SMD, TIAA Chief Privacy & Records Officer

About The Position

Requirements

• 10+ Years Required, 15+ Years preferred Work Experience
• 15+ years of progressive experience in privacy, data governance, records management, or a closely related legal or compliance field, with at least five years in a senior leadership role.
• Exceptional knowledge of domestic and international privacy law.
• Strong executive communication and influencing skills.
• Ability to lead through complexity and ambiguity in a highly regulated industry.
• The ability to engage credibly with senior regulators, institutional clients, and Board-level audiences is essential.
• Strong interpersonal skills and the ability to interact effectively with people at all levels of the organization.
• Ability to think critically and strategically, finding creative and practical solutions to achieve objectives while managing complex risks.
• Excellent oral and written communication skills, including the ability to deliver effective presentations.
• Ability to adapt to and support change in dynamic risk environments.
• Demonstrated ability to work collaboratively with cross-functional groups and provide tactical support to senior management.
• A highly collaborative team player who can effectively manage and influence relationships that are widely dispersed both functionally and geographically.

Nice To Haves

• A Juris Doctor or advanced degree in a relevant discipline is strongly preferred.
• Professional certifications in privacy are highly desirable, including CIPP/US, CIPP/E, CIPM, or CIPT from the International Association of Privacy Professionals (IAPP).
• Experience in financial services, law firms or the large consultancy / accounting firms is a significant advantage.
• Demonstrated track record of building and maturing enterprise-level programs with measurable outcomes.

Responsibilities

• Establishes and champions the enterprise privacy strategy, aligning it with organizational objectives, regulatory requirements, and evolving industry standards.
• Maintains deep and current expertise in applicable domestic and international privacy laws and frameworks, including but not limited to GDPR, CCPA/CPRA, GLBA, HIPAA, and emerging state-level privacy regulations.
• Proactively monitors the regulatory landscape, assesses organizational impact, and leads the enterprise response to new or changing requirements in a timely and effective manner.
• Builds and sustains a mature, risk-based privacy program encompassing Privacy Risk Assessment and Management, Compliance Monitoring and Testing, Data Inventory and Mapping, consent management, and Controls Framework development.
• Owns the enterprise framework for privacy-related vendor oversight, ensuring that third-party relationships involving personal data are subject to appropriate due diligence, contractual protections, and ongoing monitoring.
• Partners closely with L&P, Cybersecurity, Technology, Human Resources, Marketing, and Business Units to embed privacy principles into product development, vendor relationships, customer-facing operations, and enterprise transformation initiatives.
• Serves as a trusted advisor to senior leadership and the Board of Directors on all privacy-related matters, providing clear, actionable guidance that balances regulatory obligation with business enablement.
• Works closely with other Corporate teams and Business Units on operational aspects of the organization's response to privacy incidents and data breaches, coordinating with teams to ensure timely and effective containment, remediation, and regulatory engagement.
• Drives enterprise-wide privacy literacy by developing and delivering training programs, communications, and resources that build a culture of privacy awareness and accountability at all levels of the organization.
• Leads risk assessment processes for new technology investments, vendor relationships, and third-party/fourth-party technology dependencies, ensuring due diligence and ongoing oversight of critical technology suppliers and third-party providers.
• Works closely with the relevant team for regulatory engagement on privacy matters, supporting examinations, inquiries, and ongoing dialogue with relevant regulatory authorities.
• Defines and oversees the enterprise records management strategy, advancing the program beyond its current focus on physical records toward a more comprehensive and integrated records governance framework.
• Develops, maintains, and enforces enterprise-wide records retention schedules, records management policies, and records lifecycle standards, ensuring these frameworks remain current with evolving legal and regulatory requirements across all relevant jurisdictions, including SEC, FINRA, and ERISA mandates.
• Supports the administration of the enterprise legal hold process in coordination with L&P.
• Ensures that records management practices and systems are structured to facilitate timely identification, preservation, and production of records in response to litigation, regulatory investigations, and e-discovery requests.

Benefits

• A comprehensive Total Rewards package designed to make a positive difference in the lives of our associates and their loved ones.
• Superior retirement program.
• Highly competitive health, wellness and work life offerings that can help you achieve and maintain your best possible physical, emotional and financial well-being.