Privacy Office Risks - Data management Lead

The Data Risks team in the Consumer and Community Banking (CCB) Privacy Office, is part of a global network of data risk professionals who identify, assess and develop programs and processes to manage risks associated with the processing of data, as part of the firm’s commitment to safeguarding customer and client information, ensuring compliance with data risk policies, and supporting regulatory, operational, and legal requirements. The team partners with Technology, Risk, Compliance, Legal, Controls, and other stakeholders to identify, assess, and mitigate data risks, with a focus on Privacy, Data Protection, Classification, and Localization.

As a Data management Lead, you will leverage your analytical skills, to assess the obligations and requirements for managing data risks, considering the complex and vast business operations, as well as designing, managing and socializing processes for strategic and scalable managements of these risks.

Job Responsibilities: 
 

• Use thematic analysis to identify process and control gaps, partnering with key stakeholders to drive stronger risk management.
• Conduct Privacy Risk Assessments for AI, applications, products and services, third party engagements and business initiatives, involving the collection, use, retention and disposal of personal information.
• Collaborate with Legal, Cybersecurity and other partners to develop and enhance guidance on privacy risks mitigation based on laws, Firm policies and industry standards.
• Oversee the implementation and governance of Data Risk Management policies and standards.
• Develop and implement sustainable processes to monitor and report on data risk metrics and key indicators.
• Design and deliver metrics, reports, and presentations to communicate status, risk posture, and effectiveness of controls to senior management and stakeholders.
• Maintain strong relationships with key stakeholders and serve as a point of escalation for issue resolution.
• Collaborate with Controls Management and business partners to ensure a robust control environment.
• Stay current on data localization and residency laws and regulations, and ensure compliance across all relevant jurisdictions.
• Identify opportunities for efficiency and automation, streamlining processes.
• Advise business, tech and data teams on classification, based on laws, regulations and internal policies and standards.
• Develop and present executive-level materials articulating data risks, key decisions and impacts.
• Develop and maintain training and guidance materials on data risks.
• Support Privacy Office and program initiatives..

Required Qualifications, Capabilities, and Skills:

• College degree preferred; advanced education in Data Protection, Privacy, or a related field is a plus.

• Minimum of 5 years’ experience managing complex, multi-year programs with diverse, matrixed teams.

• Experience working with privacy laws such as GDPR, GLBA, CCPA.

• Experience in Data Risk Management, including familiarity with legal and regulatory requirements throughout the data lifecycle.

• Proven experience with documenting process flows and governance procedures.

• Experience with complex operational, data and technical concepts

• Excellent written and verbal communication skills; able to tailor messages for different audiences.

• Strong organizational and prioritization skills, demonstrating flexibility in a rapidly changing environment.

• Proven ability to build partnerships and work collaboratively across teams.

• Strategic thinking and planning skills and abilities to drive innovation.

Preferred Qualifications, Capabilities, and Skills:

• Experience in a regulated financial institution

• IAPP Certification (CIPP/US, CIPT), CISA or similar Certification

• Working knowledge of AI laws, PCI-DSS