Privacy Officer

About The Position

Requirements

• 5-10 years of experience in privacy, data protection, compliance, risk management, or a related field, preferably within financial services or a regulated environment.
• Strong working knowledge of U.S. privacy laws applicable to financial institutions (e.g., GLBA, state privacy and breach laws).
• Experience developing or managing privacy policies, procedures, and controls.
• Ability to work cross-functionally and communicate complex privacy concepts to non-technical stakeholders.
• Strong organizational skills with the ability to manage multiple priorities.

Nice To Haves

• Experience supporting regulatory examinations or audits.
• Familiarity with information security concepts and data governance frameworks.
• Professional certifications such as CIPP/US, CIPM, or similar (or willingness to obtain).

Responsibilities

• Define and manage the Bank’s enterprise privacy program, including policies, standards, procedures, and controls frameworks.
• Create and manage through the Privacy Program maturity and adoption Roadmap.
• Monitor and assess compliance with applicable privacy and data protection laws and regulations (e.g., GLBA, state privacy laws, breach notification laws).
• Conduct periodic control validation exercises.
• Primary liaison for regulatory examinations, internal audits, and management reporting related to privacy matters.
• Serve as a subject matter expert to business units on privacy requirements related to products, services, marketing initiatives, and vendor engagements.
• Define standards and guidelines on data collection, use, sharing, retention, and disposal practices.
• Collaborate with Legal on privacy-related contract provisions, vendor due diligence, and third-party risk management.
• Coordinate privacy-related incident response, including investigation, documentation, escalation, and post-incident remediation, in partnership with Legal, Information Security, and Compliance.
• Assist with breach notification analysis and execution under applicable laws and regulatory expectations.
• Develop and deliver privacy training and awareness programs for employees and relevant third parties.
• Promote a culture of privacy awareness and accountability across the organization.
• Prepare privacy-related reporting and metrics for senior management, risk committees, and the board, as appropriate.
• Track regulatory developments and emerging privacy risks; recommend program enhancements accordingly.