Data Protection Risk Advisor

**About the job**
- The Data Protection Risk Advisory department (DPRA), under the Group Data Protection Officer (GDPO) who in turn reports to the Group Chief Risk Officer (CRO), is part of the Group Risk Functions within BNP Paribas acting as the Second Line of Defence (2LoD). The DPRA, with a multidisciplinary team of international specialists with different backgrounds (IT, data, S&O, legal, etc.), has the responsibility for Group wide approach of key data privacy and protection topics and for coordination of activities of the Data Protection activity at Group level.
- The department has responsibility for independently oversight the Group BNP Paribas activities alignment with the Data Protection and Privacy (DPP) BNP Paribas framework on a worldwide scope. This is achieved by framing DPP framework, policies and guidelines for Group BNP Paribas, disseminating of a privacy by design culture across the Group, assessing the adequacy of the DPP framework set-up, controlling the effectiveness of the Group Entities DPP environment, contributing to the detection, anticipation and response to risks, alerting BNP Paribas Management, Risk Function (RISK) and DPP stakeholders on any significant risk issue.
- As part of the 2LoD, the department has the responsibility to identify the key DPP risks of the Bank, to influence business, functions and technology partners to make sound risk management decisions, and advise on the implementation of the adequate DPP controls and measures. The DPRA is responsible for oversight the BNP Paribas Group wide DPP incentives in straight collaboration with the main BNP Paribas Business and Functions teams/stakeholders, such IT Operations, Legal, Cloud, Cybersecurity, Data, Compliance, etc.

**Your Main Activities Are**

The Data Protection Risk Advisor will act as a trusted advisor for BNP Paribas Business and Functions (1LoD - first line of defence) and BNP Paribas DPOs (2LoD - second line of defence) to assist in the implementation, management and monitoring of the DPP strategy, by supporting the definition, implementation and operationalization of the Group’s DPP framework by Group Entities.
- Advising on the maintenance of the Group’s DPP framework, as well as the definition and creation of DPP policies, guidelines and procedures in line with the Group’s DPP strategy
- Independent review and challenge of the technical and operational DPP controls implemented by the BNP Paribas 1LoD and issue recommendations with regards to privacy, data protection and compliance with BNP Paribas framework, policies and guidelines, and data protection regulation (e.g. GDPR, CCPA, LGPD, PDPA, etc)
- Act as a trusted advisor to 1LoD (controllers/ processors) and 2LoD stakeholders regarding DPP management requirements and policies, such as:

- Oversight and check & challenge the most complex DPP initiatives, the design and rollout of the DPP strategy aligned with the overall BNP Paribas DPP framework and regulatory requirements, and oversight, assess and verify the 1LoD implementation of the strategy.
- Oversight and check & challenge transversal and complex Group wide data processing/ initiative impact assessments (DPIA), notable the adequacy of the lawful basis, controllership, risk evaluation, measures and controls implemented and DPO advisory.
- Document 1LoD decisions taken consistent with and opposing DPO’s advice, identify the key DPP risks and inform BNP Paribas’ Management, RISK and other key Business/Function stakeholders.
- Oversight and promote the maintenance of the processing operations record under the responsibility of the controller as one of the tools enabling compliance monitoring, informing and advising the BNP Paribas Functions and Entities controllers/ processors, Business Line DPOs and Territory DPOs.
- Oversight key Group data breaches and other DPP incidents to check and verify on the 1LoD and BNP Paribas DPOs risk identification, ensure the consistency of potential incidents qualification, conduct DPP post mortem analysis, and validate the adequacy and the implementation of controls implemented by the 1LoD.
- Monitor global regulatory changes and authority decisions, share and provide advice on DPP risk anticipation to the DPP community, providing lessons learned, best practices and guidelines, and maintaining the BNP Paribas DPP knowledge basis.
- Attend regular/ ongoing data protection, information security, privacy training and continuous improvement.

**Profile and Skills to Success**
- University degree and professional certifications (e.g. CIPP/E, CIPT, CIPM) in fields relevant to Data Privacy and Protection
- Experience working for a multi-national company from a central position (e.g. Group/ Head office level), preferably in the Financial sector
- Experience working as a consultant, advisor or auditor in initiatives related with data management, data protection, privacy and information security (notably Privacy by Design and Data Flow Mapping), preferably i