VP, Compliance - Privacy and Data Protection - Req. 1901499
Under limited direction, with a high level of autonomy, uses extensive knowledge and skills in financial services and risk analysis obtained through education and experience to lead the firm’s global privacy program. The Privacy Officer for the U.S. program oversees all ongoing activities related to the development, implementation, maintenance of, and adherence to the firm’s policies and procedures covering the privacy of, and access to, sensitive information in compliance with federal and state laws. Responsibilities will focus on identifying and reporting on key operational risks to executive leadership. Leads large projects, programs or processes with significant business impact involving cross-functional teams. Influences strategic direction and develops tactical plans and completes complex assignments with substantial latitude for un-reviewed actions or decisions. Extensive contact with senior management and the Board of Directors.
Essential Duties and Responsibilities:
• Provide direction, counsel, and strategy for the U.S. Privacy program, including implementation of a robust governance program that includes company policies and processes covering sensitive information in accordance with global, federal, state and local laws.
• Work with senior management to run the firm-wide Data Privacy & Protection Committee. Serve in a leadership role for the Privacy Oversight Committee’s activities.
• Initiate, facilitate and promote activities to foster privacy awareness within the organization and related entities. Manage the global training and awareness program, including ongoing live and computer-based training and awareness efforts.
• Perform initial and periodic privacy risk assessments and conduct related ongoing compliance monitoring activities in coordination with the firm’s other compliance and operational assessment functions.
• Implement processes that monitor and measure the effectiveness of the Global Privacy program in order to identify successes as well potential areas of privacy vulnerability, risks and areas for further improvement. Responsible for developing mitigation plans for prioritized exposures.
• Identify key risk metrics relative to each significant risk, including limits and other key measures defining risk appetite.
• Work with legal counsel, management, key departments, and committees to ensure the firm has and maintains appropriate privacy / confidentiality consent, authorization forms, privacy notices, etc.
• Report at least annually to Senior Leadership and the Audit / Risk Committee of the Board on the state of the Global Privacy program as well as reporting to other senior business and regional leadership on privacy initiatives.
• Coordinate the privacy program with the IT security organization and related governance to confirm that all policies and processes are integrated across businesses and regions and all privacy and security issues are sufficiently addressed.
• Update and test data breach response plans.
• Participate in the incident response process for privacy related events, including investigation and remediation.
• Maintain current knowledge of applicable federal and state privacy laws.
• Develop external contacts and participate in professional organizations that will provide benchmarks for the global privacy program and enhance the understanding of the external environment in order to anticipate new trends and developments in the privacy field.
• Manage team of Risk Analysts in support of the privacy risk management process.
• Perform human resource management activities, including identifying performance problems and seeking guidance for remedial action; reviewing performance and participating in interviewing and selecting staff.
• Develop and maintain an environment where staff can find motivation in their work through effective communication and incentives.
• Coach and mentor subordinates, identify training needs and recommend appropriate development programs.
• Perform other duties and responsibilities as assigned.
Knowledge, Skills, and Abilities:
• Risk infrastructure.
• Privacy risk management.
• Relevant risk based regulatory schemes.
• FINRA, SEC, FRB and other regulations relevant to management of privacy.
• Establishing strong interpersonal relationships.
• Exercises independent judgment; willing to challenge and be challenged.
• Able to understand business processes and apply privacy laws to provide timely and practical privacy compliance advice.
• Proactive, organized and efficient – able to handle multiple tasks at once.
• Goal-oriented and results driven.
• Willing to work both independently and as part of a team.
• Strong Communicator.
• Preparing oral and/or written reports.
• Making rule-based and analytical decisions.
• Project management skills and with experience to successfully complete long and short term projects.
• Analytical thinking with demonstrated experience identifying and quantifying complex problems and providing effective resolutions.
• Author policies, procedures, and prepare reports for the Executive Committee, Board of Directors, and regulatory agencies as required.
• Read, analyze, and interpret complex documents.
• Respond effectively to the most sensitive inquiries or complaints.
• Deliver persuasive speeches and presentations on controversial or complex topics to top management, public groups, and/or Board of Directors.
• Understand the core technology strategies and risks.
• Define problems, collect data, establish facts, and draw valid conclusions.
• Communicate effectively, both orally and in writing, with internal and external clients at all levels.
• Perform human resource management activities.
• Plan, assign, monitor, review, evaluate and lead the work of others.
• Coach and mentor others.
Educational/Previous Experience Requirements:
• Bachelor’s Degree (B.A./B.S.) in a related discipline required with a Master’s degree preferred. Minimum of twelve (12) years of Compliance, Legal, Banking and/or regulatory experience in the financial services industry.
• Minimum ten (10) years management experience within the financial services industry.
• An equivalent combination of education, experience and/or training as approved by Human Resources.
• Appropriate series license(s) for assigned functional area preferred or the ability to obtain within an established timeframe.
• Additional licenses/certifications demonstrating the candidate’s knowledge/expertise in industry regulation and concepts preferred.