Privacy Analyst

• Assist with the development and implementation of the Privacy Program across all business areas and affiliates.
• Understand the intersection between financial privacy regulations (including, but not limited to, the Graham-Leach-Bliley Act and Right to Financial Privacy Act) and other privacy regulations such as the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
• Engage with business areas and affiliates on developing information sharing protocols and governance around information sharing. Establish mechanisms to track access to client information and privacy breach incidents and perform analysis to identify necessary changes.
• Assist with updates to Privacy Policy, as well as applicable notices and statements.
• Assist with periodic risk assessments, and ongoing compliance monitoring activities.
• Assist with vendor reviews, identify privacy risks and establish controls and monitoring to mitigate risks.
• Review enterprise privacy training, privacy-related complaints, privacy and information sharing policies and procedures.
• Collaborate with various business functions, such as legal, marketing, and security, to promote privacy. Promote activities to foster information privacy awareness across organization.
• Maintain knowledge of applicable federal and state privacy laws and information privacy technologies.
• Assist with handling of Data Subject Requests, privacy incidents, and inquiries.
• Understand and communicate the relationship between privacy, governance, and information security and protection principles. Work with colleagues in these functions to implement and communicate a collaborative, rather than siloed approach to achieving privacy, governance, and information protection objectives.
• Support the implementation of the bank's Privacy by Design program, helping the bank to proactively identify and mitigate privacy risks and embed privacy principles into the design and implementation of products and technologies.
• Manage classification technologies and processes to identify and classify personal data. Establish and monitor mechanisms for automating classification at scale and managing the bank's inventory of personal data.
• Support the identification of privacy risk within a broader risk universe, including data, third party, operational, reputational, and other risks. Understand and support the Three Lines of Defense risk management model and the clear delineation of risk ownership throughout the bank.
• Bring a collaborative mindset and demeanor to privacy tasks. Communicate a “Win-Win” approach to achieving business and privacy outcomes.
• Understand privacy risks related to emerging Artificial Intelligence (AI) and automated decision-making technologies. Assist in identifying these risks in processes and technologies currently used by the bank and under consideration for future implementation.
• Apply Privacy Patterns to help product and solution owners implement privacy-friendly approaches to common business challenges.
• Understand consent models and help apply consent management strategies across multiple jurisdictions and business lines.
• Recommend approaches to defining and implementing metrics to help measure and communicate the effectiveness of the privacy program to executives and business leaders. Assist in the periodic collection and validation of data to populate privacy metrics.
• Comply fully with all Bank Compliance policies and procedures as well as all regulatory requirements (e.g. Bank Secrecy Act, Know Your Client, Community Reinvestment Act, Fair Lending Practices, Code of Conduct, etc.).

• Bachelor's Degree or equivalent experience
• Minimum 5 years of privacy compliance or banking compliance experience

• CIPP Certification preferred or willingness to complete within 1 year.
• Experience with core banking systems and technologies such as FIS, Fiserv, and Broadridge.
• Certification (preferred) or significant expertise with OneTrust privacy program management tools, including Consent Management and Privacy Rights Automation.
• Understanding of managing privacy risks related to marketing and client engagement technologies. Experience with technologies such as Seismic, PossibleNow, Google Analytics, Google Tag Manager, Adobe Experience, Tealium, and Signal (preferred).
• Knowledge of privacy and banking compliance laws and regulations.
• Proficiency of Microsoft Office applications such as Excel, Access, Word and PowerPoint.
• Excellent organizational and analytical skills.
• Ability to communicate clearly and professionally with all levels of an organization.
• Excellent written and verbal communications skills.
• Effective interpersonal skills.
• Proficiency in multi-tasking and prioritizing projects.
• Ability to manage urgency when required.
• Deep interest and curiosity in privacy and data protection topics.
• Excellent time management skills and be accustomed to working with deadlines.
• Experience communicating and interacting with regulatory agencies, including exam management and other regulatory affairs.
• For Banking Compliance related roles, Certified Compliance Risk Manager (CRCM).
• For Wealth Management Compliance roles, experience with a financial institution such as a broker/dealer and/or registered investment adviser.
• For Wealth Management Compliance roles, experience working within a Compliance Investment Management role.

• To be considered for this position you must meet at least these basic qualifications

#LI-JR1

#CR-JR