Position Purpose
RISK ORM APAC mission is to provide RISK and APAC Management with a front-to-back consolidated view on operational risks of APAC activities to contribute to the reduction of operational risk and to better respond to the Regulator’s expectations. The RISK ORM APAC mandate is to challenge and supervise the Operational Risk management of APAC activities. It belongs to the second line of defence at BNP Paribas, as part of the Risk Function (RISK) and is placed under the responsibility of the APAC Chief Risk Officer.
The APAC Data Protection Correspondent (APAC DPC) is positioned within RISK ORM APAC and provides expertise on personal data protection related topics in accordance with the relevant RACI. The APAC DPC must assist the APAC Data Protection Officer (DPO) in supervising the compliance of projects and with legal and regulatory personal data protection requirements throughout the APAC region as well as the Group’s and APAC personal data protection policies. The DPC is to ensure second level controls by providing the required supervision and assistance to the 1st Line of Defence.
Responsibilities:
Direct Responsibilities
To contribute to relevant personal data protection activities realization
•To guarantee required norms and methods definition and application to a company’s good data protection risks apprehension (follow-up of projects, information systems adaptation, declarations conception and maintenance, subcontractors contracts analysis, follow-up on control plans reporting, etc.)
•To guarantee advice and assistance to strategical program ongoing.
To support the implementation of the privacy strategy defined by APAC DPO
•To assist the APAC DPO in the supervision and monitoring of implementation of the Group's Data Protection policies and guidelines, bearing the local regulatory requirements in mind, to ensure consistency
•To define action plans and corrections related, and to ensure application of the same
•To alert APAC DPO when activity is under operational risk (non-appropriateness between needs and resources, etc.), to propose correction solutions and to implement those solutions
•To contribute to continuous efficiency improvement and to any optimization process.
To contribute to operational activities achievement
•To adjudicate or mediate APAC DPO engaging decisions, emergencies and escalated issues
To contribute to permanent control actions
•To contribute to perform LOD2 controls and challenge LOD1
•To contribute to perform the check and challenge of the RCSA
•To contribute to RISK ID exercise
•To contribute to OR&C report
To ensure a professional network development
•To participate in local Data Protection Committees when requested by the DPO
•To contribute to Internal Control Committee
•To collaborate with local CROs and RISK teams
Supporting Responsibilities
•To assist the DPO on exchanges with the authorities in charge of the protection of personal data under the responsibility of the DPO
•To assist the DPO in the supervision and implementation of Privacy by Design principles throughout the lifecycle of all projects, activities, products, services, processes and systems
•To contribute to role development by validating data protection requirements for new activities, new products, services or specific operations, and to carry a technical assistance
•To receive, process and advise internal and external local solicitations about data protection
•To receive, process and advise requests from data subjects, subcontractors and partners etc.
•To itemise existing processes and identify breaches regarding data protection requirements (APAC local regulation & GDPR requirements)
•To contribute to perform risk assessment on personal data breaches
•To assist the DPO in monitoring documentation, e.g. the RoPA (Register of Processing Activities)
•To contribute to the identification and notification process for data protection violations according to defined procedures and local legal requirements
•To realize effectiveness for data protection controls and to ensure expected reporting
•To ensure regular reporting to APAC DPO about the activity
•To assist the DPO, where required, with local language nuances, law and practices.
•To contribute in the creation and implementation of awareness programs and to the promotion of a culture of protection of personal data within the scope of responsibility.
Technical & Behavioral Competencies:
*Level:
Level 1: Deep Level 2: Intermediary Level 3: Basic
Knowledge (Required to exercise the position)
•To know standards and norms about data protection - Level 1
Know-how (Implementation of technics, methods, tools to achieve activities)
Technics
•To know how to assess maturity level of the existing facility about Data Privacy - Level 1
Transverse
•To have a professional face-to-face or phone discussion in a foreign language - Level 1
•To prioritize - Level 1
•To efficiently manage several topics at the same time - Level 1
•To issue advice / recommendation taking into account every parameters - Level 1
•To have an efficient speaking communication - Level 1
•To conceptualize / to formalize an idea, a process or a project - Level 1
•To have an efficient writing communication - Level 1
Tools
•To work with BNP Paribas tools (e.g. Data Protection Hub, Risk 360) - Level 2
Behavioural and soft skills:
•To efficiently multi-task with topics and maintain attention to detail / rigor - Level 1
•To issue advice / recommendation considering all parameters - Level 1
•To have efficient communication skills (oral & written) - Level 1
•To conceptualize / formalize an idea, a process or a project - Level 2
•To work as a team / transversally - Level 1
•To identify and analyse risks for the activities that are handled - Level 1
•To assess, issue an opinion - Level 1
•To deploy a strategy and to define an action plan - Level 2
•To animate resources and coordinate their intervention - Level 1
•To show diplomacy to allow a message to be heard - Level 1
•To show conviction, to generate interlocutor’s acceptance - Level 1
•Being able to anticipate and come up with ideas - Level 2
•Creativity and innovation - Level 2
•To show discretion about delicate and/or confidential topics - Level 1
•Ability to manage conflict - Level 2
•To integrate multicultural dimension - Level 1
Special Qualifications (If required)
•Degree holder in legal,business or computer science or IT
•At Least 5 years of relevant experience in IT risk, Cyber security, Data Protection and related regulatory topics
•CIPP Certification or similar privacy certificate would be a plus
a very good understanding of EU GDPR with IAPP/E certification
•3-5 years relevant working experience in privacy is a minimum
•5-8 years in total working experience
•Previous APAC or cross-territory experience preferred
•Experience in senior level reporting and discussion