Data Protection Compliance Specialist @ING Hubs Romania

Discover ING Hubs Romania

ING Hubs Romania offers 130 services in software development, data management, non-financial risk & compliance, audit, and retail operations to 24 ING units worldwide, with the help of over 2000 high-performing engineers, risk, and operations professionals.

We started out in 2015 as ING’s software development hub, then steadily expanded our range to include more services and competencies. Now we provide borderless services with bank-wide capabilities and operate from two locations: Bucharest and Cluj-Napoca.

Our tech capabilities remain the core of our business, with more than 1800 colleagues active in Data and Analytics Tech, Tech Foundation and Channels, Retail Core Banking and Architecture, and Global Products and Technology Services.

We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged. 

For us, impact isn't a perk. It's the driver of our work. We are guided and rewarded by a shared desire to make the world a better place, one innovative solution at a time. Our colleagues make it their job to do impactful things and they love doing it in good company. Do you? 

The Mission
The Data Protection Compliance Specialist IV is a 2nd line of defense (2LoD) independent role and ensures that personal data is managed in a professional, lawful and ethical manner.
You will be part of the WB EMEA Regional Data Protection team providing support to locations within the remit. The primary focus of the role is policy and advisory as you will perform the role of the Data Protection Officer (DPO) for some of the locations, therefore it is required that your main experience corresponds to that. You will also provide expert advice and oversight within the organisation, on, but not limited to personal data protection related external/ internal events, risk identification & assessment, risk mitigation & tracking, and risk reporting. 

Your day-to-day 
•    Advise local teams in WB EMEA on data protection rules based on laws/regulations and internal guidelines/policies/procedures/requirements including implementation of internal and external requirements
•    Provide support to locations in the capacity of the DPO including all queries/projects that fall within the scope
•    Support the creation, review and monitoring of procedures that involve personal data, making sure they meet legal and internal standards
•    Manage risks and incidents such as data breaches
•    Respond to requests from individuals who exercise their rights in the relevant jurisdictions
•    Manage and respond to regulatory requests/supervision/investigations
•    Work with first-line teams to support privacy risk assessments (like DPIAs, LIAs and TIAs) and follow up on agreed actions
•    Contribute to and lead on training and awareness including leading training sessions
•    Take part in regular checks of key privacy controls and help document the results and, where required, take the lead
•    Help track changes in laws/regulations/internal requirements and/or audit findings and assist in coordinating responses, follow-ups and implementation
•    Perform required risk management activities such as risk assessments, reporting, monitoring Promote consistency in how the relevant data protection laws/regulations and internal policies are applied and help guide stakeholders toward acceptable risk levels
•    Stay informed and involved in the data protection compliance internal community through calls, updates, and shared resources and any other relevant forums whether internal or external
•    Work closely with stakeholders from locations, ING Group and others
•    Other tasks as required

What we'll bring to the team

•    Bachelor’s degree, in Legal/Compliance/Risk field
•    6+ years’ experience in the Compliance Area/Legal including 5+ in data protection 
•    Demonstrable experience acting as a DPO (e.g., privacy office, second line of defence, compliance advisory, or risk)
•    Strong understanding of GDPR and other European legislation, key privacy principles, lawful bases, accountability requirements, and governance expectations
•    Proven track record of providing advice, guidance, and challenge to senior stakeholders (business, operations, technology, procurement, and legal) on privacy risks and controls.
•    Hands on experience with core privacy activities (in the DPO capacity incl. challenge), 
•    Ability to translate regulation into clear, actionable guidance for business teams 
•    Experience operating in a multi-country environment across EMEA, with the ability to navigate local requirements while maintaining group standards
•    Evidence of driving outcomes through influence, including policy adoption, control remediation, and sustainable process improvements
•    Skilled at building trusted relationships with stakeholders while maintaining independence and credible challenge
•    Exposure to & understanding technical & business-related events/issues impacting data privacy, compliance and the bank industry including solid knowledge of privacy controls in banking environments (e.g., access controls, security-by-design, retention, vendor management)
•    Collaboration skills and ability to work across both functional and geographical lines
•    Pro-activeness and communication skills
•    Ability to demonstrate critical thinking and discuss findings, recommendations with senior management
•    Good analytical skills and sound judgement
•    Excellent written and verbal communication skills
•    Fluent in English (written and spoken)
Certification
•    Privacy certification (e.g., CIPP/E, CIPM, CIPT, or equivalent)

If you want to deep dive into the processing of personal data conducted by ING Hubs Romania during the recruitment process and your rights related to it, read the privacy notices on our website (make sure to scroll until you reach the Data Protection section/ Candidates tab).