Internal Audit Senior Manager II - Technology Risk

BBVA

CCPA Notice at Collection and Privacy Policy

Last updated date : April 04, 2023

Effective Date : January 1, 2023

The following California Consumer Privacy Act and California Privacy Rights Act ( CCPA / CPRA ) Notice at Collection and Privacy Policy shall not apply to the collection, processing, sale or disclosure of any information (i) that a consumer provides to us to obtain a financial product or service from us, or (ii) about a consumer resulting from any transaction involving a financial product or service between us and the consumer;

or (iii) we otherwise obtain about a consumer in connection with providing a financial product or service to that consumer.

To better understand your rights in respect of any such information excluded from the following CCPA / CPRA Notice at Collection and Privacy Policy, please instead reference the CIB BBVA Privacy page, which you may visit at the following web link : ".

This NOTICE AT COLLECTION AND PRIVACY POLICY FOR CALIFORNIA RESIDENTS supplements the information contained in the Consumer Privacy Disclosure of Banco Bilbao Vizcaya Argentaria, ( BBVA ) and each of the following affiliates of BBVA Banco Bilbao Vizcaya Argentaria, New York Branch;

BBVA Securities Inc.; and Banco Bilbao Vizcaya Argentaria, San Francisco Representative Office (collectively, we, us, , our , or BBVA ) and applies solely to residents of the State of California ( consumers or you ).

We adopt this statement to comply with the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 ( CCPA / CPRA ), as amended from time to time, and other California privacy laws.

Any terms defined in the CCPA / CPRA have the same meaning when used in this statement. For California residents, the provisions of this Notice at Collection and Privacy Policy prevail over any conflicting provisions of the BBVA Consumer Privacy Disclosure and / or the BBVA Online Privacy Policy.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household subject to the CCPA / CPRA ( Personal Information ).

Some examples of Personal Information which BBVA has collected from consumers are listed below; note however, that this may not be an exhaustive list.

Category Example A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

B. Categories of Personal Information listed in the California Customer Records statute (Cal. Civ. Code A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories. C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

F. Internet or other similar network activity. Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement G.

Geolocation data. Physical location or movements. H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information.

I. Professional or employment-related information. Current or past job history or performance evaluations. J. Inferences drawn from other Personal Information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Personal Information does not include :

• Publicly available information from government records.
• De-identified or aggregate consumer information.
• Other information to the extent excluded from the CCPA / CPRA's scope, such as : Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), the Family Educational Rights and Privacy Act, or California Financial Information Privacy Act (CalFIPA), and the Driver's Privacy Protection Act of 1994;
• health or medical information that constitutes clinical trial data or that is otherwise covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), or the California Confidentiality of Medical Information Act (CMIA);

Sources of Personal Information

With respect to each of the categories of Personal Information listed in the table above, we obtain such Personal Information from a variety of sources, including from :

• our customers and consumers, with respect to both online and offline interactions they may have with us or our service providers, and other entities with whom you transact;
• In the event that our customers provide beneficial owners' personal information, it will be the responsibility of that customer to communicate the contents of this notice at collection to them.
• authorized agents or authorized parties who may deal with us on your behalf or through the provision of services;
• credit bureaus;
• identify verification and fraud prevention service providers;
• marketing and analytics providers;
• public databases;
• social media platforms;
• government entities;
• internet service providers and the devices you use to access our websites, mobile applications, and online services or platforms; and
• data brokers.

