Company description

Our ambition is to ensure the stability of the Luxembourg financial sector, to protect financial consumers and to promote a financial market which is fair, transparent and safe. The Commission de Surveillance du Secteur Financier (CSSF) acts exclusively in the public interest and all of our employees contribute to maintaining the safeness and soundness of the financial industry, one of the main drivers of the Luxembourg economy.

Beyond the national scope, the CSSF is also characterized by a strong European and international exposure. Our employees participate in international working groups and collaborate with other European authorities with the aim of promoting a stable financial industry on a European and international level.

More about Commission de Surveillance du Secteur Financier (CSSF)

Mission

As part of the Data Protection Office, your mission is to contribute effectively to the implementation of the General Data Protection Regulation (GDPR) within the CSSF. This involves monitoring compliance with the GDPR and analyzing the risks to personal data. It also involves providing practical support to all CSSF’s business lines in developing and updating the conditions that ensure compliance with the GDPR.
You would report directly to the Data Protection Officer (DPO) and assist him in his missions on determined business perimeters.

Role & responsibilities

Monitor personal data protection compliance, assess risks and draw up recommendations in structured reports
Follow up recommendations with the business lines
Assist all business lines in maintaining an up-to-date register of processing activities
Assist all business lines in the preparation and updating of data protection impact assessment (DPIA)
Manage cross-functional projects in line with RGPD requirements
Contribute to and verify the implementation of Privacy by Design
Assist business lines in drawing up and updating information notices or data protection policies for data subjects
Draw up data protection procedures
Help respond to requests from data subjects
Contribute to the processing of data breaches (analysis, follow-up of measures, notification)
Participate in the dissemination of a data protection culture within the business lines and in raising awareness among agents
Participate in the consolidation of Data Protection Office activity reporting

Your profile

Master’s degree (BAC + 4 / BAC + 5)
Conclusive experience (3 years minimum) in a position closely related to data protection and ideally in the financial sector
Good written and spoken French, English and Luxembourgish; Knowledge German would be an asset
Mastery of the GDPR and its related framework (guidelines, recommendations, best practices)
Reliable knowledge in information security (e.g. best practices) and IT security (e.g. encryption, strong authentication, pseudonymization)
Know how to carry out a compliance audit, an AIPD, a privacy by design, declare a processing activity, draft data protection information notices, manage a data breach and respond to the exercise of data subjects' rights. If this is not the case, you need to be ready to adapt and assimilate these concepts quickly
Interest in new technologies and regulatory developments (e.g. IA ACT)
Good writing, analytical and summarizing skills
Excellent interpersonal skills
Ability to work independently and as part of a team, with a proven aptitude for cross-functional management