GROUP BNP PARIBAS
BNP Paribas Group is the top bank in the European Union and a major international banking establishment. It has close to 185,000 employees in 65 countries. In Spain we are more than 5,100 employees within 13 business lines.
RISK HUB
RISK is an integrated and independent control function of the BNP Paribas Group. It is the second line of defense on the risk management activities of the Group which are under its direct responsibilities, including credit and counterparty risk, market risk, funding and liquidity risk, interest rate and foreign exchange risks in the banking book, insurance risk, operational risk, and environmental and social risks.
RISK aims at being a partner of the businesses by contributing to their sustainable development, but also a gatekeeper to ensure risks taken remain compatible with the Group’s Risk Appetite and its strategy.
RISK Iberian Hub Madrid is a transversal platform servicing the RISK Function by covering added-value activities around credit risk, market risk, operational risk and data protection. Offering a wide range of services to RISK teams, from consulting to cyber security going through data analysis, modelling or artificial intelligence.
ABOUT THE JOB
MISSION
AM & WM Data Protection Correspondent is the AM & WM data protection conductor, and provides expertise on data protection topics related to activities. Data protection correspondent ensures projects and activities are properly done in the light of data protection requirements (not only GDPR).
RESPONSIBILITIES
Scope specificities
Local Data Protection Correspondent intervenes on the behalf of DPO. His missions are:
· To assist DPO and subsidiaries/entities on leading data protection authority activities (run and stock)
· To contribute to role development by validating data protection requirements for new activities, new products, services or specific operations, and to carry a technical assistance
· To ensure data protection requirements are taken into account into projects (privacy by design)
· To receive, process and advise internal and external local solicitations about data protection
· To receive, process and advise requests from data subjects, subcontractors and partners etc.
· To itemise existing processes and identify breaches regarding data protection requirements (local regulation & GDPR requirements)
· To contribute to perform risk assessment on personal data breaches
· To contribute to the identification and notification process for data protection violations according to defined procedures and GDPR requirements
· To realize effectiveness for data protection controls and to ensure expected reportings
· To ensure regular reporting to DPO about the activity
Common management core
Local data protection correspondent intervenes on all or part of the following activities:
To contribute to relevant data protection and GDPR activities realisation
· To guarantee required norms and methods definition and application to a company’s good data protection risks apprehension (follow-up of projects, information systems adaptation, declarations conception and maintenance, subcontractors contracts analysis, follow-up on control plans reporting, etc.)
· To guarantee advice and assistance to strategical program ongoing.
To guarantee the defined by DPO global strategy implementation:
- To define action plans and corrections related, and to ensure application
- To alert DPO when activity is under operational risk (non-appropriateness between needs and resources, etc.), to propose correction solutions and to implement those solutions
- To contribute to continuous efficiency improvement and to any optimisation process
- To contribute to operational activities achievement
- To adjudicate or mediate DPO engaging decisions, emergencies and escalated issue
- To contribute to permanent control actions
- To contribute to perform LOD2 controls and challenge LOD1
- To contribute to perform the check and challenge of the RCSA
- To contribute to RISK ID exercise
- To contribute to OR&C report
- To contribute to Internal Control Committee
- To ensure a professional network development
REQUIREMENTS
Studies
- Educational background: Legal and/or IT Master degree level. A data protection / numeric / protection rights specialization is preferable.
Experience
- Experience: You have a first experience (at least 5 years) in a position related to Compliance / Security. You have IS knowledge and manage data protection regulation and IT security procedures. Professional English required.
Ideal applicant knows how to bring concrete and operational solutions according to business as to take hindsight and a measured look.
Languages
- English Fluent / French is a plus (Optional)
SKILLS
Technical
- To know how to assess maturity level of the existing facility about Data Privacy
- To have a professional face-to-face or phone discussion in a foreign language
- To prioritize
Transversal & Behavioral
- To efficiently manage several topics at the same time
- To issue advice / recommendation taking into account every parameters
- To have an efficient speaking communication
BENEFITS
- Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.
- Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).
- Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.
- Flexible compensation plan.
- Hybrid telecommuting model (50%).
- 31 vacation days.
Diversity and inclusion commitment
BNP Paribas Group in Spain is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.
