Privacy and Data Protection Oversight Director

Privacy and Data Protection Oversight Director

Sacramento, CA, USA Req #5432

TITLE : PRIVACY AND DATA PROTECTION DIRECTOR

Scroll down the page to see all associated job requirements, and any responsibilities successful candidates can expect.

STATUS : EXEMPT

REPORTS TO : VP - CORPORATE COMPLIANCE

DEPARTMENT : CORPORATE COMPLIANCE

JOB CODE : 11701

PAY RANGE : $152,300.00 - $185,000.00 ANNUALLY

GENERAL DESCRIPTION :

The Privacy and Data Protection Oversight Director will be responsible for development, execution and oversight of Golden 1’s privacy program.

The Director will develop and maintain policies, notices, and other documentation in support of the privacy program, review Golden 1’s products and services to identify privacy-related issues, and consult on privacy matters.

The Director will work cross-functionally to support teams across the Credit Union on privacy and data protection issues, ensuring compliance with applicable legal and regulatory requirements.

TASKS, DUTIES, FUNCTIONS :

• Promote privacy compliance awareness across the organization by establishing and maintaining relationships with key business lines and functional stakeholders.
• Collaborate with key 1st Line of Defense (1LOD) stakeholders to facilitate data inventory / categorization / mapping of systems and processes.
• Serve as a subject matter expert; provide actionable guidance on privacy and data protection, including handling of data security incidents.
• Build, execute, and maintain the Credit Union’s 2LOD Privacy Compliance Program.
• Maintain a thorough understanding of privacy laws on local, state, and federal levels.
• Monitor, track, and report changes to laws, regulations, and guidance to business owners and compliance management.
• Create and maintain 2LOD Privacy Policies.
• Provide oversight to 1LOD Teams on privacy compliance program elements.
• Guide the Second Line testing team and participate in compliance reviews.
• Review marketing collateral and employee communications for compliance with privacy regulations.
• Prepare and present compliance reports for various committees.
• Provide regulatory privacy expertise for new and existing products, services, and practices.
• Identify and plan for implementation of controls for managing privacy compliance risk.
• Provide recommendations and action plans to management for addressing exceptions from audits or reviews.
• Collaborate with Human Resources and the Enterprise Development Department to improve privacy compliance training materials.
• Collaborate with legal for assessment and advice on privacy-related compliance risks.
• Foster a positive work environment by promoting skill development and ensuring positive employee morale.
• Perform all other related duties as assigned.

PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THE PERFORMANCE OF THESE TASK :

• Effective oral and written communication skills to proof-read, review, summarize, and report on complex regulations.
• Sufficient manual dexterity to operate standard office equipment.

ORGANIZATIONAL CONTACTS & RELATIONSHIPS :

• INTERNAL : All levels of staff.
• EXTERNAL : Vendors and staff of other financial institutions.

QUALIFICATIONS :

EDUCATION : Bachelor’s degree in business administration, law, finance, accounting, computer science, or related field.

An Associate’s degree with commensurate experience may also be considered.

• EXPERIENCE : 10 or more years’ experience in privacy, data protection, information security, risk management, auditing, and / or compliance, preferably in the financial services industry.
• KNOWLEDGE / SKILLS :
• Knowledge of California and federal privacy laws and regulations.
• Experience with risk management frameworks.
• Ability to manage multiple assessments and communicate effectively.
• Strong problem-solving and organizational skills.
• Proficiency in Microsoft Office and other relevant software.

PHYSICAL REQUIREMENTS :

• Prolonged sitting with occasional mobility required.
• Corrected vision and hearing within normal range.
• Ability to lift 15 lbs. as required.

LICENSES / CERTIFICATIONS :

Privacy certification such as CIPP or CIPM is preferred.

THIS JOB DESCRIPTION IN NO WAY STATES OR IMPLIES THAT THESE ARE THE ONLY DUTIES TO BE PERFORMED BY THIS EMPLOYEE.

J-18808-Ljbffr