Privacy Officer

Position Summary

The Privacy Officer is responsible for overseeing and managing the Banks enterprise privacy program ensuring compliance with applicable federal and state privacy laws and regulations and embedding privacy-by-design principles across the organization. This role partners closely with Legal Compliance IT Information Security Risk and business stakeholders and serves as the primary internal subject-matter expert on data privacy matters. The position reports to the Deputy General Counsel and does not require a law degree.

Key Responsibilities

Privacy Program Management

• Define and manage the Banks enterprise privacy program including policies standards procedures and controls frameworks.
• Create and manage through the Privacy Program maturity and adoption Roadmap.
• Monitor and assess compliance with applicable privacy and data protection laws and regulations (e.g. GLBA state privacy laws breach notification laws).
• Conduct periodic control validation exercises.
• Primary liaison for regulatory examinations internal audits and management reporting related to privacy matters.

Advisory & Business Support

• Serve as a subject matter expert to business units on privacy requirements related to products services marketing initiatives and vendor engagements.
• Define standards and guidelines on data collection use sharing retention and disposal practices.
• Collaborate with Legal on privacy-related contract provisions vendor due diligence and third-party risk management.

Incident Response & Issue Management

• Coordinate privacy-related incident response including investigation documentation escalation and post-incident remediation in partnership with Legal Information Security and Compliance.
• Assist with breach notification analysis and execution under applicable laws and regulatory expectations.

Training & Awareness

• Develop and deliver privacy training and awareness programs for employees and relevant third parties.
• Promote a culture of privacy awareness and accountability across the organization.

Governance & Reporting

• Prepare privacy-related reporting and metrics for senior management risk committees and the board as appropriate.
• Track regulatory developments and emerging privacy risks; recommend program enhancements accordingly.

Qualifications

• 5-10 years of experience in privacy data protection compliance risk management or a related field preferably within financial services or a regulated environment.
• Strong working knowledge of U.S. privacy laws applicable to financial institutions (e.g. GLBA state privacy and breach laws).
• Experience developing or managing privacy policies procedures and controls.
• Ability to work cross-functionally and communicate complex privacy concepts to non-technical stakeholders.
• Strong organizational skills with the ability to manage multiple priorities.

Preferred

• Experience supporting regulatory examinations or audits.
• Familiarity with information security concepts and data governance frameworks.
• Professional certifications such as CIPP/US CIPM or similar (or willingness to obtain).

Other Information

• This role does not require a law degree.
• The Privacy Officer works closely with Legal but is not expected to provide legal advice.

Our job titles may span more than one career level. The starting base salary for this role is between $130000 $150000. The actual base pay is dependent upon many factors such as: training transferrable skills work experience business needs and market demands. The base pay range is subject to change and may be modified in the future.