Data Protection Expert

Work within the Local Data Protection Office, acting as part of the second line of defence, supporting oversight and advisory activities to ensure compliance with data protection obligations pursuant to EU Regulation 679/2016 ("GDPR"), as well as other legislation on personal data. This role contributes to the independent assessment of local and global programs impacting personal data, including aspects related to information security controls and data protection by design.

Key Responsibilities

• Support second line oversight activities on data protection programmes, contributing to the assessment of compliance with GDPR requirements and providing advisory to the business and first‑line functions.
• Facilitate effective communication and awareness across the bank, promoting a sound understanding of data protection requirements and their integration into business processes and controls.
• Assist in the review and challenge of Data Protection Impact Assessments (DPIAs) and support the maintenance of the Record of Processing Activities.
• Provide support in incident management, including second line review and challenge on data breach assessments; cooperate with IT and Security functions on security‑related events and support the evaluation of data subjects’ rights requests.
• Review procedures, policies and guidelines relating to data protection domains, providing independent validation and recommendations for improvement while considering technical and organisational security measures.
• Perform second line controls and independent gap analysis, supporting the identification and tracking of remediation actions related to data protection and information security measures.
• Support local training programmes on data protection, contributing to awareness initiatives aimed at strengthening both compliance culture and secure handling of information.

Requirements

• Education: Degree in Law or Computer Science; a Master’s or equivalent post‑university specialisation in data protection or computer science is preferred.
• Experience: 2–4 years in data protection, legal, compliance or computer science.
• Technical Skills: Strong knowledge of data protection laws and regulations; knowledge of information technology and computer science; excellent knowledge of Microsoft Office Suite.
• Language Skills: Excellent written and oral English.
• Soft Skills: Ability to work independently under pressure, strong interpersonal and organisational skills, teamwork and influencing ability, proactive problem‑solving, curiosity and a pragmatic, resilient mindset.

Working Conditions

Full‑time, permanent position. Location: Milan (hybrid).

Benefits

• Competitive base salary and performance‑based bonuses.
• Fully flexible smart working.
• Access to training and development opportunities.
• Focus on physical and mental well‑being.
• Free water and coffee at the office.
• Inclusive and diverse workplace culture.

Equal Opportunity

We are committed to a safe and inclusive environment and offer equal job opportunities to all qualified candidates.