Use of Personal Information

With respect to each of the categories of Personal Information listed in the table above, we may use or disclose such Personal Information for any one or more of the following business purposes :

• To provide you with information, products or services that you request from us;
• To provide you with email alerts, event registrations and other statements concerning our products or services;
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections;
• To detect and protect against security incidents, and malicious, deceptive, fraudulent or illegal activity, and prosecute the same;
• To debug to identify and repair errors in our systems;
• As otherwise necessary or appropriate to protect the rights, property or safety of our business, our employees, our customers, consumers, or other natural persons;
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
• For such purposes as may be necessary or appropriate in connection with audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
• To improve and maintain the quality of our website, applications, products, services, and content;
• For testing, research, analysis and product development;
• For short-term, transient use, including but not limited to, contextual customization of advertisements;
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of BBVA ’s assets, including, but not limited to, as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Information of consumers held by BBVA among the assets transferred; and / or
• As otherwise described to you when collecting your Personal Information or as otherwise set forth in the CCPA / CPRA.

Sharing Personal Information

With respect to each of the categories of Personal Information listed immediately below, we may disclose such Personal Information to a third party for a business purpose.

When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for each of the business purposes identified above :

Category A : Identifiers

Category B : California Customer Records Personal Information categories

Category C : Protected classification characteristics under California or federal law

Category D : Commercial information

Category E : Biometric Information

Category F : Internet or other similar network activity

Category G : Geolocation Data

Category H : Sensory Data

Category I : Professional or employment-related information

Category J : Education information

Category K : Inferences drawn from other Personal Information

With respect to each of the categories of Personal Information listed immediately above, we may disclose such Personal Information for a business purpose to the following categories of third parties :

• Our affiliates and subsidiaries
• Service providers
• Federal, state, or regulatory agencies or organizations with oversight over BBVA
• Such third parties as you may authorize us, directly or indirectly, to disclose your personal information

In the preceding twelve (12) months, we have not sold (as that term is defined by the CCPA / CPRA) any Personal Information that we have collected.

Your Rights and Choices

The CCPA / CPRA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA / CPRA rights and explains how to exercise those rights.

Rights to Know and Access to Specific Information and Your Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months.

Once we receive and verify your consumer request, we will disclose to you :

• The categories of Personal Information we have collected about you.
• The categories of sources for the Personal Information we have collected about you.
• Our business or commercial purpose for collecting such Personal Information.
• The categories of third parties with whom we share such Personal Information.
• The specific pieces of Personal Information we collected about you (pursuant to a data portability request).
• If applicable, whether we sold or disclosed your Personal Information for an identified business purpose, along with two separate lists disclosing : the categories of Personal Information about you that we have sold within the meaning of the CCPA / CPRA and the categories of third parties to whom the Personal Information was sold;

and the categories of Personal Information about you that we disclosed for a business purpose.

Right to Limit

You have the right to request that we limit the use and disclosure of any of your sensitive Personal Information, pursuant to Civil Code section subdivision(a), which we have collected from you and retained, subject to certain exceptions.

Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies, due to regulatory or operational requirements (, in accordance with the provision of services to you).

Right to Correct

You have the right to request that we correct any inaccurate Personal Information that we maintain about you as set forth in Civil Code section

Deletion Request Rights

You have the right to request that we delete any of your Personal Information that we have collected from you and retained, subject to certain exceptions.

Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies, due to regulatory or operational requirements (, in accordance with the provision of services to you or applicable law).

Rights to Opt Out of the Sale / Sharing of Personal Information

You have the right to request that we do not sell any of your Personal Information. As noted above, we do not sell Personal Information of California residents.

You have the right to request that we limit or do not share any of your Personal Information. Please note, we only use or share Personal Information of California residents for the purposes identified in CPRA 7027(m) ( Permissible Purposes ) and only as necessary and proportionate for such Permissible Purposes.

Right to No Retaliation following the Exercise of Your Rights

We cannot deny goods or services, charge you different prices or rates, including through granting discounts or other benefits, or imposing penalties, or provide a different level or quality of goods or services because you exercised your rights under the CCPA / CPRA;

however, if you refuse to provide your personal information to us or ask us to delete your personal information, and that personal information is necessary for us to provide you with goods or services, we may not be able to complete the applicable transaction(s).

Pursuant to the CCPA / CPRA, from time to time, we may offer you promotions, discounts and other deals in exchange for collecting or keeping your personal information.

