DATA PROTECTION RISK ADVISOR Lisboa

Overview

DATA PROTECTION RISK ADVISOR role at BNP Paribas CIB. The Data Protection Advisor will act as a trusted advisor for BNP Paribas Business and Functions and oversight BNP Paribas DPOs, to assist in the implementation, management and monitoring of the DPP strategy, by supporting the definition, implementation and operationalization of the Group’s DPP framework by Group Entities.

Your Main Activities Are

• Advising on the maintenance of the Group’s Data Protection and Privacy (DPP) Governance and framework, and the definition and creation of DPP policies, guidelines and procedures for Group BNP Paribas.
• Independent review and challenge of the technical and operational DPP controls implemented and issuing recommendations with regards to privacy, data protection and compliance with the Group BNP Paribas DPP framework and regulations (e. g. GDPR, CCPA, LGPD, PDPA, etc).
• Act as a trusted advisor to key internal stakeholders (e. g. CDOs, CISOs, DPOs, Business) regarding DPP requirements, such as:
• Oversight and challenge of complex transversal DPP initiatives, design and rollout of the DPP strategy, and strategy implementation.
• Oversight and challenge of transversal and complex Group-wide data processing initiatives and DPIAs, noting the adequacy of controls and measures, controllership, transfers, etc.
• Identify key DPP risks, inform BNP Paribas’ Management and key stakeholders (e. g. IT and Business), and oversee the decisions to manage those risks.
• Oversee key Group data breaches and other DPP incidents and work with stakeholders (CDO, CISO, DPO, IT, Legal, etc. ) on risk identification, ensure consistent incident qualification, conduct
  - mortem analysis, and validate adequacy of solutions implemented.
• Monitor and advise on interactions with authorities and external stakeholders, analyzing requests and actions to be taken, and sharing lessons learned within the BNP Paribas worldwide DPP community.
• Monitor global regulatory changes and authority decisions, provide advice on DPP risk anticipation to the DPP community, share lessons learned, best practices and guidelines, leveraging the BNP Paribas DPP knowledge base.
• Promote data protection awareness and privacy by design across the Group (governance, data subject rights, privacy by design and default, records of processing activities, security, data breach, authority interactions) and influence the Group Learn & Development agenda/plans.
• Attend regular data protection, information security and privacy training and contribute to continuous improvement.

Profile And Skills To Success

• University degree and relevant professional certifications (e. g. CIPP/E, CIPT, CIPM, ISO27001) in fields relevant to DPP and cybersecurity.
• Desirable experience in a
  - national company from a central position (Group/Head office level), preferably in the Financial sector.
• Experience as a consultant, advisor or auditor in data management, data protection, privacy and information security initiatives (e. g. Privacy by Design and Data Flow Mapping), preferably in an audit/consulting firm.
• Experience analyzing potential privacy incidents to mitigate risk and determining reporting requirements and corrective action plans.
• Desirable experience promoting a data privacy culture and awareness.
• Experience communicating and presenting to senior management and
  - makers within the organization.
• Experience working with and managing stakeholders from different backgrounds (IT, Risk, CDO and Data management, Legal, Compliance, Security, HR) and providing technical advice and deliverables.
• English fluent mandatory; French is a plus.

Technical Skills

• Understanding of information security controls and principles to ensure confidentiality, integrity, and availability of sensitive information.
• Understanding of
  - scale technology infrastructure and programs with large data usage/management.
• Hybrid understanding of
  - functional requirements (risk, IT, regulatory, data security).
• Ability to evaluate DPP policies, regulations and decisions, and produce actionable insights.
• Familiarity with privacy and security risk assessment, best practices, gap analysis, privacy certifications/seals, information security and DPP certifications, and related tools.
• Strong interpersonal skills and ability to collaborate across business lines and geographies; ability to work in a
  - cultural,
  - lingual environment.
• Good communication, rigor, attention to detail, flexibility and customer orientation.

About The Team

• BNPP Group Personal Data Protection framework relies on accountability of teams within BNPP entities handling Personal Data (customers, employees, UBOs, contractual entities, etc. ).
• Data Protection Office (DPO) is part of the RISK Department within BNP Paribas, in the 2nd Line of Defence, integrated within the Iberian Centre of Excellence, to supervise compliance with data protection regulations and Group policies.
• The 1st Line of Defence (Business, IT and CDO) embeds data protection regulations and Group policies in internal processes and tools.

Why Join BNP Paribas?

• Leading banking institution with a global presence across 63 countries and nearly 183, 000 employees.

Additional Information

• Application language: English.
• Remote working: BNP Paribas supports a Smart Working framework; eligible employees may use flexible remote working options with provided equipment and allowances.

BNP Paribas is an equal opportunity employer and is committed to ensuring that no individual is discriminated against on grounds of age, disability, gender, race, religion or belief, sex, or sexual orientation. Equity and diversity are core to our recruitment policy. We promote work/life balance and offer remote working options where applicable.