Data Protection & Security Governance Consultant (Ref: 332)

For one of our clients, a bank located in Luxembourg City, we are looking for a Data Protection & Security Governance Consultant.

Mission:

Drive the implementation and enhancement of data protection, DLP, encryption, and security governance frameworks for the Bank. Ensure regulatory compliance, effective data classification, and robust data protection measures across internal teams and third-party providers.

Key Responsibilities:

• Lead Data Loss Prevention (DLP) project scope, planning, and controls implementation.

• Govern and improve data classification and protection frameworks, including reviewing and updating policies and procedures.

• Build and maintain a comprehensive data inventory, mapping data flows and ownership.

• Define, delegate, and clarify data protection requirements across all relevant teams and third parties.

• Oversee integration of data discovery/classification tools (e.g., Varonis) with DLP solutions.

• Manage migration/upgrade of DLP tools (e.g., Symantec DLP replacement).

• Update and promote Information Classification and Protection policies and upskill employees.

• Enhance and oversee the cryptography framework and cryptographic asset registry.

• Ensure end-to-end key lifecycle management and remediation of non-compliant assets/protocols.

• Collaborate with project managers, IT, and business stakeholders to embed security in data-related processes and projects.

Required Skills & Experience:

• 5+ years in IT Security, with proven hands-on DLP, data classification, and encryption experience.

• Strong knowledge of security frameworks (ISO 27001/2, NIST, PCI-DSS) and regulatory requirements.

• Experience in implementing and managing DLP and data classification solutions.

• In-depth understanding of cryptography and key management.

• Excellent documentation, communication, and stakeholder management skills.

• Fluent in French and English.

• University degree in Computer Science, Information Security, or related field.

• Relevant certifications are a plus (CISSP, CISM, CISA, GIAC, ISO 27001 Lead Implementer/Auditor, etc.).

• Capable of working autonomously, proactive, and results-oriented.

• Strong documentation, communication, and stakeholder engagement skills.

• Proven experience working in regulated (preferably financial) environments and with third-party providers.

• Able to prioritize, manage multiple projects, and deliver results under pressure.