You may ask us to delete or stop selling your personal information, but you may not be able to continue participating in the special deals we offer in exchange for personal information.

If you are unsure of how your request may affect your participation in a special offer, please ask your Relationship Manager.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a request to us by :

Sending an email to

The verifiable consumer request must :

• Provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
• Describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to it.

Only you or a person who you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information.

Under California law, you may designate an authorized agent to make a request on your behalf. Your agent may be subject to the same verification procedures that we use to verify consumers who do not currently have a relationship with us.

Additionally, we may require you to verify your own identity in response to a request, even if you have chosen to use an agent, and ask that you directly confirm to us that you have provided the authorized agent permission to make a request on your behalf.

The foregoing shall not apply if you have provided your authorized agent with a power of attorney pursuant to Probate Code sections 4121 to 4130 and either you or your agent are able to provide us with a copy of such document.

Only you or a person who you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information.

Under California law, you may designate an authorized agent to make a request on your behalf. Your agent may be subject to the same verification procedures that we use to verify consumers who do not currently have a relationship with us.

Additionally, we may require you to verify your own identity in response to a request, even if you have chosen to use an agent, and ask that you directly confirm to us that you have provided the authorized agent permission to make a request on your behalf.

The foregoing shall not apply if you have provided your authorized agent with a power of attorney pursuant to Probate Code sections 4121 to 4130 and either you or your agent are able to provide us with a copy of such document.

The verifiable consumer request must :

Verifying Your Request

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify your identity or authority to make the request.

We may otherwise limit our response to your request as permitted under applicable law.

Whenever feasible, we will match the identifying information provided by you to the Personal Information we maintain, or use a third-party identity verification service that complies with the CCPA / CPRA.

However, if we cannot verify your identity from the Personal Information that we maintain, we may request additional information from you, including, inter alia, that you submit a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of your request.

Any additional information so submitted shall only be used for the purposes of verifying your identity.

If we have a good faith, reasonable, and documented belief that a consumer request made by you or on your behalf by an agent is fraudulent or abusive, we may deny the request.

In such an event, we will inform you of the denial and provide an explanation.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 calendar days of its receipt. If we require more time (up to 90 calendar days), we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

As such, if we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If we deny your request in whole or in part, we shall explain the basis for denial, including any conflict with federal or state law, exception to the CCPA / CPRA, inadequacy in the required documentation, or contention that compliance proves impossible or involves a disproportionate effort with sufficient details to provide you with a meaningful understanding.

Changes to Our Notice at Collection and Privacy Policy

We reserve the right to amend this privacy statement at our discretion and at any time in accordance with applicable law.

When we make changes to this privacy statement, we will notify you through a statement on our website homepage.

If you use assistive technology and the format of this privacy statement interferes with your ability to access information, please contact us at .

To enable us to respond in a manner most helpful to you, please indicate the preferred format in which to receive the material and your contact information.

Contact Information

If you have any questions or comments about this statement, the ways in which we collect and use your Personal Information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at :

Website : .

Email : Area :

Area :

CORPORATE & INVESTMENT BANKING

Deadline for applying :

8 / 5 / 2024

Company : Grade :

Grade : Grade range :

Grade range : Incentive Eligible :

Incentive Eligible :

What does the job entail?

STEM talent at BBVA : What we offer you?

• You will be part of a team of more than Technology and Data experts, in 25 countries, whose aim is to take the bank further thanks to technology.
• You will participate in one of the close to 1,800 cutting-edge technology projects that we implement annually with a positive impact on 85 million people.
• You will work with a wide range of technologies, from the most experienced to the most disruptive : 46 different programming languages, 201 development platforms, etc.
• You will collaborate with our main tech partners - Microsoft, Google, AWS, Salesforce, IBM, RedHat, Telefonica, Cisco, Genesys, etc.
• You will carry out innovative projects in areas such as Development, Architecture, Security, Infrastructure and Data. .
• You will learn by working in your project, you will work with referents and you will have access to the entire BBVA training offer and to the Ninja project, a gamified training platform with a community of more than 11,000 participants with more than 2,000 talks, 1,300 workshops and 48 hackathons held.

