The Enterprise Area of Coverage (EAC) Compliance & Operational Risk (C&OR) Manager is a subject matter expert on specific processes, controls, laws, rules and/or regulations that have enterprise-wide applicability, affecting two or more Front Line Units (“FLU”) or Control Functions (“CF”). This role is responsible for the execution of the Compliance and Operational Risk Programs (“CORM Program”), the Global Compliance Enterprise Policy (“GC Policy”) and the Operational Risk Management – Enterprise Policy (“ORM Policy”) for these enterprise). The EAC C&OR manager identifies, escalates and mitigates risks in a timely manner in alignment with the CRM and ORM Programs and the GC and ORM Policies. The role engages with FLU/CF leaders globally through the FLU/CF compliance and operational risk officer (C&OR) teams to independently advise those leaders on effectively managing the risks related to their area of coverage. By executing the CORM and Policies, the EAC C&OR Manager identifies themes and trends, conducts analysis for new and emerging risks and recommends approaches to mitigate these risks.
Reporting to the Global Chief Privacy Officer, this is a key risk management role with responsibility for the execution of the Enterprise Privacy Compliance and Operational Risk Program and promoting a privacy and data-protection mindset across the Company. As a senior member of the Enterprise Privacy Compliance and Operational Risk team, this person will be a critical advisor to business leaders throughout the enterprise on key initiatives and emerging risks, and will be relied upon as an executive presence and lead privacy subject matter expert in a variety of enterprise forums and strategic business initiatives. This position requires a wide breadth of privacy knowledge and responsibilities include:
• Create and manage a global coverage plan which defines the scope and focus of the second line’s risk management activities.
• Helps establish, monitor and report on enterprise risk tolerance metric(s) that are translated and connected to relevant business metrics (Key Risk Indicators).
• Monitor regulatory environment and participate in industry forums to identify areas of focus and conduct benchmarking.
• Create and maintain a regulatory inventory, communicate regulatory changes to and engage the FLU/CF in assessing impacts of regulatory changes for enterprise area of coverage.
• Develop and maintain relevant policies or review relevant FLU / CF policies to ensure they reflect regulatory and operational risk requirements.
• Advise and direct business leaders through the FLU/CF C&OR officers to ensure that regulatory requirements are addressed in their respective procedures and controls so that their daily activities operate in a compliant manner.
• Conduct and contribute to annual and targeted risk assessments.
• Review and analyze aggregate results of FLU/CFs’ Risk and Control Self-Assessments (RCSA) for EAC-specific themes and trends.
• Create and manage monitoring and testing coverage plans and related metrics.
• Monitor and test the effectiveness of the FLU and CF’s processes and compliance and operational risk controls.
• Identify, aggregate, report and escalate risks, issues and control enhancements and ensure the C&OR officers for the FLU/CF are aware of issues.
• Review and analyze internal and external losses related to their area of coverage for enterprise-wide themes; escalate concerns or loss exposures as appropriate.
• Lead or contribute to Scenario Analysis activities to provide a forward-looking estimate of hypothetical operational losses.
• Execute governance and management routines.
• Identify regulatory training needs, provide subject matter expertise to support development of training curriculum, and inspect FLU/CF.
• Advise Risk peers and business leaders in preparations for and participation in regulatory exams and audits. Prepare and participate in EAC-specific exams and audits.
• Inspect that gap closure plans and commitments made regarding actions in response to Matters Requiring Attention (“MRAs”) and other actions are completed.
• Escalate regulatory relations concerns to EAC C&OR Executive.
• Ensure Compliance and Operational Risk “owned” issues (i.e., Internal Audit, Regulator and Self-Identified issues) are addressed appropriately and timely.
• Support the Chief Privacy Officer in the strategic enhancement of the Global Privacy Framework and the development, execution and oversight of global Privacy compliance, data and technology strategies.
• Interface with Senior Management to provide Privacy subject matter expertise in the development of strategic plans for the collection, use and sharing of information in a manner that maximizes its value while complying with applicable privacy regulations.
• Lead in the development and implementation of proactive, strategic privacy monitoring and testing coverage plans, privacy risk assessments, and business process assessments.
• Keep abreast of Privacy related regulatory changes, new regulations and internal policy changes in order to further identify new key risk areas and technical solutions to enable business.
• Support management reporting on Privacy risk and compliance issues and trends for senior management meetings and other governance meetings.
• Apply risk, process management, and analytical skills to drive actions in support of privacy risk objectives.
• Provide effective challenge and guidance on privacy risks and support business lines through various interactions on complex projects and forum engagements.
• Advise business lines on application of privacy requirements, development of controls and monitoring, remediation/corrective action of compliance breakdowns, and changes in law or regulation.
• Contribute to the development, review and maintenance of privacy policies and standards, including the customer and employee Privacy Notices.
• Supports strategic and tactical Privacy program special projects and presentations.
The EAC Compliance & Operational Risk Manager plans, drives and reviews team deliverables to support consistent quality of activities, processes and outputs. This role may contribute as a manager responsible for providing leadership direction to attract, assess, develop, motivate and retain a team, or may act as an individual contributor.
• Degree Required: Bachelor’s Degree or equivalent experience
• 5+ years of relevant and progressive Privacy experience working with Privacy and Data Protection laws, rules and regulations
• Certified Information Privacy Professional (CIPP) certification is highly desired
• Relevant work experience in regulatory/compliance
• A proven track record of supporting and working across business lines and functions and with a senior management team
• Solid teamwork skills; ability to build and leverage the capabilities of a high-performing team
• Ability to work independently in coordination with global team members located in significantly different time zones
• Proven analytical, planning, problem solving, and decision-making skills; ability to quickly execute on strategic decisions to drive organizational results.
• Demonstrated strong communication (written and verbal) skills. Ability to translate technical content into business understandable terms; successful presentation skills and ability to influence and constructively challenge at all levels of management.
• Superior partnering skills with the ability to interact and quickly gain credibility and build collaborative working relationships to produce results. Ability to work cross-functionally and manage partnerships across organizations.
Shift:1st shift (United States of America)
Hours Per Week:40
Learn more about this role