Data Protection Expert @ ING Hubs RO

Discover ING Hubs Romania

We started out in 2015 as ING’s software development hub – a distinct entity from ING Bank Romania – then steadily expanded our range to include more services and competencies.

Formerly known as ING Tech, as of 2022 we provide borderless services with bank-wide capabilities under the name of ING Hubs Romania and operate from two locations: Bucharest and Cluj-Napoca.

With the help of over 1600 engineers, risk, and operations professionals, we offer 130 services in tech, non-financial risk & compliance, audit and retail operations to 24 ING units worldwide.

Our tech capabilities remain the core of our business, with more than 1300 colleagues active in Data Management, TouchPoint Channels & Integration, Core Banking, and Global Products.

We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged. Work ethics, honesty and knowledge sharing are key to our teams and we’re always looking for like-minded people.

The Mission

The Data Protection Expert is responsible to deliver day-to-day data protection executive services to entities within the ING Group. The Data Protection Expert will be working closely with the Chapter Lead Data Protection Executive Services, the DPE teams from other entities within the ING Group, the DPO teams from the corresponding entities within the ING Group, and Group Data Protection Executive Office and Data Protection Office to monitor and support ING Unit’s compliance with the ING’s Global Policy for Data Protection (GPDP) and alignment with the overall personal data strategy of ING Group as a whole.

Your day to day

Daily activities include collaboration with the relevant stakeholders to:

• Drive the implementation of the GDPR and other relevant legislation, through governance, data inventory, data policies & processes, controls,
• Provide 1st line support and operational assistance on data protection matters for stakeholders in business lines and support functions,
• Monitor the implementation of the GPDP local and global procedures, and other data protection relevant legal acts, regulations, policies and best practices,
• Cooperate with other 1st line teams when the yearly key control testing (KCT) takes place, and offer assistance with the fulfilment of the KCTs,
• Creating awareness and deliver trainings on data protection compliance,
• Assist in the investigation of data breaches, manage data breach notifications, the resolution and remedial action of all data protection incidents and report these where appropriate to the local responsible bodies,
• Manage and provide data protection assistance in the timely and complete filling of Records of Processing Activities along with the involved stakeholders,
• Manage and provide data protection assistance with respect to performing Data Protection Impact Assessments, Legitimate Interest Analysis, Transfer Impact Assessments, along with the involved stakeholders,
• Manage and provide data protection assistance on the implementation of the retention periods for personal data, and take the necessary deletion/destroyal actions after such periods expire,
• Prepare and report on GPDP related metrics and other activity reports and presentations to Group and local stakeholders and bodies in case required,
• Offer advice and support to contract owners by performing an initial data protection assessment on 3rd party contracting (data processed, purposes, subcontractors, 3rd countries etc.),
• Participate in the local implementation of global GPDP programs,
• Engage with those responsible for data protection in the business units and support functions to identify opportunities to improve the way ING protects personal data and support execution;

What you’ll bring to the team

• Bachelor’s degree with approx. 3 years of professional experience in the control/ audit/ consultancy services/ compliance/ legal field connected to the data protection area, preferably in a similar business environment (banking/IT),
• Knowledge of the national and European data protection laws and practices, knowledge of the business sector, understand the processing operations, technologies and data security,
• Good understanding of general banking environment, governance structure, and banking products, services and operational flows,
• Good stakeholder management skills,
• Knowledge of data governance, data quality and data ethics is a plus,
• Legal background and relevant data protection qualifications are a plus: CIPP/E, CIPM, CIPT,
• Ability to develop working processes that provide structure and discipline,
• Experienced user of Microsoft Office package (Word, Excel and Power Point are a must),
• Very good organizing skills, team player with strong communication, negotiation and analytical skills, problem solving oriented, logical and open-minded, ability to work independently,
• English (writing, speaking) advanced,

What’s in it for you

• Annual Performance
• Extra vacation days depending on the total length of working experience
• Flextime – our own way of working
• Monthly budget on Benefit platform
• Growth opportunities
• Defining a clear career path on short/ mid/ long term and identify the competencies you need to build/ develop to reach the next level: vertically – towards a managerial position or horizontally – towards an expert or architect level, locally or globally
• Internal mobility is encouraged
• Possibility to access International Short-Term Assignments or Long-Term Assignments
• Upskilling/ reskilling programs
• Learning & Development opportunities
• Annual training & certifications budget
• Pluralsight & e-learning platforms
• CSR activities: tree planting, coding lessons for teenagers etc.