Information Governance & Data Protection Manager

Key Responsibilities

• Partner with first-line Data Governance teams to establish and maintain a robust enterprise data governance framework aligned to recognized industry standards (e.g., Basel BCBS 239, COBIT, ISO 20022).
• Develop, refine, and enforce governance policies and standards.
• Ensure alignment of data governance practices with applicable regulations, including Sarbanes‑Oxley (SOX) and Dodd‑Frank.
• Promote strong data quality practices, including validation, reconciliation, and integrity monitoring.
• Establish clear data ownership and stewardship models in collaboration with business stakeholders.
• Monitor, assess, and report on data quality and governance effectiveness.
• Ensure adherence to regulatory requirements and evolving industry best practices.

• Partner with first-line Data Governance teams to establish and maintain a robust enterprise data governance framework aligned to recognized industry standards (e.g., Basel BCBS 239, COBIT, ISO 20022).
• Develop, refine, and enforce governance policies and standards.
• Ensure alignment of data governance practices with applicable regulations, including Sarbanes‑Oxley (SOX) and Dodd‑Frank.
• Promote strong data quality practices, including validation, reconciliation, and integrity monitoring.
• Establish clear data ownership and stewardship models in collaboration with business stakeholders.
• Monitor, assess, and report on data quality and governance effectiveness.
• Ensure adherence to regulatory requirements and evolving industry best practices.

• Establish and maintain policies, standards, procedures, and guidelines for secure information handling.
• Implement and oversee data protection strategies and supporting technologies.
• Conduct risk assessments to identify vulnerabilities within data handling and processing activities.
• Enforce appropriate controls including encryption, access management, and monitoring mechanisms.
• Lead response efforts related to data incidents, ensuring timely remediation and risk mitigation.
• Ensure compliance with applicable data protection regulations such as GDPR and GLBA.

• Develop and maintain records retention policies, standards, schedules, and procedures.
• Oversee compliant archiving and secure disposal of records in accordance with legal and regulatory requirements.
• Partner with Legal and Compliance teams to mitigate records‑related risks.
• Conduct periodic audits of records management practices to ensure effectiveness and compliance.

• Strong written and verbal communication skills
• Advanced analytical and problem‑solving capabilities
• Ability to collaborate effectively across business and risk functions
• Demonstrated experience building, leading, and developing high‑performing teams

• Bachelor’s degree in Information Security, Risk Management, or a related field
• Minimum 7 years of experience in information security, data governance, data protection, or records management
• Deep understanding of regulatory and industry standards (e.g., GDPR, CCPA, ISO 27001)
• Knowledge of governance frameworks such as Basel BCBS 239, COBIT, and ISO 20022
• Professional certifications such as CISM, CISSP, or CRISC preferred