Information Handling & Protection Mgr

About The Position

Requirements

• Knowledge of Data Governance frameworks such as Basel BCBS 239, COBIT, and ISO 20022
• Bachelor’s degree in information security, Risk Management, or a related field
• Minimum of 7 years of experience in information security, data governance, data protection, and records retention
• Strong understanding of regulatory requirements and industry standards (e.g., GDPR, CCPA, ISO 27001)
• Excellent written and communications skills
• Excellent analytical and problem-solving skills
• Ability to work collaboratively with cross-functional teams
• Proven ability to manage and develop strong teams

Nice To Haves

• Professional certifications such as CISM, CISSP, or CRISC are preferred

Responsibilities

• Information/Data Governance: In collaboration with the Data Governance Office in the 1st Line of Defense (DG), establish and maintain an appropriate data governance framework based on an appropriate industry standard, such as Basel BCBS 239, COBIT, and ISO 20022 In collaboration with DG, develop and enforce data governance policies and standards In collaboration with DG, ensure data governance frameworks align with regulations such as the Sarbanes-Oxley Act (SOX) and the Dodd-Frank Act to mitigate legal risks In collaboration with DG, implement practices focusing on data quality, validation, and reconciliation to maintain the integrity of financial information Ensure compliance with regulatory requirements and industry best practices. Collaborate with DG and other business units, as appropriate, to establish data ownership and stewardship Monitor and report on data quality and integrity
• Information/Data Protection: Establish and maintain appropriate information handling and protection Policies, Standards, Guidelines, Procedures Implement and maintain data protection strategies and technologies Conduct risk assessments and identify vulnerabilities in data handling processes Develop and enforce data encryption, access controls, and other security measures Respond to data breaches and incidents, ensuring timely resolution and mitigation Establish robust security measures and comply with regulations such as GDPR and GLBA to protect sensitive data
• Records Retention: Establish and maintain Records retention policies, standards, guidelines, procedures, and schedules Ensure proper archiving and disposal of Records in compliance with legal and regulatory requirements Collaborate with legal and compliance teams to manage Records-related risks Conduct regular audits of records management practices

Benefits

• medical, dental, and vision insurance
• 401K
• continuing education opportunities
• employee assistance program
• Impact Network Groups led by team members who are passionate about driving engagement, creating awareness of diverse backgrounds and experiences, and building inclusion across the organization