WINTERMANN SEARCH
WINTERMANN SEARCH

Senior Data Governance Risk Manager

Our Client, a major global Banking group, is currently seeking a Senior Data Governance Risk Manager for their London Office.

 

Principal Purpose of the Job:

The Senior Data Governance Risk Manager role will have broad 2nd line of defence responsibility for a range of critical activities necessary to strengthen and maintain the data, information security, data protection and cyber control environment throughout the Bank. Hence, the role will report into the Data Governance Risk Officer & Data Protection Officer (DPO).

 

 

Main Responsibilities & Accountabilities:

Perform a current-state analysis to:  a. Assess the Bank’s existing information security (IS) control environment (considering all aspects of technology IS, data assets, and cyber risks and resilience controls); b. Identify the current controls aligned to these risks and highlight potential control gaps; c. Develop a strategy for enhancement to manage those risks in line with the Bank’s agreed risk appetite;. d. Act as a point of liaison with Head Office.

 

Design and maintain a governance framework to capture strong cyber resilience, information security, data security and data protection;

 

Provide Bank-wide supervisory oversight, management reporting, and policy for the existing IS, data, and cyber control framework;

 

Support delivery of activities identified in the annual Compliance Monitoring Plan, such as:

 

SYSC 9 & 10A- Record Keeping & Document Retention Bank-wide supervisory oversight;

  1. Annual Business Outsourcing reviews;
  2. Regulatory reporting such as the REP018 and REP020 Quarterly returns;
  3. Maintain policies for existing IS, data and cyber control frameworks;
  4. Management reporting to Senior Management forums;
  5. Conduct compliance email phishing exercises and data exfiltration reviews;
  6. Act as a point of liaison with Head Office.

 

Undertake ongoing monitoring of key data and IS risks. Develop and deliver staff and stakeholder training on data protection/privacy regulatory requirements and cyber security, enhance management reporting information (KRI/KPIs), present performance status, and escalate issues to Senior Management where necessary. Build a profile of the Bank’s cyber threats and associated controls and provide Management with recommendations to enhance key cyber controls;

 

Fulfil the Deputy Data Protection Officer role in line with the requirements of current and incoming Data Protection Regulations (GDPR). This will include assessing the effectiveness of current Bank’s data and records management controls and developing enhancement action plans where these may be required;

 

Provide timely expert advice on data protection to business units;

 

Provide advice and ongoing oversight on Operational Resilience aligning the Bank’s practices with regulator expectations.

 

This role will build upon the Bank’s existing policies and controls in respect of data and cyber risk management, including Group-level guidance and directives. The role will include extensive interaction with all parts of the Bank’s operations and support functions (particularly the IT department) in London and must liaise with all levels of seniority.

 

 

Only for staff with direct reports:

Recruit and maintain human resources in accordance with agreed plans, train, develop and lead resources to ensure that targets are met. Manage performance of staff and ensure appropriate training needs are identified.

 

Skills Required:

The successful candidate will be able to demonstrate the following skills: -

 

Practical experience in a senior role in a similar European financial services organisation with responsibility for Data Protection, Data Governance, and/or Information Security;

 

Good working knowledge of current and changing cyber threats and mitigating control strategies with demonstrable experience of working with or advising on a cyber control activity or change project;

 

Practical understanding of key aspects of UK data and information protection regulations (GDPR) and best practices. This should extend to insights on applicability of key regulatory obligations to different business activities and how regulatory impact and gap analysis work is undertaken in a multi-product banking business;

 

Excellent communication skills are critical to ensure risk and control understanding is embedded throughout the business.

 

 

Skills Desired:

Basic project management capabilities including chairing working group meetings, managing work streams, scheduling project action plans, cost/benefit assessment, engagement with third party service providers, etc.;

 

Experience across banking business lines (retail banking, corporate/wholesale banking, traded and capital markets) will be of particular value to this role although deep skills and expertise in all business lines is not expected;

Familiarity with cross-border aspects of current and incoming UK and European data and information security regulation would be extremely advantageous. The Bank’s London Office forms a component of the larger global banking group and liaison with the Parent Bank and other overseas business units, together with understanding of cross-border data transfer processes will form a key component of the role;

 

Strong presentation skills – providing one-to-one, structured training, and management reporting to staff at all levels of the Bank.

 

Other Factors:

In addition to strong interpersonal and presentation skills, this role will benefit from the following skills:

 

Compliance background with proven ability to develop and publish business-standard policy, procedures, assessment reports, action plans, and similar documentation;

 

Experience of working in international banking organisations will be of value.

 

For further information, please contact: 

Enrico Castagnetti, Wintermann Search & Selection Limited

Mobile:       +44 (0)7711 267500

Email:         enrico@wintermann.co.uk

 

 

Print | Sitemap
© Wintermann Search