Data protection expert (m/f)

Mission

As part of the Data Protection Office, your mission is to contribute effectively to the implementation of the General Data Protection Regulation (GDPR) within the CSSF. This involves monitoring compliance with the GDPR and analyzing the risks to personal data. It also involves providing practical support to all CSSF’s business lines in developing and updating the conditions that ensure compliance with the GDPR.

You would report directly to the Data Protection Officer (DPO) and assist him in his missions on determined business perimeters.

Role & responsibilities

Monitor personal data protection compliance, assess risks and draw up recommendations in structured reports
Follow up recommendations with the business lines
Assist all business lines in maintaining an up-to-date register of processing activities
Assist all business lines in the preparation and updating of data protection impact assessment (DPIA)
Manage cross-functional projects in line with RGPD requirements
Contribute to and verify the implementation of Privacy by Design
Assist business lines in drawing up and updating information notices or data protection policies for data subjects
Draw up data protection procedures
Help respond to requests from data subjects
Contribute to the processing of data breaches (analysis, follow-up of measures, notification)
Participate in the dissemination of a data protection culture within the business lines and in raising awareness among agents
Participate in the consolidation of Data Protection Office activity reporting

Your profile

Master’s degree (BAC + 4 / BAC + 5)
Conclusive experience (3 years minimum) in a position closely related to data protection and ideally in the financial sector
Mastery of the GDPR and its related framework (guidelines, recommendations, best practices)
Reliable knowledge in information security (e.g. best practices) and IT security (e.g. encryption, strong authentication, pseudonymization)
Know how to carry out a compliance audit, an AIPD, a privacy by design, declare a processing activity, draft data protection information notices, manage a data breach and respond to the exercise of data subjects' rights. If this is not the case, you need to be ready to adapt and assimilate these concepts quickly
Good written and spoken French and English; Knowledge of Luxembourgish and German would be an asset
Interest in new technologies and regulatory developments (e.g. IA ACT)
Good writing, analytical and summarizing skills
Excellent interpersonal skills
Ability to work independently and as part of a team, with a proven aptitude for cross-functional management

The successful candidate (m/f) will be hired as public employee (“employé de l’Etat”) under a permanent contract. If the candidate meets the required conditions, s/he will be asked to apply for admission to the status of civil servant (“fonctionnaire de l’Etat”).

Prior to the conclusion of the contract, the candidate must submit an extract from the criminal record (bulletin n°3), dated less than 2 months, in order to prove their conduct and integrity.

Apply now

* Required fields

Job reference *

Title *

First name *

Last name *

Date of Birth *

Nationality *

Phone *

E-mail *

How did you find about the position? *

Please specify *

Your resume *5MB max pdf

Your cover-letter *2MB max pdf

Your ID card *2MB max pdf, png, jpg, jpeg

Your Diploma *2MB max pdf, png, jpg, jpeg

Additional document2MB max pdf, png, jpg, jpeg

By ticking this box, you acknowledge that you have read and accepted our Job Applicant Privacy Notice *

Name	Description	Duration
cssf_cookies	Saves information regarding the user's consent to the use of cookies for each optional category.	1 year
ROUTEID	Technical cookie allowing load distribution.	Deleted when the browsing session ends
TBMCookie*	Security: This cookies protects the website against automated attacks.	Deleted when the browsing session ends
__utmvc	These first party cookies are set by a third party service to filter out malicious requests.	Deleted when the browsing session ends
__utmvm*	These first party cookies are set by a third party service to filter out malicious requests.	15 minutes

Name	Description	Duration
_pk_id.#	Collects anonymous statistical data on the website consultations, such as the number of visits or the average time spent on the website. The data is processed in-house and is not shared with a third party.	1 year
_pk_ses.#	Collects anonymous statistical data for the tracking of the pages consulted during the browsing session. The data is processed in-house and is not shared with a third party.	30 minutes