The Data Privacy and Protection department, under the Group Data Protection Officer (Group DPO) who in turn reports to the Group Chief Risk Officer (CRO), is part of the Group Risk Functions within BNP Paribas acting as a 2nd Line of Defence (LoD). With a multidisciplinary team (e.g. management, legal, IT) integrated in the RISK ORC ICT - Global CoE, this department has the responsibility for Group-wide approach of key data privacy and protection topics and for coordination of activities for DPOs at Group level.
The Data Protection Security and IT Coordinator will assist with the implementation, management and monitoring of the data privacy and protection strategy and the creation and roll-out of policies, guidelines, and data protection awareness training.
Data Protection Security and IT Coordinator will have special focus into the IT and Cybersecurity aspects of the GDPR and Data Protection, including technology, IT processes and Cyber-Security architectures.
Moreover, will identify and manage risks related to data privacy and protection, and escalate risks and issues to executives, as needed.
Will coordinate and oversight of activities in relation to the following:
- Review technical controls implemented by the business (1st LoD) to inform, advise and issue recommendations to the business with regards to data protection, privacy and compliance, including with data protection laws (e.g. GDPR, HIPPA, DPAct) and internal policies and guidelines.
- Foster a data protection culture within the Group and help to implement essential elements of the data protection (e.g. principles of data processing, data subjects’ rights, data protection by design and by default, security, data breaches management).
- Advise 1st LoD (controllers/ processors) and DPOs regarding data protection and privacy management requirements and policies (e.g. DPIA process & objectives, safeguard measures to mitigate the risks – technical, organizational & formal –, record of processing operations management).
- Promote continuous training to maintain data protection awareness and feedback, and also include protection as part of the Group agenda.
- Document all decisions taken consistent with and opposing DPO’s advice.
- Support DPO Group in the communication and as point of contact for both data subjects (e.g. customers) and the regulatory authorities.
- Offer consultation once a data breach or other incident has occurred and must be involved in relevant issues in a timely manner and report directly to highest management level.
- Attend regular/ ongoing data protection, information security and privacy training.
• Master's or equivalent degree in IT Risk/ Cybersecurity field or relevant experience.
• Previous experience and expertise in national and transnational data privacy laws (e.g. GDPR, HIPPA, DPAct, POPI), regulations and practices.
• Good knowledge of ICT topics
• Certified professional certifications in the information security sector, such as ISO27001, CISSP, CISA, GCCC, CISM, CRISC, among other
• Role model, promotion of a culture of good conduct and contribution to maintaining such a culture
• Proactivity, transparency and clear accountability for the determination and management of behavior risks
• Excellent skills in problem solving, presentation and consultation
• Teamwork with peers and management
• Strong project management skills, pragmatism and level of report
• Exceptional communication skills, both written and oral.
• Understanding of data processing operations, including business applications and data use.
• Understanding of cross over between legal, IT and data security requirements.
• Experience of promoting a data privacy culture of awareness and understanding (preferably within a Bank).
• Experience of developing and accessing privacy policies and controls that minimize risk and ensure compliance.
• Experience of responding to potential privacy incidents, to mitigate risk, determine reporting requirements, and developing corrective action plans when needed.
• Experience and expertise in national and transnational data privacy requirements and practices.
• Demonstrated leadership and problem-solving skills, and ability to work under pressure.
• Experience of communicating effectively with the highest levels of management and decision-making individuals within the organization.
• Familiarity with privacy and security risk assessment, best practices and gap analysis, privacy certifications/seals, and information security certifications.
• Team-player such that focus on the success of the team. Working well both with others, as well as individually, in a multicultural and multidisciplinary context.
• Fluent in English.