About the area
BBVA CIB’s Compliance team wants to incorporate a Compliance Officer responsible for the deployment of BBVA Group’s Corporate Data Protection Compliance Program within the CIB business area.
The role will be responsible for the implementation of the Program in CIB’s activities in Spain, and also for the coordination of the deployment of the Program in CIB’s branches abroad, ensuring a homogeneous, robust and risk-based approach.
About the position
BBVA CIB’s Compliance team wants to incorporate a Compliance Officer responsible for the deployment of BBVA Group’s Corporate Data Protection Compliance Program within the CIB business area.
The role will be responsible for the implementation of the Program in CIB’s activities in Spain, and also for the coordination of the deployment of the Program in CIB’s branches abroad, ensuring a homogeneous, robust and risk-based approach.
The main tasks and responsibilities of the role will be the following:
- Ensure the deployment of BBVA’s Corporate Data Protection Compliance Program in BBVA CIB’s activities and processes in Spain.
- Coordinate the deployment of BBVA’s Corporate Data Protection Compliance Program in BBVA CIB’s activities and processes in BBVA CIB’s branches abroad.
- Draft policies and procedures on data protection topics as well as internal reports and notes on specific projects or issues related to data protection.
- Perform risk assessments including corporate’s Risk and Control Self Assessment (RCSA) and develop mitigation measures and frameworks when issues and areas for improvement are identified in order to maintain the privacy risk appetite within tolerance levels.
- Review and maintain the Records of Processing Activities (RoPA) for CIB in Spain and coordinate the deployment, regular review and maintenance of the RoPA for CIB branches abroad.
- Elaborate and document Legitimate Interest Assessments (LIAs), Data Protection Impact Assessments (DPIAs), International Data Transfers Impact Assessments (TIAs) and advise BBVA CIB on projects that may require conducting these formal assessments in order for BBVA CIB teams to take adequate risk-based decisions.
- Attend regulatory and supervisory requests upon demand, as well as audits and other assurance exercises affecting CIB in Spain, and also supporting CIB branches in these requests when needed.
- Advise business units on transactions that require the involvement of the team.
- Participate in projects that require data protection analysis in relation to changes in systems, tools, workflows or processes that give rise to data protection risks in order to promote a privacy-by-design operating model embedded in product lifecycle and change management.
- Coordinate the relation with the Corporate Compliance Data Protection team in order to make sure that relevant developments in BBVA’s Corporate Data Protection Compliance Program are deployed in BBVA CIB.
- Identify, track and assess relevant regulatory and supervisory developments, guidance and enforcement trends and foster the necessary measures to adapt to them when needed.
- Promote a Compliance Culture within BBVA CIB by means of training actions, communications and sharing best practices, regulatory developments and relevant information with key stakeholders within the area.
- Report periodically the status of BBVA CIB’s Data Protection Compliance Program to relevant committees and senior management.
Qualifications
-Senior profile with at least 7 to 10 years of experience in the financial services industry.
-Experience in managing a Personal Data Protection program in a financial institution or at a minimum in an international corporation.
-Advanced knowledge of the GDPR and international regulatory and supervisory frameworks on personal data protection.
-Experience in Compliance or other control functions (Internal Audit, Internal Control…) will be highly valued.
-Knowledge of Corporate & Investment Banking activities and business (global markets, investment banking and finance, global transaction banking) will be highly valued as it is relevant for the position in order to adequately assess the inherent risks and deploy necessary measures proportionally.
-Hands-on experience coordinating multidisciplinary teams and stakeholders internationally, including local compliance officers, legal, IT, Security, Data, Operations, Business units or HR teams. Program Delivery Skills are needed, including:
- Demonstrated ability to run demanding, multi-stream programs: Roadmap creation, prioritisation, dependencies, milestones, resource planning.
- Strong capability in building and operating control frameworks, remediation tracking, KPI/KRI reporting.
- Evidence-driven approach to decision-making, including preparing executive briefings, committee papers, risk acceptances, audit responses.
-Excellent ability to communicate complex privacy requirements in clear, actionable terms to business leaders, compliance officers, product owners, engineers, data scientists or operations teams.
-Strong negotiation and influencing skills, including driving alignment without direct authority and managing conflicting priorities across geographies and functions.
-Executive presence: Comfortable challenging senior stakeholders constructively, able to frame issues in terms of business risk, customer trust, and regulatory exposure.
-Experience in coordinating the deployment of compliance programs globally will be highly valued.
-Legal background will be also highly valued.
-The person must be comfortable interacting with senior management and providing solutions under tight deadlines and a demanding business area.
-Fluency in English and Spanish.
-Soft Skills
- Exceptional organization skills: strong personal operating system (prioritisation, tracking, documentation, follow-through).
- High capacity / resilience: thrives under pressure, manages multiple urgent workstreams without loss of quality.
- Rigor and attention to detail: consistently produces precise, defensible outputs suitable for senior management, regulators and auditors.
- Analytical mindset: breaks down ambiguous problems, identifies root causes, proposes pragmatic solutions.
- Coordination excellence: orchestrate work across multidisciplinary and international teams; ensure accountability and timely delivery.
- Sound judgement: balance risk, compliance, customer impact, and operational feasibility; escalate appropriately when needed.
- Integrity and discretion: trusted with sensitive matters and regulatory interactions.
