Vice President - Data Privacy & Protection

Vice President - Data Privacy & Protection

Department: Information Security

About Business Line/Function

The Data Privacy function of ISPL helps the business to comply with data privacy & protection regulations and instill trust to staff & client while processing personal data by virtue of Data Privacy program governance, Local policy & procedure governance and analyzing PDP control requirements & ensuring adequate compliance.

Position Purpose

The Vice President - Data Privacy & Protection is the functional lead for the ISPL Data Privacy team and the central point of accountability for the design, implementation, and continuous improvement of ISPL’s privacy governance framework. Working hand‑in‑hand with key stakeholders, you will translate global privacy requirements into practical policies, controls, and processes that protect personal data across the enterprise while enabling innovation.

You Will Also Be Responsible For

• Driving the end‑to‑end privacy lifecycle – from risk‑based assessment and mapping to control implementation and ongoing monitoring.
• Steering cross‑functional privacy initiatives and ensuring consistent, auditable execution of privacy‑by‑design principles.
• Leading a small team of privacy analysts and acting as the escalation point for privacy incidents, audit findings, and regulator enquiries.

Responsibilities

Direct Responsibilities

Governance

• Continuously monitor privacy policies, manuals, and procedures; update them to reflect the group directed changes, regulatory changes, and emerging best practices.
• Ensure timely escalation of compliance matters and contribute to senior‑level communications.
• Provide subject matter expertise to ensure ISPL is aligned to the requirements set by the Group, CIB & Regulators.
• Provide opinions on GDPR data protection section of impact assessments, leading privacy assessments such as PDPQ, DPIA, TIAQ.
• Review to ensure compliance to India DPDP Act.
• Promote the continuous improvement of Privacy by Design framework by proactively identifying and proposing improvements to the current processes, while actively managing stakeholders and supporting them as SME in their data privacy and protection activities, by simplifying complex and technical concepts in a business-oriented way.
• Drive, present and participate in various relevant Data Privacy & Protection committees.
• Maintain an efficient network across Territories 1LoD and 2LoD, and promote liaison and alignment with Central CIB Data Office initiatives.
• Contribute to the update and maintenance of knowledge base and transfer mechanisms, and coach new members as necessary.
• Develop and share best practices with the data protection network.
• Maintain a regulatory watch on data protection and contribute to disseminate a culture of personal data protection within ISPL.
• Continuous monitoring of Privacy materials, policies, manuals, procedures and ensure ongoing compliance with privacy laws and regulations.
• Ensure appropriate escalation and communication of compliance matters.

Privacy Risk Management

• Complete an annual risk assessment for privacy compliance program, consistent with global requirements.
• Lead Privacy Impact Assessments for new technologies, products, and projects; embed mitigations before launch.
• Liaise with the Controls team to support internal audits and regulator inspections, delivering required artefacts and corrective action plans.
• Identify, assess, monitor, and mitigate data‑management, privacy, and record‑management risks across the enterprise.

Privacy Program Effectiveness

• Develop an annual calendar to monitor activities to be executed through the year (e.g., RoPA recertification, policy reviews).
• Support the Program Lead in preparing concise, data‑driven management reports for senior leadership and board committees.

Contributing Responsibilities

Governance

• Review and support privacy risk assessments for new business processes, ensuring alignment with the global privacy strategy.
• Advise on privacy and data‑ethics considerations when shaping new business initiatives.
• Drive Data Privacy & Protection Awareness programs, tailoring content for technical and non‑technical audiences.

Privacy Risk Management

• Proactively identify emerging privacy compliance risks, including regulatory changes, new technologies (AI/ML, cloud services), industry practices, and business initiatives.
• Leverage analytics and metrics to surface risk trends, measure program maturity, and drive continuous improvement.

Privacy Program Effectiveness

• Establish, maintain, and report privacy KPIs via a scorecard, partnering with business units and Global Privacy teams to improve performance.
• Ensure the Privacy program remains fully aligned with the overarching global privacy program.

Technical & Behavioral Competencies

• 12 – 15 years of experience in Data Privacy.
• Working knowledge and understanding of privacy laws and guidelines with respect to Data Privacy & Protection.
• Familiarity with data protection principles and GDPR, India DPDP Act (Knowledge on Philippines Data Protection Act would be an added advantage).
• Any professional qualification of data privacy & protection such as data protection practitioner, CIPP / CIPM preferred.
• Experience of working with legal, audit and compliance teams.
• Experience of developing and maintaining policies, procedures, standards and guidelines.
• Work collaboratively with stakeholders to ensure globally-minded and aligned practices.
• Excellent interpersonal skills and strong background in information security and technology.
• Detail and process oriented and well versed with latest trends.
• Self-starter and able to work independently.
• Analytical skills including attention to detail.
• Confident and professional manner.
• Good interpersonal and verbal communication skills.

Specific Qualifications

• BSc. / B.E. / B.Tech (ideal).
• Any professional qualification of data privacy & protection such as data protection practitioner, CIPP / CIPM preferred.
• Language preference (Mandatory): Fluency in English.

Transversal Skills (Required knowledge, skills and abilities)

• Ability to understand, explain and support change.
• Analytical Ability.
• Ability to manage a project.
• Ability to develop and adapt a process.
• Ability to manage / facilitate a meeting, seminar, committee, training.

Behavioral Skills

• Ability to collaborate / Teamwork.
• Attention to detail / rigor.
• Ability to deliver / Results driven.
• Creativity & Innovation / Problem solving.

Education Level: Bachelor Degree or equivalent

About BNP Paribas Group

BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability.

About BNP Paribas India Solutions

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

Key skills/competency

• Data Privacy Governance
• GDPR Compliance
• India DPDP Act
• Privacy Risk Management
• Policy Development
• Information Security
• Audit Liaison
• Privacy by Design
• Stakeholder Management
• Program Leadership