Data protection - control owner

Data Protection Expert- Control Standard Owner  

GJA 18 / Job Profile Summary

Global Data Organisation

As a technology-enabled and digital-led bank, data is at the heart of everything we do. It powers how we measure risk, assess performance, and make decisions. To ensure we unlock the full value of our data, we must guarantee its completeness, accuracy, auditability, traceability, and protection. The Global Data Organisation serves as the first line of defense in securing robust data chains, working in close collaboration with all functions, business lines, and countries across the Bank.

The Global Chief Data Office (CDO) plays a pivotal role in this mission. As a central organizational unit, the CDO partners with stakeholders across the enterprise to enable frictionless customer journeys, support ESG-driven innovation, and deliver data products that enhance decision-making. With emerging trends such as digital wallets on the horizon and increasing regulatory expectations around data governance, the CDO is evolving to meet these challenges head-on, ensuring our data remains both a strategic asset and a safeguarded resource.

The opportunity

The Global Data Management team is responsible for building our design capability and establishing our global mandate over our data frameworks and controls. They will define, maintain and continuously improve ING global standards for Data Governance, Data Quality, Data Protection, AI and Data Ethics, ensuring consistent application across the Bank and full alignment with both regulatory expectations (BCBS29, GDPR, AI Act, DORA etc.) and INGs business objectives.

To realize this, we are moving towards a leaner data management function with much stronger functional ties to countries and functions to stimulate co-creation of data management standards, work-instructions, frameworks, and embedding full ownership of data processes and controls in the entire organization. The Global Data Management team will work closely with the operations and transformation capabilities of CDO to ensure that data delivered across the Bank is adherent to our global policies and frameworks.

As the Data Protection Control Standard Owner, you are responsible for both the Global Personal Data Protection (GPDP) and Global Record Retention and Deletion (GRRD) control standards. This role encompasses the full lifecycle management of these standards, including:

• Designing and maintaining control mechanisms to mitigate risks identified in the corresponding policies.
• Developing dashboards and reports to monitor the effectiveness of the controls.
• Ensuring that ING operates within its defined risk appetite for these standards.

Data Protection

This role is positioned within the Global CDO organization, as part of the Global Data Management team, with a clear mandate to strengthen cross-functional, country, and business line collaboration. It will work closely with other DPE process leads and the expert lead to drive co-creation of truly global procedures. In addition, the role will actively engage with control owners across other areas of data management—including EUC, reporting, and Data Management Control Standards—to ensure alignment and integration of data privacy requirements across the broader data landscape.

The Data organization is globally present, with people working in Amsterdam, Manilla, Bucharest and many more ING countries. The Data Protection team based in NL collaborates with more than 80 Data Protection experts around the globe working on our ambition: making sure data is being treated in a pragmatic, compliant and safe way!

Roles and responsibilities  

• Owns and maintains the Global Process Control Standards (GRRD & GPDP) in close consultation with the Global Policy Owner;
• Makes sure proper reporting on compliance with the CS requirements are shared with all relevant stakeholders with a clear message of the status and actions to improve the CS effectiveness.
• Facilitates and coordinates regular contacts with the DPE Offices in locations in order to share proper and timely information on relevant CS requirements, related issues and topics. These interactions should also foster collaboration and strengthen cross-functional alignment.
• Defines and owns guidance on: Cookie management, Consent/Direct Marketing  and make sure GDPR requirements are embedded in PARP process.
• Collaborate with the CDO office to further mature our central learning and development platform on data protection in collaboration with COO Academy.

Furthermore you have/are

• A Master or Bachelor degree (preferable in Law)
• Proven understanding of privacy and data protection trends, supported by CIPP and 5–15 years of experience. 
• Problem solving - Identifies solutions given available information
• Collaboration and Influencing others - Persuades others to a desired result
• Inspiring others - Fosters energy for and provides direction towards organizational goals
• Taking initiative - Takes action without the direction of others
• Dealing with Ambiguity - Deals comfortably with unclear situations and problems
• Execution bias – Must have a strong track record of large-scale execution capabilities, especially in areas where the entire value chain is not always under one’s command and control
• A drive for change and improvement. Loves challenges and is able to work in changing environment.

Preferable knowledge of

• Internal Control Binding Principles
• Global Procedure Non-Financial Risk Key Controls Identification, Monitoring and Evaluation
• Global guidance on Key Control Monitoring technique
• Non-financial Risk Framework
• iRisk