Skip to content

Main menu. Press enter or space keys to expands and escape key to collapse

General Information

Company
Deloitte
Business Unit
Enabling Functions
Primary Location
Zaventem
Field of interest
Legal Services
Industry Focus
Industry Agnostic
Recruiter
Al-Mbaidin, Kais - kalmbaidin@deloitte.com

Description of the position

Your journey with us

Deloitte’s Technology Operating Model (TOM) is a framework of standards (controls) and guidance used to confirm that all Deloitte’s technology assets and solutions are built to run, operate, and scale in a safe and predictable manner.
One important pilar of the framework if Confidentiality and Privacy. A Confidentiality and Privacy Assessment must be completed for each technology asset that will collect, access, store, or process Personal Information and/or Confidential Information. 
As Data Risk Review Expert, you will be responsible for assessing and identifying, data-related risks associated with software applications used within the organization. You will work closely with cross-functional teams to ensure that applications comply with data protection regulations, security standards, and best practices, thereby safeguarding sensitive data and minimizing data-related vulnerabilities.

Key Responsibilities:
  • Application Data Risk Assessment:
    • Conduct in-depth assessments of data-related risks associated with applications.
    • Identify vulnerabilities, threats, and weaknesses in application data requirements (COPRIA).
    • Prioritize risks based on their potential impact on data security and integrity.
    • Review technical documentation (data flow diagrams, solution designs) to make sound judgements regarding data protection risks.
  • Data Compliance for Applications:
    • Ensure that applications comply with relevant European Digital Regulations (e.g., GDPR, EU AI Act) and industry-specific standards.
    • Enforce data governance policies and procedures specific to application data.
    • Monitor, report and adapt to the evolution of digital regulations, guidelines and relevant case law.
  • Security Controls for Applications:
    • Review and enhance application security measures to protect data against unauthorized access, breaches, and data loss.
  • Reporting and Documentation:
    • Prepare and present reports on application data risk assessments, findings, and mitigation efforts to relevant stakeholders, (e.g. Risk Scorecard, COPRIA, Risk Review, etc.)
    • Update application records with data risk management activities (e.g. Risk Register).
  • Vendor Application Risk Management:
    • Assess and manage data risks associated with third-party applications and software vendors.
    • Ensure vendor applications adhere to data security and privacy standards.
Let's talk about you
  • You have 3 to 5 years of working experience in data protection. Knowledge and experience with the EU AI Act is a plus.
  • You are a real team-player but also possess strong self-management skills and feel comfortable to work independently with minimal supervision.
  • You have experience in working closely with senior stakeholders and the ability to interact confidently with people at all levels and backgrounds within the firm (often remotely).
  • You are able to convert legal and technical specifications into business-friendly language.
  • You are comfortable with working on multiple, often complex projects at the same time.
  • You are eager to learn and research about new technologies, trends and how they affect legal and compliance obligations.
  • You are proactive, risk-sensitive, and solution-oriented.
  • You have excellent command of English, both written and spoken.
  • CIPP/E, CIPT (or similar) qualification, with excellent understanding of EU Data Protection legislation and ability to apply this within the context of Technology assessments.
  • Prior experience in client service and/or project management. 
Our story
Highly skilled and motivated professionals in our IT Team support with different projects to deliver innovative solutions and with specialized operational guidance to ease our internal clients each day. IT's mission is to embed technology which supports the 'Deloitte way' of doing business, providing a distinctive experience that enables new business, transforms the existing business and provides world class customer support.