• Contributes to the development and implementation of an enterprise-wide Group Privacy and Data Protection risk governance program. Integrated within the RISK Operational Risk Management (ORM) Iberian Centre of Excellence, successful candidate will have proven record of developing and implementing personal data protection management programs in global organizations, with robust knowledge of data management, privacy and related tools

• Establish Privacy and Personal Data Protection framework for the bank within the three lines of defence model in alignment with the Group Risk Management Framework
• Drive effective implementation and communication of Privacy and data protection policies and guidelines
• Provide direction, support and oversight with respect to management of privacy and personal data protection risks to the network of Data Protection Officer’s (DPO)
• Establish and oversee the privacy and personal data protection infrastructure and ensure practices are consistent with regulatory expectations and industry sound practices
• Participate in Group’s strategic privacy projects in liaison with other Group Functions
• Act as privacy Subject-Matter Expert (SME) and influence the roadmap of the Group privacy tool
• Participate in local privacy committees to explain the privacy risk exposure and any developments on the Group Privacy Framework
• Lead global DPO training programs, forums and seminars, including identification of relevant topics, liaison with third parties and planning
• Provide effective reporting on privacy and personal data protection, review metrics and provide Group privacy risk profile
• Support with the organization of the Group Privacy Committee
• Review and arbitrate exceptions raised by entities for the deployment of the Group Privacy Framework
• Participate in the planning and development of personal data protection events and forums with the global DPO network
• Manage, support and coach more junior members of the team

• 4-8 years of experience in management privacy and personal data protection
• Degree in Law (or equivalent relevant qualification in the privacy domain) is preferred
• Good understanding of risk and control management standards
• A professional qualification relevant to Data Privacy (Certified Information Privacy Professional - Europe (CIPP/E), Certified Information Privacy Professional – US-Massachusetts (CIPP/M), or similar) is a plus
• Knowledge or practical experience of privacy tools is a plus
• Good stakeholder management skills
• Excellent communication skills; Considers the audience, avoiding technical jargon wherever necessary and appropriate
• Experience of formal document creation, such as the creation of presentations, reports or procedures
• Fluent in English, able to articulate the message for medium and senior stakeholders, and write complex documents/procedures
• Presenting documentation in a professional and well-structured format
• Strong Microsoft Office skills (core applications)
• Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management
• French Language is a plus
• Team-player – focus on the success of the whole team. Working well both with others, as well as individually
• Good listening and analytical skills – being able to come to a thoughtful and business focused conclusion quickly
• Ability to co-operate and work well with others adopting an approachable style – Important as we work closely with a large and diverse set of suppliers and customers
• Ability to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits
• Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate
• Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done
• Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well
• Being rigorous and thorough – especially when logging and tracking issues through to conclusion
• Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in privacy, artificial intelligence and data ethics

• The mission of RISK ORM Group Data Protection is to promote the implementation and operationalization of Data Protection policies and procedures with support from business stakeholders. We aim to provide a catalogue of services to all BNP Paribas platforms. Leveraging the risk management framework, our support will facilitate delivery of Group Data Protection goals
• Within RISK ORM Group Data Protection (GDP), the Governance, Framework & Reporting team is responsible for establishing Second Line of Defence (2LoD) Data Protection framework and enablers to support RISK ORM GDP team pillars, ensuring alignment with wider RISK ORM framework and governance, and consolidating reporting to contribute to relevant RISK Committees
• Development of Group RISK Privacy framework and monitor deployment and adoption by local entities
• Review and arbitrate exceptions requests raised by local entities
• Conduct and coordinate Group Privacy Governance, including Group Privacy & Data Protection Committee
• Liaise with RISK teams and contribute to the Group RISK Artificial intelligence (AI) framework and participate to the Group RISK AI Governance
• Liaison with regulators and Internal Governance (IG) on privacy and data protection enquiries and requests
• Independent review of first line of defence (1LoD) privacy frameworks and templates issued by 1LoD
• Liaise with LEGAL, Global Delivery Operations (GDO) and Group of Information Technology (IT) to ensure alignment among the several Group Frameworks and regulatory requirements and provide SME advise on privacy matters
• Facilitate adoption of RISK ORM framework in the privacy domain, support local teams and develop guidance and tools to perform these activities by DPOs and Data Protection Coordinator’s (DPCs)
• Produce quarterly Data Protection incident management reporting and dashboards – funnel recommendations and opportunities for check/challenge and lessons learned to Data Protection (DP) Advisory
• Coordinate or contribute to ad-hoc reporting on Data Protection topics for ratings agencies, insurers, and other stakeholders
• Interact with other Group teams to provide inputs from RISK to regulators’ enquiries and/or consultation about new privacy regulations
• Contribute to and support development of ad-hoc reports and Data Protection risk opinions with local business line and territory Data Protection teams
• Coordinate responses to industry bodies on behalf of BNPP Group Data Protection
• Steer and act as SME to co-define Data Protection Hub strategy deriving from Group Privacy and Data Protection Framework
• Act as Data Protection SME as need in support of content development, white papers and thought leadership produced for Data Protection teams and other stakeholders
• Prepare, conduct and steer Global Training Program as well as animate the DPO and DPCs global forums and seminars

#LI-Hybrid

Why joining BNP Paribas? 

Leading player in banking and financial services in Europe, BNP Paribas operates in 64 countries and has nearly 178,000 employees, including more than 144,000 in Europe 

The Group holds key positions in several areas of banking and financial services that are structured around three operating divisions:

In Portugal since 1985, BNP Paribas today has more than 9.220 employees, distributed across the Group's 10 business entities established in the country. Its presence also extends to 11 centres of expertise providing value-added services to various countries where the BNP Paribas Group also operates.

BNP Paribas ´ambition is to cultivate an open and responsive environment for all that encourages collaboration and interaction. We demonstrate our commitment by actively contributing to the Group’s Diversity and Inclusion strategy and goals, in line with the United Nations Sustainable Development Goals. As part of our local Corporate and Social Responsibility – Diversity & Inclusion strategy, BNP Paribas Portugal is committed to:

To foster the effort of BNP Paribas Portugal, multiple initiatives and events take place throughout the year where our people can find out more on the importance of diversity inclusion at the workplace and in our society.

At BNP Paribas, we embrace a Smart Working framework based on trust, autonomy and collaboration. Within this framework, eligible employees can benefit from flexible remote working options adapted to our hybrid working environment. To ensure a comfortable and efficient working setup, eligible employees are provided with both office and home equipment, are entitled to an equipment allowance and can benefit from exclusive partnerships to purchase additional items at reduced prices. 

Supporting employees in a hybrid way of working while providing them with the means to maintain a work-life balance is an essential dimension of our Smart Working program. At BNP Paribas, we care about our employees’ wellbeing and promote a culture of good integration between work and personal life. 

To find out more on why you should join BNP Paribas please read our Employee Value Proposition and our Career path page.

* Please note that only applications submitted in English will be considered. 

* In case you are selected for this role, further documentation will be requested to support your hiring process.