Job
Description
Position Purpose Located within the RISK Function of BNP Paribas (BNPP), the role of the Data Protection Correspondent (DPC) is to ensure that the components of the operational risk management framework are implemented and operating effectively within ISPL, and to provide RISK ORM management and Business senior management with relevant, synthetic, transparent, exhaustive and consistent information and a front-to-back view of operational risk across ISPL activities. To achieve this objective, this 2nd line of defense (LOD2) role works closely with RISK ORM Regional and Central teams and with ISPL management and stakeholders. The DPC provides expertise on personal data protection related topics in accordance with the relevant RACI. India DPC must assist India Data Protection Officer (DPO) in supervising the compliance of projects and with legal and regulatory personal data protection requirements throughout the APAC region as well as the Groups and APAC personal data protection policies. RISK ORM ISPL mandate is to independently challenge and supervise the operational risk management framework of ISPL activities as described in level 2 procedure Organizational framework and governance for Operational Risk Management & Permanent Control Framework. This includes control framework adequacy checks, independent challenge, proximity with the business and contribution to the sign-off process on key decisions. The DPC is to ensure second level controls by providing the required supervision and assistance to the 1st Line of Defense Due to the global and regional models applied by the BNP Paribas (BNPP) activities outsourced to ISPL, the role covers the contribution as well to reviews, control testing, analysis and reports carried out under the supervision of the APAC DPO Regional teams. Responsibilities Direct Responsibilities To contribute to relevant personal data protection activities realization To guarantee required norms and methods definition and application to a companys good data protection risks apprehension (follow-up of projects, information systems adaptation, declarations conception and maintenance, subcontractors contracts analysis, follow-up on control plans reporting, etc.) To guarantee advice and assistance to strategical program ongoing. To support the implementation of the privacy strategy defined by DPO To assist the DPO in the supervision and monitoring of implementation of the Group's Data Protection policies and guidelines, bearing the local regulatory requirements in mind, to ensure consistency To define action plans and corrections related, and to ensure application of the same To alert DPO when activity is under operational risk (non-appropriateness between needs and resources, etc.), to propose correction solutions and to implement those solutions To contribute to continuous efficiency improvement and to any optimization process. To contribute to operational collaborative activities To support and assist APAC DPO team for control campaigns, typical DPO and RISK ORM activities in BAU (e.g. RCSA check & challenge, data breach assessments, project and third-party risk assessment support see below), but also in case of emergencies and escalated issues To contribute to permanent control actions To contribute to perform LOD2 controls and challenge LOD1 To contribute to perform the check and challenge of the RCSA To contribute to RISK ID exercise To contribute to OR&C report To ensure professional network development To participate in local Data Protection Committees when requested by the DPO To contribute to Internal Control Committee To collaborate with local CROs and RISK teams Contributing Responsibilities To assist the DPO on exchanges with the authorities in charge of the protection of personal data under the responsibility of the DPO To assist the DPO in the supervision and implementation of Privacy by Design principles throughout the lifecycle of all projects, activities, products, services, processes and systems To contribute to role development by validating data protection requirements for new activities, new products, services or specific operations, and to carry technical assistance To receive, process and advise internal and external local solicitations about data protection To receive, process and advise requests from data subjects, subcontractors and partners etc. To itemize existing processes and identify breaches regarding data protection requirements using your broad knowledge on APAC-wide local regulation (at minimum: Indias new DPDPA & GDPR requirements To contribute to perform risk assessment on personal data breaches To assist the DPO in monitoring documentation, e.g. the RoPA (Register of Processing Activities) To contribute to the identification and notification process for data protection violations according to defined procedures and local legal requirements To realize effectiveness for data protection controls and to ensure expected reporting To ensure regular reporting to DPO about the activity To contribute to the creation and implementation of awareness programs and to the promotion of a culture of protection of personal data within the scope of responsibility. * DPO may refer to India DPO or APAC DPO or Business Line DPO as the case may be reflecting a matrix organization while maintaining a direct reporting to the India DPO Technical & Behavioral Competencies Knowledge (Required to exercise the position) Level * To know standards and norms about data protection 1 Know-how (implementation of technics, methods, tools to achieve activities) Level * Technics To know how to assess maturity level of the existing facility about Data Privacy 1 Transverse To have a professional face-to-face or phone discussion with an overseas colleague 1 To prioritize 1 To efficiently manage several topics at the same time 1 To issue advice / recommendation considering every parameter 1 To have an efficient speaking communication 1 Tools To work with BNP Paribas tools (e.g. Data Protection Hub, RISK360) 2 Behavioral and soft skills To efficiently multi-task with topics and maintain attention to detail / rigor 1 To issue advice / recommendation considering all parameters 1 To have efficient communication skills (oral & written) 1 To conceptualize / formalize an idea, a process or a project 2 To work as a team / transversally 1 To identify and analyse risks for the activities that are handled 1 To assess, issue an opinion 1 To deploy a strategy and to define an action plan 2 To animate resources and coordinate their intervention 1 To show diplomacy to allow a message to be heard 1 To show conviction, to generate interlocutors acceptance 1 Being able to anticipate and come up with ideas 2 Creativity and innovation 2 To show discretion about delicate and / or confidential topics 1 Ability to manage conflict 2 To integrate multicultural dimension 1 * Level: Level 1: Deep Level 2: Intermediary Level 3: Basic Specific Qualifications Legal background with IAPP Certification (CIPP/E) or equivalent Skills Referential Behavioural Skills : (Please select up to 4 skills) Communication skills - oral & written Attention to detail / rigor Creativity & Innovation / Problem solving Client focused Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to develop and leverage networks Ability to develop and adapt a process Ability to understand, explain and support change Ability to set up relevant performance indicators Education Level: Bachelor Degree or equivalent Experience Level At least 5 years Other/Specific Qualifications (if required) Business Skills 1. Data Protection 2. Risk knowledge and awareness 3. Risk anticipation 4. Data quality & Security 5. Regulatory 6. Business analytics 7. New Technologies and Digital Law [IT/IP] 8. IT risk and cyber security .
