San Francisco, CA, USA
about 1 year ago
The Privacy Manager is responsible for developing, maintaining and managing a Privacy Compliance Program that is aligned with regulatory expectations and commensurate with the compliance risk profile of the Company.
This Manager will report directly to the Head of Compliance and interfaces with all levels of management and personnel, serving as a key contact for front office and support functions throughout the organization.
Develop, maintain, and manage a Privacy Compliance Program, which includes without limitation:
- Development, implementation, and maintenance of policies, processes and procedures related to Company privacy practices, including its privacy notice and statement, information sharing standards, privacy breach incidents, cybersecurity, and privacy safeguards in coordination with information security and legal counsel
- Consideration and assessment of privacy compliance risk as part of the overall Compliance and Information Security Risk Assessments and risk based compliance monitoring and testing programs;
- Providing sound and effective privacy compliance advice and training relative to strategic initiatives, regulatory changes, policy and procedure reviews, process changes, new or changing products or services, and other initiatives;
- Work with business areas and affiliates on developing information sharing protocols and governance around information sharing.
- Establish mechanisms to track access to client information and privacy breach incidents and perform analysis to identify necessary
- As a key stakeholder act as Lead for the Incident Response Team to ensure privacy compliance requirements are considered and addressed
- Manage regulatory compliance with privacy laws and regulations and oversee the Company's Red Flags Identity Theft and Privacy Programs.
- Perform periodic risk assessments and ongoing compliance monitoring activities
- Measure privacy risks through KPIs/KRIs.
- Review vendors that pose privacy risks to the organization and establish controls and monitoring to mitigate risks.
- Ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials which are reflecting the current organization and legal requirement
- Review enterprise privacy training, privacy-related complaints, privacy and information sharing policies and procedures.
- Bachelor's Degree
- 4+ years financial services privacy compliance experience; CIPP/US or CIPM certification preferred
- Former government service in Privacy highly desirable
- Ability to interpret and analyze federal and state privacy regulations and laws and assess compliance risk and controls
- Prior compliance privacy officer experience preferred
- Experience within a financial institution or technology company preferred, both would be ideal
- Expert knowledge of GLBA, Right to Financial Privacy, California Privacy rules and Civil Code Data Breach notification, (CCPA familiarity a plus) FCRA Identity Theft Red Flags, and other privacy and information security related laws; knowledge of GDPR preferred
If this opportunity interests you, please get in touch!