BNP Paribas Suisse is wholly-owned subsidiary of BNP Paribas Group and covers two main activities Corporate and Institutional Bank and Wealth Management.
As such, BNP Paribas Suisse may comply with GDPR requirements in addition to Swiss laws related to data protection (Annex 3 Circulaire 2008/ 21 and Federal Data Protection Act.).
In this context, an overhaul of the Concept Cadre has been performed and validated by the Board of Directors in 2020, which aims to comply with Annex 3 of the Circulaire 2008/21 requirements and to manage the risks of confidentiality of electronic client data.
BNP Paribas is also operating in Switzerland through other entities and amongst others Arval, Leasing Solutions, and BP2S.
In the proposed role, the DPO will act as Data Protection Officer for the above mentioned BNP Paribas entities in Switzerland as well as Monaco (Territory DPO) fostering within this scope a personal data protection culture.
The Territory DPO is located in Geneva and reports hierarchically to the Chief Risk Officer.
MAIN ACTIVITIES :
Review and advise on the proper implementation of personal data regulatory requirements and Concept Cadre :
- Advise an active role in all projects that involve personal data to ensure that they are implemented in compliance with regulatory requirements (Annex 3 Circ. 2008-21, GDPR, and Federal Data Protection Act);
- Topics of particular importance related to outsourcing/cloud to ensure that cross border transfer are managed in a secured manner with appropriate technical and organisational safeguards;
- Working together with RISK ICT to review and advice on security measures principles for all projects that involve personal data;
- Ensure a comprehensive Regulatory watch on data protection principles.
Oversee and supervise the overall personal data protection framework on the following topics :
- Review and advise on implementation of Group policies and guidelines on Personal Data Protection;
- Oversee the Record of Processing Activities (ROPA) and ensure that record of processing activities (“Register”) is kept accurate and up to date;
- Review and advise on implementation of Privacy by design principles in connection with LEGAL, Business and IT;
- Pilot RISK contribution in case of personal Data Breach;
- Provide independent reporting, including privacy KPI, and alert on critical points to Senior Management;
- Contribute and participate to various reporting (Internal Control Committees (ICC), Risk Appetite Statement (RAS) as well as board and ExCo;
- Chair the Data Protection Committee, escalate decision to the Exco when necessary;
- Act as an independent control unit derogation to the Concept Cadre when relevant.
Define and perform a risk-based second level of controls and independent testing on personal data protection framework :
Assess effectiveness of the 1st Line of Defence (business and IT) controls on Personal Data Protection based on Generic Control Plans defined by the Group.
Manage communication with internal (employees) and external stakeholders (Data Protection Authorities and data subjects):
- Act as the key point of contact with Swiss Data Protection Authorities (Préposé Fédéral à la Protection des Données et à la Transparence) on issues relating to personal data processing;
- Support the Legal team with monitoring of the regulatory landscape and any communication on data protection regulations;
- Oversee Data Subject Access Requests (DSAR), in connection with the contributors (CDO, IT, Operations, Business Management);
- Contribute to the promotion of a data protection culture in Switzerland.
As a Swiss territory country DPO, following key direct responsibilities are also included:
- Coordinate overall communication with Data Protection Authorities for all Entities present in the country (Arval, Leasing Solutions, BP2S) in coordination with each of the data protection correspondents;
- Provide independent reporting and alert on critical points to RISK CRO and Head of country;
- Coordinate the network of point of scope within his / her scope.
Business competencies and experience :
- 15 + years’ experience in a banking environment
- Successful past experience in either cyber security, or project management, or legal advisory positions
- Knowledge of European data privacy and personal data protection regulations
- English or French native speaker – German language a plus
- Knowledge of Swiss data privacy and personal data protection regulations a plus
- Knowledge of change management a plus
- Strong interest in Information Technology, digital and new technologies
The right candidate will be given the opportunity to benefit from extensive training and including to professional qualifications.
Transversal and soft skills :
- Ability to evaluate and translate complex privacy policies and regulations into actionable insight
- Independency, objectivity and integrity.
- Ability to lead, engage and work transversally
- Demonstrating a high-level of commitment
- Excellent writing and communication skills – allowing him/her to act as a communicator across the bank
- Attention to detail / rigor
- Ability to decide
- Critical mind
- Result oriented
- Dynamic and enthusiastic
- Ability to collaborate/teamwork
Intern classification : E