The bank for a changing world

We are looking for

Director – RISK Data Protection Manager


Standard / Permanent


US-NY-New York



Job function


Apply REF: RIS000894
About BNP Paribas:
BNP Paribas is a leading bank in Europe with an international reach. It has a presence in 74 countries, with more than 192,000 employees, including more than 146,000 in Europe. The Group has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, the Group has four domestic markets (Belgium, France, Italy and Luxembourg) and BNP Paribas Personal Finance is the leader in consumer lending. BNP Paribas is rolling out its integrated retail-banking model in Mediterranean countries, in Turkey, in Eastern Europe and a large network in the western part of the United States. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas also enjoys top positions in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific.
Business Overview:
The Intermediate Holding Company (“IHC”) program structured at the U.S. level across poles of activities of BNP Paribas provides guidance, supports the analysis, impact assessment and drives adjustments of the U.S. platform’s operating model due to the drastic changes introduced by the Enhanced Prudential Standards (“EPS”) for Foreign Banking Organizations (“FBOs”) finalized by the Federal Reserve in February 2014, implementing Section 165 of U.S. Dodd-Frank Act.
The Director, RISK Data Protection Manager within the BNP Paribas USA RISK ORC ICT IHC/CUSO organization (“ORC ICT”) will provide oversight and guidance across both direct and indirect areas of responsibility within the BNP Paribas IHC, inclusive of the CIB Americas set of operating entities.
  • Responsible for establishing and managing key components of the IHC-wide technology risk management program in alignment with global BNPP RISK ORC ICT, supporting the IHC Head of Cyber & Technology Risk
  • Responsible for cascading the IHC-wide technology risk program for RISK Data Protection into designated subsidiaries, including CIB Americas, in alignment with the Group RISK ORC ICT and CIB RISK ORC ICT risk programs
  • Oversee and supervise the CIB data protection framework
  • Review and advise on implementation of Privacy by Design
  • Principles and on personal data security implementation
  • Oversee the Records of processing activities
  • Build and implement an awareness program
  • Define and operate the independent testing on CIB personal data protection framework
  • Promotes and drives risk awareness, management, and governance across the IHC and entities as it relates to technology-related risks
  • Reviews, analyzes and makes recommendations regarding the design and implementation of the technology risk management framework
  • Where appropriate, leads teams of technology risk professionals in support of IHC and entities’ technology risk goals and objectives to drive clarity as to potential areas of material technology risk. 
  • Develops and refines the program to ensure a sound approach to understanding the technology risk appetite and posture with supporting metrics, assessment results and other data input as needed
  • Develop methodologies and practices to refine the technology risk framework that drives risk-aware, transparent decision making
  • Matures the risk based metrics, scorecards and dashboards to track performance as well as identify and monitor trends across the Bank
  • Prepares Risk Reporting or participates with coordinated reporting, as requested
  • Builds proactive and influential working relationships with IHC and entities’ RISK and 1LOD senior management
  • As necessary, acts as a liaison for the RISK ORC ICT organization, maintaining effective and professional relationships with Business Continuity Management including cyber resilience and disaster recovery, information technology, information & cyber security, Third Party Technology Risk Management, business and support areas, internal and external auditors, Federal and State regulators, and others dealt with in a professional capacity
  • Supervising, directing, training, mentoring, and evaluating staff, and develop a strong team effort among the staff members
  • Stays current in technology risk management techniques, industry best practices, and regulatory requirements
Domain-specific Responsibilities:
The following are the areas of specific focus for responsibilities, activities, and deliverables:
  • Advisory
  • Policies and Guidelines input
  • Clients and Individuals
  • Data and Framework
  • Business-Specific Data Protection Program Execution incl. Risk Assessments
  • Exemptions & Risk Acceptance Check/Challenge
  • Reporting and Metrics
  • Action Plans (Findings)
  • Training SME Input
  • Testing SME Input/ Oversight

Minimum Required Qualifications
  • 10+ years directly related to technology risk management or technology management within an IT organization
    • 5+ years supervisory or managerial experience
  • Bachelor’s degree
  • Knowledge or experience technology risk managements (such as FFIEC, NIST, CIS20)
  • 10+ years working knowledge of technology and banking products in an operating environment
  • Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives.
Preferred Qualifications
  • Technology certifications (such as CISA, CBCP, CRISC, ITIL)
  • Project management experience
  • Experience working in corporate & investment banking, and/or retail banking industries
  • Excellent written and verbal communication skills including senior management or executive level presentation material development experience
  • Proficiency with technology risk management best practices
  • Proven leadership style that includes exceptional people skills, program management, business and technology expertise
  • Excellent organizational skills, coupled with ability to be versatile and flexible
  • Sound business judgment and the ability to work successfully with all levels of management
  • Creativity and the ability to produce innovative solutions.
  • Demonstrated ability to work independently and within a team
  • Excellent PC skills (MS Word, PowerPoint, Excel and Visio)
FINRA Registrations:
  • Not Applicable
BNP Paribas is committed to providing a work environment that fosters diversity, inclusion, and equal employment opportunity without regard to race, color, gender, age, creed, sex, religion, national origin, disability (physical or mental), marital status, citizenship, ancestry, sexual orientation, gender identity and gender expression, or any other legally protected status.
Primary Location: US-NY-New York Job Type: Standard / Permanent Job: MISCELLANEOUS Education Level: Bachelor Degree or equivalent (>= 3 years) Experience Level: At least 10 years Schedule: Full-time