Senior Privacy Risk Officer

April 25, 2024

Senior Privacy Risk Officer

ReferenceBNP-001407

  • Standard / Permanent
  • ES-MD-Madrid
  • RISK
Apply for this job

BNP Paribas is an international bank with leading positions in the European market. It is present in 74 countries and employs more than 192,000 people, 146,000 of whom are in Europe. The Group holds key positions in its three main areas of activity: Domestic Markets and International Financial Services (whose retail banking and financial services network is part of Retail Banking & Services), as well as Corporate & Institutional Banking, which offers services to corporate and institutional clients. The Group supports its customers (individuals, entrepreneurs, SMEs, large companies and institutions) to help them carrying out their projects by providing financing, investment, savings and insurance services.

In Europe, the Group has four domestic markets (Belgium, France, Italy and Luxembourg) and BNP Paribas Personal Finance is number one in retail financing in Europe.

BNP Paribas is developing its integrated retail banking model in the Mediterranean countries, Turkey, Eastern Europe and has an important network on the US West Coast. In both its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas has leading positions in Europe, a strong presence in the Americas and a solid and growing network in the Asia-Pacific region.

RISK Iberian Hub Madrid is a transversal platform servicing the RISK Function by covering added-value activities around credit risk, market risk, operational risk and data protection. Offering a wide range of services to RISK teams, from consulting to cyber security going through data analysis, modelling or artificial intelligence.

The mission of RISK Group Data Protection is to promote the implementation and operationalization of Data Protection policies and procedures with support from business stakeholders. We aim to provide a catalogue of services to all BNP Paribas platforms. Leveraging the risk management framework, our support will facilitate delivery of Group Data Protection goals.

Within RISK Group Data Protection (GDP), the Governance, Framework & Reporting team is responsible for establishing 2LoD Data Protection framework and enablers to support RISK GDP team pillars, ensuring alignment with wider RISK ORM framework and governance, and consolidating reporting to contribute to relevant RISK Committees:

  • Development of Group RISK Privacy framework and monitor deployment and adoption by local entities.
  • Review and arbitrate exceptions requests raised by local entities.
  • Conduct and coordinate Group Privacy Governance, including Group Privacy & Data Protection Committee.
  • Liaise with RISK teams and contribute to the Group RISK Artificial intelligence framework and participate to the Group RISK AI Governance.
  • Liaison with regulators and IG on privacy and data protection enquiries and requests.
  • Independent review of 1LoD privacy frameworks and templates issued by 1st LoD
  • Liaise with LEGAL, RISK ORM and ITG to ensure alignment among the several Group Frameworks and regulatory requirements and provide SME advise on privacy matters.
  • Facilitate adoption of RISK ORM framework in the privacy domain, support local teams and develop guidance and tools to perform these activities by DPOs and DPCs.
  • Produce quarterly Data Protection incident management reporting and dashboards – funnel recommendations and opportunities for check/challenge and lessons learned to DP Advisory.
  • Coordinate or contribute to ad-hoc reporting on Data Protection topics for ratings agencies, insurers, and other stakeholders.
  • Interact with other Group teams to provide inputs from RISK to regulators’ enquiries and/or consultation about new privacy regulations.
  • Contribute to and support development of ad-hoc reports and Data Protection risk opinions with local business line and territory Data Protection teams.
  • Coordinate responses to industry bodies (CIPL / IAPP, etc.) on behalf of BNPP Group Data Protection.
  • Steer and act as SME to co-define Data Protection Hub strategy deriving from Group Privacy and Data Protection Framework.
  • Act as Data Protection SME as need in support of content development, white papers and thought leadership produced for Data Protection teams and other stakeholders.

                           

MISSION                         

Lead the development and maintenance of 2nd line of defence privacy framework, perform independent review of 1st Line of defense framework, ensure privacy is articulate within the wider operational risk framework, support governance and supervisory affairs activities.

RESPONSIBILITIES                        

Responsible for the development and implementation of an enterprise-wide Group Privacy and Data Protection risk governance program. Successful candidate will have proven record of developing and implementing personal data protection management programs in global organizations, with robust knowledge of data management, privacy and related tools.

Key responsibilities include:

  • Establish Privacy and Personal Data Protection framework for the bank within the three lines of defense model in alignment with the Group Risk Management Framework.
  • Drive effective implementation and communication of Privacy and data protection policies and guidelines. 
  • Provide direction, support and oversight with respect to management of privacy and personal data protection risks to the network of DPOs.
  • Establish and oversee the privacy and personal data protection infrastructure and ensure practices are consistent with regulatory expectations and industry sound practices.
  • Act as privacy SME and influence the roadmap of the Group privacy tool.
  • Participate to local privacy committees to explain the privacy risk exposure and any developments on the Group Privacy Framework.
  • Provide effective reporting on privacy and personal data protection, review metrics and provide Group privacy risk profile.
  • Support with the organization of the Group Privacy Committee.
  • Review and arbitrate exceptions raised by entities for the deployment of the Group Privacy Framework.
  • Participate in the planning and development of personal data protection events and forums with the global DPO network.
  • Manage, support and coach more junior members of the team.

REQUIREMENTS

  • 4-8 years of experience in management privacy and personal data protection;
  • Team-player – focus on the success of the whole team. Working well both with others, as well as individually;
  • Good understanding of technology and main ICT risks with impact in privacy;
  • Excellent communication skills; Considers the audience, avoiding technical jargon wherever necessary and appropriate;
  • Fluent in English, able to articulate the message for medium and senior stakeholders, and write complex documents/procedures;
  • Good stakeholder management skills;
  • Good listening and analytical skills – being able to come to a thoughtful and business focused conclusion quickly;
  • Ability to co-operate and work well with others adopting an approachable style – Important as we work closely with a large and diverse set of suppliers and customers;
  • Ability to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits;
  • Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate;
  • Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done;
  • Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well;
  • Being rigorous and thorough – especially when logging and tracking issues through to conclusion;
  • Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management;

 Preferred:

  • Degree in Law (or equivalent relevant qualification in the privacy domain)
  • French Language
  • A professional qualification relevant to Data Privacy (CIPP/E, CIPP/M, or similar)
  • Knowledge or practical experience of privacy tools

BENEFITS

  • Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.
  • Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).
  • Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.
  • Flexible compensation plan
  • Hybrid telecommuting model (50%)
  • 31 vacation days

Diversity and Inclusion commitment

BNP Paribas Group in Spain is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.

Offers you may be interested in