Internal Audit Manager - Technology Risk

About the area :

Internal Audit is a global area of over 700 people with a multidisciplinary, dynamic and flexible team of professionals whose knowledge and expertise covers all the organization’s areas and activities in multiple countries.

As the third line of defense, Internal Audit’s (IA) mission is to independently assess the firm’s overall control environment, including the firm’s governance processes, controls, and risk management framework.

Additionally, the purpose of Internal Audit is to help the BBVA Group accomplish its objective by providing a systematic and disciplined approach to assess and improve the effectiveness of its risk management, control and governance process.

About the role :

Based in New York, NY you will be responsible for executing and managing the internal audit activity for BBVA US Technology Risk with direct reporting to senior management.

The candidate has to demonstrate strong experience and knowledge of Technology and Cybersecurity Risk.

You will also be integrated into all types of projects and activities where you will learn multiple processes that support the activity of a large financial institution such as BBVA

What are we looking for?

We are seeking a highly skilled and experienced Technology Risk Internal Audit Manager to join our team.

The candidate will be responsible for evaluating and improving the effectiveness of risk management, control and governance processes within our CIB US operations.

Capacity for analytical and critical thinking and autonomous decision-making. Strong attention to detail and ability to work individually and as part of a team.

As IT Auditor Manager, you will be responsible for the planning, execution, and reporting of audits based on identified risks to provide assurance on the quality and effectiveness of internal control, IT risk management and governance processes.

If you like to be part of a dynamic and multidisciplinary team, in a collaborative environment, and you are passionate about challenges and curious to learn new things, we want to meet you.

We’re looking for an enthusiastic person, who has the following characteristics :

Responsibilities

• Conduct risk assessment, continuous monitoring and audit plans to ensure compliance with regulatory requirements and internal policies and procedures.
• Manage the planning, fieldwork, reporting and follow up phases of the internal audit activity to evaluate the internal control processes.
• Responsible for executing audit engagements regarding information systems, management procedures and Cybersecurity controls as they relate to effectiveness and compliance with bank policies, regulations and best standards.
• Evaluate the design and operating effectiveness of the internal control environment to ensure compliance with Technology and Cybersecurity policies and regulations.

Able to identify relevant risks and to properly document the audit process.

• Identify and communicate Audit findings to Management, including recommendations for corrective actions. Follow up on Audit findings to ensure timely and effective resolution.
• Stay current with regulatory changes and industry best practices to ensure audits are conducted in accordance with relevant standards and risks.

Research current laws, rules, and other regulatory requirements to ensure Internal Audit coverage.

• Develop partnerships with line of business by understanding their initiatives and key business processes and disseminate the information to internal audit management and the audit team.
• Collaborate with other internal audit team members to promote effective risk management practices. Additional responsibilities will include supporting other audit teams from time to time.
• Collaborates with a line of business and other auditors to achieve objectives and to develop partnerships.
• A sound technical knowledge and strong relationship and communication skills are necessary, in order to build productive relationships with our partners and help us become a value-added resource.

A results-oriented approach to your job and a focus on improving the quality of your work are key to success in this role.

Education / Experience / Requirements :

• Bachelor’s degree is required. Preferred areas of study are Computer Science, System Engineering, Management Information Systems, or other related fields.
• CISA certification is a must.
• A professional designation such as CISSP, CISM, CIA, etc. is preferred.
• Minimum of 8 years of experience in Internal or External Audit. It will also be considered technology risk analysis area (admission or risk monitoring) or in IT risk control area with capacity for the identification, measurement and analysis of IT risks
• Experience in business continuity / disaster recovery or infrastructure component auditing is preferred.
• Supervisory experience is preferred.
• A solid foundation in the technical aspects of auditing (knowledge of general accounting, business processes, internal controls and risk assessment).
• Communication skills are necessary to articulate insight gained from analysis, by expressing the work done both orally and in writing, in an accurate, clear and concise manner, assignments may require communicating findings to senior management.
• Strong collaboration and problem-solving skills.
• Occasionally available to travel.

