Position Summary
The Privacy Officer is responsible for overseeing and managing the Bank’s enterprise privacy program, ensuring compliance with applicable federal and state privacy laws and regulations, and embedding privacy-by-design principles across the organization. This role partners closely with Legal, Compliance, IT, Information Security, Risk, and business stakeholders and serves as the primary internal subject-matter expert on data privacy matters. The position reports to the Deputy General Counsel and does not require a law degree.
Key Responsibilities
Privacy Program Management
- Define and manage the Bank’s enterprise privacy program, including policies, standards, procedures, and controls frameworks.
- Create and manage through the Privacy Program maturity and adoption Roadmap.
- Monitor and assess compliance with applicable privacy and data protection laws and regulations (e.g., GLBA, state privacy laws, breach notification laws).
- Conduct periodic control validation exercises.
- Primary liaison for regulatory examinations, internal audits, and management reporting related to privacy matters.
Advisory & Business Support
- Serve as a subject matter expert to business units on privacy requirements related to products, services, marketing initiatives, and vendor engagements.
- Define standards and guidelines on data collection, use, sharing, retention, and disposal practices.
- Collaborate with Legal on privacy-related contract provisions, vendor due diligence, and third-party risk management.
Incident Response & Issue Management
- Coordinate privacy-related incident response, including investigation, documentation, escalation, and post-incident remediation, in partnership with Legal, Information Security, and Compliance.
- Assist with breach notification analysis and execution under applicable laws and regulatory expectations.
Training & Awareness
- Develop and deliver privacy training and awareness programs for employees and relevant third parties.
- Promote a culture of privacy awareness and accountability across the organization.
Governance & Reporting
- Prepare privacy-related reporting and metrics for senior management, risk committees, and the board, as appropriate.
- Track regulatory developments and emerging privacy risks; recommend program enhancements accordingly.
Qualifications
- 5-10 years of experience in privacy, data protection, compliance, risk management, or a related field, preferably within financial services or a regulated environment.
- Strong working knowledge of U.S. privacy laws applicable to financial institutions (e.g., GLBA, state privacy and breach laws).
- Experience developing or managing privacy policies, procedures, and controls.
- Ability to work cross-functionally and communicate complex privacy concepts to non-technical stakeholders.
- Strong organizational skills with the ability to manage multiple priorities.
Preferred
- Experience supporting regulatory examinations or audits.
- Familiarity with information security concepts and data governance frameworks.
- Professional certifications such as CIPP/US, CIPM, or similar (or willingness to obtain).
Other Information
- This role does not require a law degree.
- The Privacy Officer works closely with Legal but is not expected to provide legal advice.
