Data Protection Risk Advisor

DATA PROTECTION RISK ADVISOR (JOB NUMBER: 2206RSK11598)

**About the job**
- The BNP Paribas Group Data Protection Risk Advisory department (DPRA) reports to the Group Chief Risk Officer (CRO). The DPRA, with a multidisciplinary team of international specialists with different backgrounds (IT, data, S&O, legal, etc.), has the responsibility for Group wide approach of key data privacy and protection transversal projects and for coordination of activities of the Data Protection activity at Group level.
- The department has responsibility for oversight the Group BNP Paribas activities alignment with the Data Protection and Privacy (DPP) BNP Paribas framework on a worldwide scope. This is achieved by framing DPP framework, policies and guidelines for Group BNP Paribas, adopting privacy IT controls and systems, disseminating of a privacy by design culture across the Group, assessing the adequacy of the DPP framework set-up, controlling the effectiveness of the Group Entities DPP environment, contributing to the detection, anticipation and response to privacy risks, alerting BNP Paribas Management and DPP stakeholders on any significant risk issue.
- The department has the responsibility to identify the key DPP risks of the Bank, to influence business, functions and technology partners to make sound risk management decisions, and advise on the implementation of the adequate DPP controls and measures. The DPRA is responsible for oversight the BNP Paribas Group wide DPP incentives in straight collaboration with the main BNP Paribas Business and Functions teams/stakeholders, such IT Operations, Legal, Cloud, Cybersecurity, Data, Compliance, etc.
- The Data Protection Advisor will act as a trusted advisor for BNP Paribas Business and Functions and oversight BNP Paribas DPOs, to assist in the implementation, management and monitoring of the DPP strategy, by supporting the definition, implementation and operationalization of the Group’s DPP framework by Group Entities.

**Your Main Activities Are**
- Advising on the maintenance of the Group’s DPP Governance and framework, as well as the definition and creation of DPP policies, guidelines and procedures of Group BNP Paribas
- Independent review and challenge of the technical and oper
- ational DPP controls implemented and issue recommendations with regards to privacy, data protection and compliance with the Group BNP Paribas DPP framework and regulation (e.g. GDPR, CCPA, LGPD, PDPA, etc)
- Act as a trusted advisor of key internal stakeholders (e.g. CDOs, CISOs, DPOs, Business, among others) regarding manage DPP requirements, such as
- Oversight and check & challenge complex and transversal DPP initiatives, design and rollout of the DPP strategy, and strategy implementation
- Oversight and check & challenge transversal and complex Group wide data processing/ initiative impact assessments (DPIA), notable the adequacy of controls and measures, controllership, transfers, etc
- Identify key DPP risks, inform BNP Paribas’ Management and key stakeholders such IT and Business among other, and oversight the decisions to manage those risks
- Oversight key Group data breaches and other DPP incidents and work with key stakeholders (such CDO, CISO, DPO, IT, Legal, etc.) on the risk identification, ensure the consistency of potential incidents qualification, conduct post mortem analysis, and validate the adequacy and solutions implementation
- Monitor and advice on the interactions with authorities and other external stakeholders, analyzing the requests, actions to be taken and producing lessons learned among the BNP Paribas worldwide DPP community
- Monitor global regulatory changes and authority decisions, share and provide advice on DPP risk anticipation to the DPP community, providing lessons learned, best practices and guidelines, and leveraging on the BNP Paribas DPP knowledge basis
- Attend regular/ ongoing data protection, information security, privacy training and continuous improvement

**Profile and Skills to Success**
- Bachelor Degree in IT Engeneering, Data Protection, Cyersecurity, Risk
- At least 4 years of relevant experience - two of them in Data Protection
- Advanced level (B1-B2) of English, both oral and written (mandatory)
- Intermediate level (A2-B1) of French it’s a plus
- Knowledge in
- Privacy, DPIA, Data breach, ROPA
- Risk Management Tools
- Privacy And Security Tools and Controls
- Skills
- Resilience
- Proactivity
- Ability to collaborate / Teamwork
- Ability to develop and leverage networks
- Ability to manage / facilitate a meeting, seminar, committee, training, among others

**About The Team**
- At BNP Paribas, we work continuously on behalf of our clients, helping them to realize their projects around the world. You can be an important part of this, helping us to serve our clients both in mature and emerging markets, providing them with financial solutions across a diverse range of expertise, products and services. Our origins lie in Europe,