Vice President - Data Privacy & Protection
BNP Paribas · Mumbai, Maharashtra, India
BNP Paribas · Mumbai, Maharashtra, India
**Job Title: Vice President -** Data Privacy & Protection **Department** : Information Security **About Business Line/Function** Data Privacy function of ISPL helps the business to comply with data privacy & protection regulations and instill trust to staff & client while processing personal data by virtue of Data Privacy program governance, Local policy & procedure governance and analyzing PDP control requirements & ensuring adequate compliance. **Position Purpose** The **Data Privacy & Protection Manager** is the functional lead for the **ISPL Data Privacy team** and the central point of accountability for the design, implementation, and continuous improvement of ISPL’s privacy governance framework. Working hand‑in‑hand with key stakeholders, you will translate global privacy requirements into practical policies, controls, and processes that protect personal data across the enterprise while enabling innovation. **You Will Also Be Responsible For** - Driving the end‑to‑end privacy lifecycle – from risk‑based assessment and mapping to control implementation and ongoing monitoring. - Steering cross‑functional privacy initiatives and ensuring consistent, auditable execution of privacy‑by‑design principles. - Leading a small team of privacy analysts and acting as the escalation point for privacy incidents, audit findings, and regulator enquiries. **Responsibilities** **Direct Responsibilities** **Governance** - Continuously monitor privacy policies, manuals, and procedures; update them to reflect the group directed changes, regulatory changes, and emerging best practices. - Ensure timely escalation of compliance matters and contribute to senior‑level communications. - Provide subject matter expertise to ensure ISPL is aligned to the requirements set by the Group, CIB & Regulators - Provide opinions on GDPR data protection section of impact assessments, leading privacy assessments such as PDPQ, DPIA, TIAQ - Review to ensure compliance to India DPDP Act - Promote the continuous improvement of Privacy by Design framework by proactively identifying and proposing improvements to the current processes, while actively managing stakeholders and supporting them as SME in their data privacy and protection activities, by simplifying complex and technical concepts in a business-oriented way - Drive, present and participate in various relevant Data Privacy & protection committees - Maintain an efficient network across Territories 1LoD and 2LoD, and promote liaison and alignment with Central CIB Data Office initiatives - Contribute to the update and maintenance of knowledge base and transfer mechanisms, and coach new members as necessary - Develop and share best practices with the data protection network - Maintain a regulatory watch on data protection and contribute to disseminate a culture of personal data protection within ISPL - Continuous monitoring of Privacy materials, policies, manuals, procedures and ensure ongoing compliance with privacy laws and regulations - Ensure appropriate escalation and communication of compliance matters **Privacy Risk Management** - Complete an annual risk assessment for privacy compliance program, consistent with global requirements - Lead Privacy Impact Assessments for new technologies, products, and projects; embed mitigations before launch. - Liaise with the Controls team to support internal audits and regulator inspections, delivering required artefacts and corrective action plans. - Identify, assess, monitor, and mitigate data‑management, privacy, and record‑management risks across the enterprise. **Privacy Program Effectiveness** - Develop an annual calendar to monitor activities to be executed through the year (e.g., RoPA recertification, policy reviews). - Support the Program Lead in preparing concise, data‑driven management reports for senior leadership and board committees. **Contributing Responsibilities** **Governance** - Review and support privacy risk assessments for new business processes, ensuring alignment with the global privacy strategy. - Advise on privacy and data‑ethics considerations when shaping new business initiatives. - Drive Data Privacy & Protection Awareness programs, tailoring content for technical and non‑technical audiences. **Privacy Risk Management** - Proactively identify emerging privacy compliance risks, including regulatory changes, new technologies (AI/ML, cloud services), industry practices, and business initiatives. - Leverage analytics and metrics to surface risk trends, measure program maturity, and drive continuous improvement. **Privacy Program Effectiveness** - Establish, maintain, and report privacy KPIs via a scorecard, partnering with business units and Global Privacy teams to improve performance. - Ensure the Privacy program remains fully aligned with the overarching global privacy program. **Technical & Behavioral Competencies** - 12 – 15 years of experience in Data Privacy - Working knowledge and understanding of privacy laws and guidelines with respect to Data Privacy & Protection - Familiarity with data protection principles and GDPR, India DPDP Act (Knowledge on Philippines Data Protection Act would be an added advantage) - Any professional qualification of data privacy & protection such as data protection practitioner, CIPP / CIPM preferred - Experience of working with legal, audit and compliance teams - Experience of developing and maintaining policies, procedures, standards and guidelines - Work collaboratively with stakeholders to ensure globally-minded and aligned practices - Excellent interpersonal skills and strong background in information security and technology - Detail and process oriented and well versed with latest trends - Self-starter and able to work independently - Analytical skills including attention to detail - Confident and professional manner - Good interpersonal and verbal communication skills **Specific Qualifications** - BSc. / B.E. / B.Tech (ideal