Data Protection and Record Management Manager (1LOD)
This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.
BNP Paribas is the European Union's leading bank and a key player in international banking. We operate in 65 countries and employ 190,000 people, including nearly 145,000 in Europe. Our Group holds key positions in its three main fields of activity: Commercial, Personal Banking & Services; Investment & Protection Services; and Corporate & Institutional Banking (CIB) for corporate and institutional clients.
Our Securities Services business, which forms part of CIB, is a leading global custodian providing specialist post-trade and asset servicing solutions to buy and sell-side market participants, corporates and issuers. Based in 35 locations around the world, our award-winning Securities Services teams have built one of the most extensive custody network in the industry, giving clients the connectivity and local knowledge they need to navigate change in a fast-changing world.
The Chief Conduct & Controls Office (CCCO) function ensures oversight and delivery of the first line of defence, the permanent control framework and monitoring of risks. The department consists of governance, conduct and controls and data protection.The CCCO office reports to the Chief of Staff to the Head of the Securities Services UK & Middle East business line.
This role will work closely with business and OPC (Operational Permanent Control) Managers, Data Protection Office (GDO), Third Party Risk Management, Record Management Office (RMO), other Single Points of Contact (SPOCS) and the Territory Data Protection Officer (DPO), to support the business in complying with data protection legislation and other relevant legislation, Group and Metier policies and practices and other Level 1 operational RISK matters.
The purpose of the role is to co-ordinate the transversal level 1 RISK management framework in relation to:
1. the protection of personal data, including in relation to outsourcing, and to facilitate the effective operation of the risk management framework more generally
2. records management
3. Confidential data (excluding Data Loss Prevention and Information Security matters)
The risk management framework covers: permanent control and management of operational risk including risk assessments, procedures, controls & control plans, incident management and monitoring of all stated aspects of the framework. It does not follow that all topics have defined controls, but all defined controls need to be applied. This could mean that the need to apply new controls when and if created.
Key Responsibilities
Act as Data Protection Specialist (including both personal and confidential data) GDPR SPOC and RMO SPOC for Securities Services, London branch.
Supervisory relationship
• Relay information / request / consultation across 1st line of defence (LoD) related to supervisory matters provided by Data Office and Record Management Office.
Norms and Policies
• Be informed on guidelines and policies and communicate these guidelines and policies to the concerned operational managers and ensure application thereof.
Coordinate works within the 1st LoD on his/her perimeter
• Get the overall vision on personal data protection, confidential data protection and record management / issues / actions plans on their perimeters.
Personal data - Data Subjects
• Facilitate and coordinate information toward data subjects (change on contracts, information notice distribution, subject access requests, etc.
Data & Records Framework
Data and Records
• Ensure the effective implementation and long term compliance with personal data protection and record management Group policies.
• Ensure the effective application of guidance on the treatment of confidential data.
• Be informed and communicate with the CCCO, Data Office, Global OPC, the DPO, RMO, Business Lines and SMF on all matters relating to personal data, record management and confidentiality including, but not limited to, breaches, cross border transfers, third parties,
• Get an up to date global vision of all transfers of client data that do not contain Personal Data transfers (Cross borders, third parties, intra Group...) through outsourcing, procurement, business and IT inputs on his/her perimeter
Framework
• Overall responsibility for records of processing for both Securities Services and TrustCo
• Assist operational teams on level 1 risk assessment (internal consultation) for personal data, record management and confidential data matters
• Produce reports for 2LOD, OpCO, and CCCO, ICC, Data Committee in relation to personal data, record management and confidential data matters
• Ensure promotion of data protection and record management culture within the organization and ensure implementation of relevant and applicable training plans
The above requirements are defined by Securities Services. In addition to these requirements the
candidate must:
o Ensure the effective application of guidance on the treatment of confidential data,
o Draft and update relevant local procedures
o Provision of advice and practical assistance to OPC teams and business managers on a variety of relevant issues and work with LEGAL when required.
o Implement control plan monitoring of the personal data protection and record management level 1 control plan(s). Contribute to any future controls plans relating to confidential data (but excluding Data Loss Prevention and Information Security controls) after agreeing with other in scope teams e.g. Golden Rules from IT.
o Advise and participate in the outsourcing of personal and confidential data and systems and provide input or project management assistance in this capacity, as required
o Advise on negotiating and drafting provisions in relation to personal data protection and record management.
o Brief and update Business Lines and Functions on developments in this area including forthcoming legislation, Opinions and ICO guidance and how this will impact Securities Services
o Work closely with Client Lines and Client Delivery regarding new activities, products, services and outsourcing projects, and then to validate the identification of risks and controls in respect of personal data processing
o Partner with colleagues in other Group Companies regarding personal and confidential data protection and record management matters
o Prepare and review RFP and RFI responses in relation to personal data protection and record management
o Attend Group and Metier working groups and forums regarding personal data protection and record management and represent Securities Services at such meetings
o Review and sign off on all SLAs, RAFs, TACs, NACs from a GDPR/DPA 2018 perspective.
Line management responsibilities for one Data Protection and RMO Analyst.
The Requirements
Essential:
• An understanding of data protection, confidential information and record management principles and how they are practically applied
• Good understanding of the UK Financial Services market and Securities Services' industry, products and services
• Good understanding of the principles of risk management
• Excellent stakeholder management and collaboration skills
• Ability to communicate effectively at all levels in the organisation and foster strong relationships
• Proven experience in managing projects and complete high quality work against strict and completing deadlines
• High attention to detail and a strong commitment to quality control
• Self-starter with the ability to work on own initiative
• Accountability takes initiative and is accountable for their role
• Ability to apply pragmatic, commercial and risk based approaches to decision making
• Demonstrated behaviours of being organised, structured and able to recognise essential elements
Desirable:
• Proven track record of team management
• Good understanding Relevant Laws and of how the UK Financial Services Market and Securities Services uses information systems, information flows, and digital working platforms
• CIPP/E or equivalent qualification
Equal Opportunities
BNP Paribas promotes equality of opportunity and is committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity, race, religion or belief, sex or sexual orientation.
As an employee with BNP Paribas, we want to make sure that you are rewarded for your commitment. As such, you will be entitled to our award winning benefits package which includes a generous holiday allowance of at least 34 days (including bank holidays), a non-contributory pension of 12%, private healthcare, GP service and dental cover all as standard, along with a number of personal insurances such as income protection, life assurance and personal accident insurance. We believe in ensuring all our employees have a positive work life balance so in addition you will also have access to a variety of flexible lifestyle benefits such as cycle to work and green car leasing schemes, season ticket loans and reduced cinema and gym membership to name a few.