Data Protection Risk Advisor

**About the job**

The Data Protection Advisor will act as a trusted advisor for BNP Paribas Business and Functions and oversight BNP Paribas DPOs, to assist in the implementation, management and monitoring of the DPP strategy, by supporting the definition, implementation and operationalization of the Group’s DPP framework by Group Entities.

**Your Main Activities Are**
- Advising on the maintenance of the Group’s DPP (Data Protection and Privacy) Governance and framework, as well as the definition and creation of DPP policies, guidelines and procedures of Group BNP Paribas
- Independent review and challenge of the technical and operational DPP controls implemented and issue recommendations with regards to privacy, data protection and compliance with the Group BNP Paribas DPP framework and regulation (e.g. GDPR, CCPA, LGPD, PDPA, etc)
- Act as a trusted advisor of key internal stakeholders (e.g. CDOs, CISOs, DPOs, Business ) regarding manage DPP requirements, such as:

- Oversight and check & challenge complex and transversal DPP initiatives, design and rollout of the DPP strategy, and strategy implementation.
- Oversight and check & challenge transversal and complex Group wide data processing/ initiative impact assessments (DPIA), notable the adequacy of controls and measures, controllership, transfers, etc.
- Identify key DPP risks, inform BNP Paribas’ Management and key stakeholders such IT and Business among other, and oversight the decisions to manage those risks.
- Oversight key Group data breaches and other DPP incidents and work with key stakeholders (such CDO, CISO, DPO, IT, Legal, etc.) on the risk identification, ensure the consistency of potential incidents qualification, conduct post mortem analysis, and validate the adequacy and solutions implementation.
- Monitor and advice on the interactions with authorities and other external stakeholders, analyzing the requests, actions to be taken and producing lessons learned among the BNP Paribas worldwide DPP community.
- Monitor global regulatory changes and authority decisions, share and provide advice on DPP risk anticipation to the DPP community, providing lessons learned, best practices and guidelines, and leveraging on the BNP Paribas DPP knowledge basis.
- Attend regular/ ongoing data protection, information security, privacy training and continuous improvement.

**Profile and Skills to Success**

University degree and relevant professional certifications (e.g. CIPP/E, CIPT, CIPM, ISO27001, etc.) in fields relevant to DPP and cybersecurity

Desirable experience working for a multi-national company from a central position (e.g. Group/ Head office level), preferably in the Financial sector

Experience working as a consultant, advisor or auditor in initiatives related with data management, data protection, privacy and information security (notably Privacy by Design and Data Flow Mapping), preferably in a relevant audit/ consulting Firm

Has experience analysing potential privacy incidents to proactively mitigate risk, in determining reporting requirements and corrective action plans when needed

Desirable experience of promoting a data privacy culture and awareness

Experience in communicating and presenting effectively to senior management and decision-making individuals within the organization

Experience of working with and managing stakeholders from different disciplinary backgrounds (e.g. IT, Risk, CDO and Data management, Legal, Compliance, Security, HR, etc.), notably providing technical advice and producing technical deliverables

English Fluent mandatory

French is a plus

Technical Skills:
Understands information security controls and principles that ensure confidentiality, integrity, availability of sensitive information

Understanding of large-scale technology infrastructure and programmes where large quantities of data are used/managed

Has a hybrid understanding of cross over requirements (risk, IT, regulatory, data security)

Is able to evaluate DPP policies, regulations and decisions, and produce actionable insight

Familiarity with privacy and security risk assessment, best practices and gap analysis, privacy certifications/seals, information security and DPP certifications, and tools

Personal Skills and Behaviours

Good interpersonal skills and ability to collaborate across business lines and geographies

Ability to work in a multi-cultural, multi-lingual environment adapting ways of working as required

Good communication skills

Rigor and attention to details

Flexibility and customer orientation

**About the Team**

BNPP Group Personal Data Protection framework, defined to respond to applicable privacy regulations throughout BNPP territories, relies on the accountability of teams within BNPP entities in their processing of Personal Data (customer, employees, UBOs, representatives of corporate, vendors, etc.)

Data Protection Office (DPO) is part of the RISK Department within BNP Paribas, positioned in the 2nd Line of Defence