to where and when we work and up to 40% of your work time can be performed from home.