Position Purpose
The first line of defence (Business, IT and CDO) has the responsibility to embed data protection regulations and Group policies and guidelines in the internal organization and processes within its perimeter (e-g Privacy by Design. DPIAs, security measures, etc.)
The AI and DP Expert acts as the second line of defence for all CIB AI initiatives carried worldwide, overseeing and supervising specifically the data privacy risks and their management including any regulatory requirements fulfilment on AI such as GDPR and AI Act. The candidate in the role will also be responsible for coordinating and contributing to the broader AI supervision and oversight with the first line of defence, with Group Data Protection and within RISK ORM CIB.
The CIB AI and DP Expert has a key role working on AI initiatives to provide opinions with regards to the Privacy and fundamental rights, impacts to data subjects and related risks across CIB, within the BNPP AI and Data Protection Framework and in accordance with applicable laws and procedures. The AI and DP Expert will support CIB DPO and Data Protection Correspondents (DPCs) with guidance and opinions on the AI dimension within any CIB projects or activities, her/his AI technical knowledge allowing the check and challenge of AI projects against existing risks
Key Responsibilities
The AI and DP Expert is a risk professional role with three key dimensions of responsibilities:
1) Contribution within RISK ORM CIB – The role will provide guidance on AI and Privacy aspects and will support CIB DPO, other DPCs and other stakeholders within the Data Protection community including within BNP Paribas Group DPO team, , contributing through documented RISK Opinions to the wider management and coordination of projects by the ORO – AI and ML Expert manager at global RISK ORM CIB level, in relation to privacy and data protection topics.
2) AI regulatory and technical expert – The role will be able to understand AI technologies, supported by enthusiasm with regards to AI applicable regulations.
3) Privacy expert – Be the central point of contact and expertise for any privacy related aspects across RISK ORM CIB on AI use cases.
Its activity is part of the overall governance of personal data protection deployed throughout BNP Paribas CIB and it is based on the following key responsibilities:
· Advice on the implementation of the Group AI Framework within CIB to meet regulatory AI requirements.
· Attend AI-related meetings and committees with internal stakeholders in first and second level of defence to identify, discuss and assess risks specific to AI projects.
· Perform second line of defence control and challenge to the first line of defence.
· Supervise the implementation of Privacy by Design principles from a technical and security perspective (e.g. pseudonymization, data minimization, etc).
· Monitor and review of the AI architectures to identify potential privacy risks (e.g. data segregation)
· Review and advice on the technical measures for the data protection within the AI systems (e.g. encryption, tokenization, etc)
· Provide technical opinion regarding applicable privacy assessments and/or documentation (e.g. ROPAs, DPIAs, LIAs, etc)
· Interlock and challenge the first line of defence (IT, Security, etc) regarding “in progress” AI projects
· Provide technical advice regarding AI risk remediation and remediation
· Contribute to AI literacy strategy across CIB teams.
· Support DPOs and DPCs to define the future set-up within CIB to monitor AI projects under the governance framework.
· Oversee performance indicators (KPIs) to monitor the evolution of AI risks and measure the effectiveness of the framework.
· Contribute to role development by validating data protection requirements for new AI initiatives activities
· Propose recommendations for continuous improvement of AI risk management processes.
· Ensure regular reporting to DPO and RISK ORM CIB about AI initiatives.
· Alert DPO when an AI initiative is under operational risk to propose correction solutions
Experience and Skills
The successful candidate will have a proven track record of developing, implementing and managing AI projects in global organisations, with robust knowledge of AI regulations and frameworks. Prior operational risk management experience and exposure to the Banking industry are a must.
The Role will be exposed to CIB, RISK and Control Functions senior management. The successful candidate will have a proven ability to interact with this level of seniority.
The Bank is undergoing a significant transformation regarding AI initiatives. The successful candidate will support this transformation on his/her perimeter and contribute to the larger transformation of CIB. He/she will be a change-lover with a demonstrated change management expertise.
The successful candidate must be familiar with the AI regulatory context.
Other required skills are:
· Team-player – focus on the success of the whole team. Working well both with others, as well as individually.
· Good stakeholder management skills.
· Good listening and analytical skills – being able to come to a thoughtful and business focused conclusion quickly.
· Ability to co-operate and work well with others adopting an approachable style – Important as we work closely with a large and diverse set of stakeholders.
· Ability to see the business perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits.
· Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate.
· Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done.
· Taking accountability for their actions and be open and honest when things have gone wrong and celebrating successes when things have gone well.
· Being rigorous and thorough – especially when logging and tracking issues through to conclusion.
· Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management.
· Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of AI in business.
· Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate. Excellent executive presence.
· Fluent English.
Specific Qualifications Required
· Engineer in Computer Science, Telecommunications, or similar Grade in Engineering / Technology.
· 7+ years’ experience in Information Technology in roles where is necessary to advise, review and/or design IT solutions (e.g. Data Scientist, IT Architect, IT Consultant, IT Auditor).
· Understanding of cloud environments both public, private and hybrids (e.g. AWS, Azure) and cloud components (e.g. Docker, Kubernetes, Hadoop, S3).
· Experience with different types of AI (e.g. Generative AI, Computer Vision) and their associated technologies (e.g. LLM, CNN).
· Knowledge of Cybersecurity measures (e.g. IAM, anti-DDoS, EDR) with special expertise in security measures to protect data (e.g. IAM, DLP, IRM, Encryption)
· Knowledge of detecting, assessing, and suggesting remediations for IT and Cybersecurity risks.
· Applied knowledge of Privacy and Data Protection / GDPR principles and concepts (e.g. data minimization, proportionality).
· Not mandatory but preferred to have IT Certifications (e.g. AWS Certified Solutions Architect) and/or cybersecurity certifications (e.g. CISSP).
Conduct
· Be a role model, supporting and fostering a culture of good conduct
· Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks
· Consider the implications of actions on colleagues, partners and clients before making decisions, and escalate issues to manager when unsure.
· Take responsibility for team’s conduct and conduct risks.