Specific Job Description
Reporting to the Global Chief Privacy Officer, this position serves in a senior leadership role managing a team of privacy subject matter experts and risk specialists with responsibility for the creation, operationalization and execution of the Enterprise Privacy Compliance and Operational Risk Program and promoting a privacy and data-protection mindset across the Company. The position requires a wide breadth of privacy knowledge, problem solving and team building skills.
• Drive privacy compliance and operational risk strategy and priorities related to overseeing compliance with data privacy laws, rules and regulations and adherence to the company’s policies that ensure the privacy of customer and employee information.
• Collaborating across the Enterprise Privacy team, lead in the development and implementation of monitoring and testing coverage plans, privacy risk assessments, business process assessments, and privacy reviews for third parties handling personal information.
• Oversee the reporting, investigation and remediation of privacy incidents in a timely manner consistent with legal requirements.
• Create and execute reporting activities used by Senior Leadership, global regulators and data protection authorities.
• Provide leadership in developing and executing a reporting program that is risk-based and data driven using compliance metrics and other analytical data.
• Support and as necessary participate in evaluation of business line initiatives and processes from a privacy risk perspective.
• Closely follow emerging privacy trends, including the development of new privacy laws. Identify trends and report on identified current and emerging privacy risks.
• Contribute to the development, review and maintenance of privacy policies and standards, including the customer and employee Privacy Notices.
• Develops strong privacy and risk talent to ensure depth of subject matter expertise of applicable privacy laws, rules, regulations, and leading industry practices in the performance of the team’s responsibilities.
• Coach, mentor, and develop staff, including hiring and overseeing new employee onboarding and providing career development planning and opportunities.
• 7+ years of relevant and progressive Privacy experience working with Privacy and Data Protection laws, rules and regulations
• Certified Information Privacy Professional (CIPP) certification is highly desired
• Relevant work experience in regulatory/compliance
• Demonstrated ability to lead and develop staff
• Strong background of operational rigor and excellence
• A proven track record of supporting and working across business lines and functions and with a senior management team
• Proven analytical, planning, problem solving, and decision-making skills; ability to quickly execute on strategic decisions to drive organizational results.
• Collaborative, energetic, solution-oriented, and innovative leadership style.
• Demonstrated strong communication (written and verbal) skills. Ability to translate technical content into business understandable terms; successful presentation skills and ability to influence and constructively challenge at all levels of management.
• Superior matrix management and partnering skills with the ability to interact and quickly gain credibility and build collaborative working relationships to produce business results. Ability to work cross-functionally and manage partnerships across organizations.
General Job Description
The Enterprise Area of Coverage (EAC) Compliance and Operational Risk (C&OR) Executive leads a team of subject matter experts on specific processes, controls, laws, rules and/or regulations that have enterprise-wide applicability, affecting two or more Front Line Units (“FLU”) or Control Functions (“CF”). This role is responsible for the planning and execution of the Compliance and Operational Risk Programs (“CORM Program”), the Global Compliance Enterprise Policy (“GC Policy”) and the Operational Risk Management – Enterprise Policy (“ORM Policy”) for these enterprise areas of coverage (examples include Third Party, Privacy, Reg W). Using the results from the execution of these policies, this role is responsible for the second line’s point of view on the enterprise’s risk management practices for their area of coverage.
The EAC C&OR Executive provides strategic direction, planning and inspection of an EAC C&OR team or group of teams who are responsible for identifying, escalating and mitigating risks in a timely manner in alignment with the CRM and ORM Programs and the GC and ORM Policies. This role ensures there is consistent, proactive engagement with the FLU/CF leaders globally, working with and through the FLU/CF compliance and operational risk (C&OR) officer teams to independently advise those leaders on effectively managing the operational and compliance risks related to their area of coverage. Additionally, as an expert in a specific area of coverage, the EAC C&OR Executive conducts external benchmarking, participates in industry forums and innovates on emerging trends or topics related to their area of coverage.
The EAC C&OR Executive exercises judgment, influences and constructively challenges the FLU and CF leaders with and through the C&OR officers, providing timely advice regarding regulatory requirements and expectations, and the implementation of controls to effectively mitigate Compliance and Operational Risk. Where there are centrally managed governance functions in place, the EAC Compliance and Operational Risk Executive has relationship management responsibilities, including additional reporting and communication to/with those leaders about the status of Compliance and Operational Risk management for that particular EAC. The EAC C&OR Executive is responsible for identifying and recommending standard process, control and risk definitions for like-processes related to the EAC and influences adoption enterprise-wide.
The EAC C&OR Executive is accountable for the requirements in the GC and ORM Policies, working with FLU/CF C&OR officers to complete those requirements for their areas of coverage including but not limited to the following activities:
• Create and own a global coverage plan which defines the scope and focus of the second line’s risk management activities.
• Set, monitor and report on enterprise risk tolerance metric(s) that are translated and connected to relevant business metrics (Key Risk Indicators).
• Monitor regulatory environment in EAC and participate in industry forums to identify areas of focus and conduct benchmarking.
• Create and maintain a regulatory inventory, communicate regulatory changes to and engage the FLU/CF in assessing impacts of regulatory changes.
• Develop and maintain relevant compliance and operational risk policies or review relevant FLU / CF policies to ensure they reflect regulatory and operational risk requirements.
• Advise and direct business leaders through the FLU/CF compliance and operational risk teams to ensure that regulatory requirements and operational risks are addressed in their respective procedures and controls so that their daily activities operate in a compliant manner.
• Verify scope, frequency and integrity of the FLU/CF quality assurance activities to ensure effective ongoing inspection by the FLUs/CFs.
• Apply judgment and experience to determine monitoring and testing coverage plans and related metrics.
• Monitor business processes, controls, and metrics, open issues and control enhancements to drive remediation of control weaknesses by the FLU/CF.
• Test the effectiveness of the FLU / CF compliance and operational risk controls.
• Review and analyze internal and external losses related to their area of coverage for enterprise-wide themes; escalate concerns or loss exposures as appropriate.
• Review scope and coverage of Key Risk Indicators (“KRIs”) and confirm action is taken to escalate or resolve issues.
• Identify, aggregate, report and escalate risks, issues and control enhancements and ensure the FLU/CF C&OR officers are aware of issues.
• Identify regulatory training needs, provide subject matter expertise to support development of training curriculum, and inspect FLU/CF
• Advise Risk peers and business leaders in preparations for and participation in regulatory exams and audits. Prepare and participate in EAC-specific exams and audits.
• Inspect that gap closure plans and commitments made regarding actions in response to Matters Requiring Attention (“MRAs”) and other actions are completed.
• Plans and executes governance and management routines.
• Escalate regulatory relations concerns to Regulatory Relations.
• Ensure Compliance and Operational Risk “owned” issues (i.e., Internal Audit, Regulator and Self-Identified issues) are addressed appropriately and timely.
The EAC Compliance and Operational Risk Executive ensures consistent quality of activities, processes and outputs by establishing effective review of practices across the team. This role provides leadership direction to attract, assess, develop, motivate and retain a successful team. In rare instances, this role may be an individual contributor.
Shift:1st shift (United States of America)
Hours Per Week:40
Learn more about this role