Data Privacy Director

About The Position

Requirements

• Bachelor’s degree and/or equivalent experience
• Minimum 10 years in data protection, legal, compliance, risk, or a related function within a regulated environment; financial services experience strongly preferred.
• Industry certification (e.g., CIPM, CIPP EU/A/C/US, CISSP, etc.)

Nice To Haves

• Relevant experience to include security/IT audit, information security, risk management, etc. (E.g., CISM, CISSP, CISA (as applicable))
• Experience with data governance, AI governance, or technology risk management strongly preferred.
• Ability to drive alignment cross-functionally by establishing credibility and influencing peers and leaders at all levels to enable decisions and drive execution, balancing operational realities. 
• Support a strong culture of accountability and collaboration across privacy, legal, compliance, technology, business teams, risk and lines of defense. 
• Ability to operate independently with attention to detail to manage multiple priorities and drive decisions in a fast-paced organization.
• Ability to demonstrate a balanced risk-based mindset that protects the firm and enables the business.
• Experience providing privacy risk and governance guidance across cloud technologies, data platforms, AI‑enabled solutions, and marketing technologies.
• Familiarity with data flows, system architecture concepts, and privacy controls (minimization, encryption, access controls, logging, retention).

Responsibilities

• Maintain current understanding of applicable global privacy laws and regulatory requirements, including impacts of AI regulations.  Draft and/or maintain privacy policies, standards, procedures, or guidelines as needed and collaborate across the business to support compliance to the firm’s requirements (e.g., GDPR/UK GDPR, US state laws, APAC, etc.).  Provide oversight and escalation support for complex privacy matters and enterprise initiatives. 
• Increase awareness of and drive accountability for privacy program components operated by first line of defense, collaborating across both first and second lines as needed.
• Provide guidance on ePrivacy compliance to Marketing and advise on management of cookies, tracking technologies, consent management, and direct marketing requirements across relevant jurisdictions. 
• Assist with review of vendor agreements, Data Processing Agreements (DPAs), Standard Contractual Clauses (SCCs), or other supplementary measures or documentation escalated from Procurement and Legal to align contract positions to DTCC’s requirements.
• Champion Privacy by Design by embedding privacy requirements into the systems development process.  Lead and oversee DPIAs and other privacy risk assessments for initiatives involving new technologies, vendor solutions, new or enhancements to products or services, etc.
• Assist, lead, and oversee operational processes such as Record of Processing Activities, Data Subject Access Requests, etc. refining procedures, service levels, reporting, and controls as needed to ensure consistent execution and regulatory compliance.
• Lead data breach investigations, impacting data privacy and client confidentiality.  Address regulatory reporting obligations and perform trend analysis of reported matters.
• Support other daily program elements as needed such as training and awareness, review of DLP policies, management reporting, GRC activities, etc.

Benefits

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).