About the job
The Data Protection Advisor will act as a trusted advisor for BNP Paribas Business and Functions and oversight BNP Paribas DPOs, to assist in the implementation, management and monitoring of the DPP strategy, by supporting the definition, implementation and operationalization of the Group’s DPP framework by Group Entities.
Your Main Activities Are
As part of their responsibilities, the candidate will coordinate and oversight activities in relation to the following:
- Advising on the maintenance of the Group’s DPP (Data Protection and Privacy) Governance and framework, as well as the definition and creation of DPP policies, guidelines and procedures of Group BNP Paribas
- Independent review and challenge of the technical and operational DPP controls implemented and issue recommendations with regards to privacy, data protection and compliance with the Group BNP Paribas DPP framework and regulation (e.g. GDPR, CCPA, LGPD, PDPA, etc)
- Act as a trusted advisor of key internal stakeholders (e.g. CDOs, CISOs, DPOs, Business…) regarding manage DPP requirements, such as:
- Oversight and check & challenge complex and transversal DPP initiatives, design and rollout of the DPP strategy, and strategy implementation.
- Oversight and check & challenge transversal and complex Group wide data processing/ initiative impact assessments (DPIA), notable the adequacy of controls and measures, controllership, transfers, etc.
- Identify key DPP risks, inform BNP Paribas’ Management and key stakeholders such IT and Business among other, and oversight the decisions to manage those risks.
- Oversight key Group data breaches and other DPP incidents and work with key stakeholders (such CDO, CISO, DPO, IT, Legal, etc.) on the risk identification, ensure the consistency of potential incidents qualification, conduct post mortem analysis, and validate the adequacy and solutions implementation.
- Monitor and advice on the interactions with authorities and other external stakeholders, analyzing the requests, actions to be taken and producing lessons learned among the BNP Paribas worldwide DPP community.
- Monitor global regulatory changes and authority decisions, share and provide advice on DPP risk anticipation to the DPP community, providing lessons learned, best practices and guidelines, and leveraging on the BNP Paribas DPP knowledge basis.
- Promote data protection awareness and privacy by design culture across the Group (e.g. governance, principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security, data breach, authority interactions), and influencing/advising the Group Learn & Development agenda/ plans.
- Attend regular/ ongoing data protection, information security, privacy training and continuous improvement.
Profile and Skills to Success
- University degree and relevant professional certifications (e.g. CIPP/E, CIPT, CIPM, ISO27001, etc.) in fields relevant to DPP and cybersecurity
- Desirable experience working for a multi-national company from a central position (e.g. Group/ Head office level), preferably in the Financial sector
- Experience working as a consultant, advisor or auditor in initiatives related with data management, data protection, privacy and information security (notably Privacy by Design and Data Flow Mapping), preferably in a relevant audit/ consulting Firm
- Has experience analysing potential privacy incidents to proactively mitigate risk, in determining reporting requirements and corrective action plans when needed
- Desirable experience of promoting a data privacy culture and awareness
- Experience in communicating and presenting effectively to senior management and decision-making individuals within the organization
- Experience of working with and managing stakeholders from different disciplinary backgrounds (e.g. IT, Risk, CDO and Data management, Legal, Compliance, Security, HR, etc.), notably providing technical advice and producing technical deliverables
- English Fluent mandatory
- French is a plus
Technical Skills:
- Understands information security controls and principles that ensure confidentiality, integrity, availability of sensitive information
- Understanding of large-scale technology infrastructure and programmes where large quantities of data are used/managed
- Has a hybrid understanding of cross over requirements (risk, IT, regulatory, data security)
- Is able to evaluate DPP policies, regulations and decisions, and produce actionable insight
- Familiarity with privacy and security risk assessment, best practices and gap analysis, privacy certifications/seals, information security and DPP certifications, and tools
- Personal Skills and Behaviours
- Good interpersonal skills and ability to collaborate across business lines and geographies
- Ability to work in a multi-cultural, multi-lingual environment adapting ways of working as required
- Good communication skills
- Rigor and attention to details
- Flexibility and customer orientation
About the Team
- BNPP Group Personal Data Protection framework, defined to respond to applicable privacy regulations throughout BNPP territories, relies on the accountability of teams within BNPP entities in their processing of Personal Data (customer, employees, UBOs, representatives of corporate, vendors, etc.)
- Data Protection Office (DPO) is part of the RISK Department within BNP Paribas, positioned in the 2nd Line of Defence. Integrated within the Iberian Centre of Excellence, the DPC must assist the Business Line DPO and contribute to supervise the compliance with data protection regulations and Group policies and guidelines, oversighting/ensure the control framework, and give the necessary guidance/advice to support the 1st Line of Defence.
- The 1st Line of Defence (Business, IT and CDO), managing the operations, has the responsibility to embed data protection regulations and Group policies and guidelines in the internal organization, processes and tools/assets (e.g. IT, DB’s, contracts, etc.) within its perimeter (e.g. privacy by design, PIA, security measures, etc.).
#LI-Hybrid
Why joining BNP Paribas?
· Leading banking institution
BNP Paribas is the European Union’s leading bank, and key player in international banking. It operates in 63 countries and has nearly 183.000 employees, including more than 146.000 in Europe.
· Our presence in Portugal
In Portugal since 1985, BNP Paribas today has more than 8.700 employees, distributed across the Group's 10 business entities established in the country. Its presence also extends to 11 excellence centres providing value-added services to various countries where the BNP Paribas Group also operates.
· International reach
Thanks to its international presence and regular and close collaboration among its different entities, BNP Paribas has the resources to support all clients with financing, investment, savings and protection solutions that help make their projects a success. BNP Paribas holds key positions in its three core operating divisions:
- Retail Banking, a division that brings together all the Group’s retail activities and specialised business lines;
- Investment & Protection Services that include specialised businesses offering a wide range of savings, investment and protection services;
- Corporate & Institutional Banking division that offers tailored financial solutions for corporate and institutional clients.
· Diversity and Inclusion commitment
BNP Paribas is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.
· Commitment towards work/life balance
At BNP Paribas we care about our employees’ wellbeing and promote a culture of good integration between work and rest. We believe our employees have rich personal lives outside of work, being fundamental to be disconnected from work to recharge both physically and mentally. Only through this balance we may all be at our best while working.
· Remote Working Conditions
At BNP Paribas, we embrace a Smart Working framework based on trust, autonomy and collaboration. Within this framework, eligible employees can benefit from flexible remote working modalities adapted to our hybrid working environment. To guarantee a comfortable and efficient working set-up, eligible employees are provided with both the office and home equipment, are entitled to an equipment allowance and can benefit from exclusive partnerships to purchase additional equipment at reduced prices.
To find out more on why you should join BNP Paribas visit https://bnpp.lk/why-BNP-Paribas-Portugal
* Please note that only applications submitted in English will be considered.
* In case you are selected for this role, further documentation will be requested to support your hiring process.