With respect to this position in our New York Office, the expected base salary ranges from $150,000 -$190,000. It is not typical for offers to be made at or near the top of the range.

Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications obtained.

Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, successful candidates are eligible to receive a discretionary bonus.

Employment eligibility to work with BBVA in the is required as the company will not pursue visa sponsorship for these positions

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Additional Minimum and Preferred Qualifications

Benefits Statement

Benefits : A variety of health and welfare and other benefit programs are available, including medical, dental, vision, Wellness Program, Personal Savings Plan (401K), Health Savings Account, Flexible Spending Account, accident benefits, critical illness, hospital indemnity, life insurance, disability benefits, paid vacation & holidays, paid leave programs, tuition assistance programs, pet insurance and more.

Legal requirements

With respect to this position in our New York Office, the expected base salary ranges from $150, - 190, . It is not typical for offers to be made at or near the top of the range.

Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications obtained.

Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, successful candidates are eligible to receive a discretionary bonus.

Pay Transparency Policy Statement

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.

However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information (41 (c)).

Individuals with Disabilities

BBVA USA, BBVA Securities Inc., and BBVA New York Branch invite all interested and qualified applicants to apply for employment opportunities.

If you are a job seeker with a disability who is unable to use our online tools to search and apply for jobs, please contact us by emailing : or by calling toll-free (in the 1-844-664-9275.

Please indicate the specific type of assistance needed*.

The disability access telephone line and email address are reserved solely for job seekers with disabilities requesting accessibility assistance or an accommodation.

Please do not call about the status of your job application if you do not require accessibility assistance or an accommodation.

Messages left for other purposes, such as following up on an application or non-disability related or technical issues, will not receive a response.

EEO Statement

BBVA USA, BBVA Securities Inc., and BBVA New York Branch have a firm and unwavering policy to provide equal employment opportunity without regard to age, citizenship, color, disability, ethnic origin, gender, gender identity and expression, marital status, nationality, national origin, race, religion, sexual orientation, genetic predisposition, protected veteran status, or any other status or classification protected by federal, state or local law.

This policy includes all job groups, classifications and organizational units. With regard to employment, this policy extends to applicants and covers our recruiting, hiring, promotion, transfer, demotion, discipline, termination, benefits, compensation and training practices as well as social and recreational activities.

View the "" & "" poster. BBVA USA, BBVA Securities, Inc., and BBVA NY are equal opportunity and affirmative action employer.

Working at BBVA

BBVA is a global company with over 160 years of history present in 25 countries with over 81 million customers. We are more than 110,000 professionals working in multidisciplinary and diverse teams.

At BBVA, we are ahead of the transformation that is taking place in the banking sector, challenging the status quo, to make life easier to our customers.

Being part of BBVA means developing your career in one of the most innovative companies in finance.

Responsible banking

We're committed to responsible banking to help drive a more inclusive and sustainable society. The future of banking lies in financing the future.

We started out with the spirit of helping others make the best financial decisions. That spirit remains with us today and encourages us to keep moving forward, prioritizing innovation and digital transformation so that we can put the opportunities of this new era within everyone's reach.

Diversity

At BBVA we believe having a diverse team makes us a better bank.

For this reason, we actively support diversity, inclusion and equal opportunities regardless race, sex, age, religion, sexual orientation, gender identity or expression.

We cultivate a collaborative and inclusive work environment that allows every employee to do their best work.

Our values

Our values define our identity; they are what drives us to make our goals a reality and they guide all of our actions and the decisions we make.

Customer comes first

We think big

We are one team