Business Information Risk Officer ('BIRO')

Quintet Luxembourg, Luxembourg, LUX, L-2955

Purpose of the Job

Quintet Private Bank is a leading private bank in the wealth management sector; we are committed to our clients and their families, and pride ourselves on our personalised service based on a deep understanding of what clients want to achieve. 
We are a bank headquartered in Luxembourg, with branches in Denmark, Germany, the Netherlands and Belgium and a subsidiary in the UK and supervised by the ECB with an ambition to stay true to our purpose to be the most trusted fiduciary of family wealth.

When you join Quintet you are joining a company that values diversity of background, equal access to opportunities, career development, collaboration and inclusiveness. We want our employees to feel proud of being part of a company that is committed to do the right thing. You will have the opportunity to grow your career while developing personally and professionally through various resources and programmes. 

 

The Quintet Business Risk Management (BRM) function is a first line risk function whose main purpose is to:

  • Steer the first line of defense at Quintet in managing the risks pertinent to our business, including acting as a ‘Centre of Excellence’ setting minimum control requirements across the organisation and acting as a catalyst for change; 
  • Conduct monitoring activities to ensure the key business risks are mitigated, report on results and follow-up on any control remediations;
  • Provide advice to the Front Office teams on risk issues. 

The role of the Business Information Risk Officer (‘BIRO’), focusses specifically on data privacy/protection/cyber risks. The BIRO will report directly to Head of Business Risk Management, and he/she is expected to work closely and collaboratively with the Group BRM team, the business (Wealth Management and Asset Servicing), as well as the local 2nd and 3rd line of defense functions (compliance, risk and audit). The BIRO will also actively engage with the DPO team to respond to request and ensure 2LoD observations are understood and required remediation plans are put in place. This position is open to all Quintet locations.  
 

Key Accountabilities

 

Data Leakage Prevention (DLP) controls:

  • Develop and maintain the first line controls monitoring framework, ensuring completeness, appropriateness, and process efficiency.
  • Analyse control results designed to mitigate Security and Cyber risk in the context of data leakage and define measures to address weaknesses together with local business leads.
  • Monitor Key Risk Indicators and maintain industry awareness, best practice insight, and regulatory knowledge.
  • Escalate significant issues and lessons learned to Group Business Risk Management (BRM) management, Chief Information Security Officer (CISO), Chief Risk Officer (CRO) and/or Data Protection Officer (DPO) as required.

Retention and clean-up of decentralised applications:

  • Coordinating the updates of the inventory  of decentralized applications and the annual clean-up with the relevant business owners and outsourcers at group level. 
  • Produce related MRI related to retention.

Data sharing, access rights and classification controls:

  • Monitor the adequacy of access control management controls in collaboration with IT. This may include  on limitation of massive/bulk data extraction without control/ high risk access right (USB, toxic combination,…)
  • Enforce practices to ensure sensitive information is not left exposed on desks or workspaces.
  • Escalation of instances of excessive access rights/issues to the AMC RC
  • Regularly review of confidential tagging application on confidential repositories at  premise or MS365 cloud level. 

In general, the BIRO will also engage with the BRM and the business to:

  • Guide managers in understanding and mitigating information risks in their business areas
  • Together with the second line, develop and maintain standards for handling sensitive information safely and data privacy matters
  • Identify and address risks related to data usage within current operations
  • Evaluate and anticipate risks from new technologies like AI
  • Lead investigations and responses to security incidents involving data
  • Support the annual RCSA (Risk and Control self-assessment) for data privacy risks. 

Knowledge and Experience

 

  • Proven experience in Business Risk, Audit, Compliance and/or other control functions within IT or Data Management Organisations in a financial services context
  • Expertise in Information Security, Cyber Risk, and Data Protection 

Attributes and Qualities

 

  • Strong execution skills and ability to manage conflicting demands and priorities.
  • Ability to communicate effectively, influence, and persuade at various levels.
  • Ability to evolve in a matrixed, changing, and complex environment.
  • Global understanding of private banking processes is a strong advantage.
  • Ability to collaborate with all businesses and engage stakeholders to work with a common purpose.

Technical Skills

 

  • Knowledge of Data protection  and  IT Cyber Risk issues.
  • Computer literate with good knowledge of Office package (Word, Excel, Outlook, Powerpoint).

Languages Skills

    

  • Fluent in English (written and oral).