CIB Compliance Data Protection – Principal Manager

The role will be responsible for the implementation of the Program in CIBs activities in Spain and also for the coordination of the deployment of the Program in CIBs branches abroad ensuring a homogeneous robust and risk-based approach.

The main tasks and responsibilities of the role will be the following:

• Ensure the deployment of BBVAs Corporate Data Protection Compliance Program in BBVA CIBs activities and processes in Spain.

• Coordinate the deployment of BBVAs Corporate Data Protection Compliance Program in BBVA CIBs activities and processes in BBVA CIBs branches abroad.

• Draft policies and procedures on data protection topics as well as internal reports and notes on specific projects or issues related to data protection.

• Perform risk assessments including corporates Risk and Control Self Assessment (RCSA) and develop mitigation measures and frameworks when issues and areas for improvement are identified in order to maintain the privacy risk appetite within tolerance levels.

• Review and maintain the Records of Processing Activities (RoPA) for CIB in Spain and coordinate the deployment regular review and maintenance of the RoPA for CIB branches abroad.

• Elaborate and document Legitimate Interest Assessments (LIAs) Data Protection Impact Assessments (DPIAs) International Data Transfers Impact Assessments (TIAs) and advise BBVA CIB on projects that may require conducting these formal assessments in order for BBVA CIB teams to take adequate risk-based decisions.

• Attend regulatory and supervisory requests upon demand as well as audits and other assurance exercises affecting CIB in Spain and also supporting CIB branches in these requests when needed.

• Advise business units on transactions that require the involvement of the team.

• Participate in projects that require data protection analysis in relation to changes in systems tools workflows or processes that give rise to data protection risks in order to promote a privacy-by-design operating model embedded in product lifecycle and change management.

• Coordinate the relation with the Corporate Compliance Data Protection team in order to make sure that relevant developments in BBVAs Corporate Data Protection Compliance Program are deployed in BBVA CIB.

• Identify track and assess relevant regulatory and supervisory developments guidance and enforcement trends and foster the necessary measures to adapt to them when needed.

• Promote a Compliance Culture within BBVA CIB by means of training actions communications and sharing best practices regulatory developments and relevant information with key stakeholders within the area.

• Report periodically the status of BBVA CIBs Data Protection Compliance Program to relevant committees and senior management.

Qualifications

-Senior profile with at least 7 to 10 years of experience in the financial services industry.

-Experience in managing a Personal Data Protection program in a financial institution or at a minimum in an international corporation.

-Advanced knowledge of the GDPR and international regulatory and supervisory frameworks on personal data protection.

-Experience in Compliance or other control functions (Internal Audit Internal Control) will be highly valued.

-Knowledge of Corporate & Investment Banking activities and business (global markets investment banking and finance global transaction banking) will be highly valued as it is relevant for the position in order to adequately assess the inherent risks and deploy necessary measures proportionally.

-Hands-on experience coordinating multidisciplinary teams and stakeholders internationally including local compliance officers legal IT Security Data Operations Business units or HR teams. Program Delivery Skills are needed including.

• Demonstrated ability to run demanding multi-stream programs: Roadmap creation prioritisation dependencies milestones resource planning.

• Strong capability in building and operating control frameworks remediation tracking KPI/KRI reporting.

• Evidence-driven approach to decision-making including preparing executive briefings committee papers risk acceptances audit responses.

-Excellent ability to communicate complex privacy requirements in clear actionable terms to business leaders compliance officers product owners engineers data scientists or operations teams.

-Strong negotiation and influencing skills including driving alignment without direct authority and managing conflicting priorities across geographies and functions.

-Executive presence: Comfortable challenging senior stakeholders constructively able to frame issues in terms of business risk customer trust and regulatory exposure.

-Experience in coordinating the deployment of compliance programs globally will be highly valued.

-Legal background will be also highly valued.

-The person must be comfortable interacting with senior management and providing solutions under tight deadlines and a demanding business area.

-Fluency in English and Spanish.

-Soft Skills:

• Exceptional organization skills: strong personal operating system (prioritisation tracking documentation follow-through).

• High capacity / resilience: thrives under pressure manages multiple urgent workstreams without loss of quality.

• Rigor and attention to detail: consistently produces precise defensible outputs suitable for senior management regulators and auditors.

• Analytical mindset: breaks down ambiguous problems identifies root causes proposes pragmatic solutions.

• Coordination excellence: orchestrate work across multidisciplinary and international teams; ensure accountability and timely delivery.

• Sound judgement: balance risk compliance customer impact and operational feasibility; escalate appropriately when needed.

• Integrity and discretion: trusted with sensitive matters and regulatory interactions.