Privacy Officer

Position Summary

The Privacy Officer is responsible for overseeing and managing the Bank’s enterprise privacy program, ensuring compliance with applicable federal and state privacy laws and regulations, and embedding privacy‑by‑design principles across the organization. This role partners closely with Legal, Compliance, IT, Information Security, Risk, and business stakeholders and serves as the primary internal subject‑matter expert on data privacy matters. The position reports to the Deputy General Counsel and does not require a law degree.

• Define and manage the Bank’s enterprise privacy program, including policies, standards, procedures, and controls frameworks.
• Create and manage through the Privacy Program maturity and adoption Roadmap.
• Monitor and assess compliance with applicable privacy and data protection laws and regulations (e.g., GLBA, state privacy laws, breach notification laws).
• Conduct periodic control validation exercises.
• Primary liaison for regulatory examinations, internal audits, and management reporting related to privacy matters.

• Serve as a subject matter expert to business units on privacy requirements related to products, services, marketing initiatives, and vendor engagements.
• Define standards and guidelines on data collection, use, sharing, retention, and disposal practices.
• Collaborate with Legal on privacy‑related contract provisions, vendor due diligence, and third‑party risk management.

• Coordinate privacy‑related incident response, including investigation, documentation, escalation, and post‑incident remediation, in partnership with Legal, Information Security, and Compliance.
• Assist with breach notification analysis and execution under applicable laws and regulatory expectations.

• Develop and deliver privacy training and awareness programs for employees and relevant third parties.
• Promote a culture of privacy awareness and accountability across the organization.

• Prepare privacy‑related reporting and metrics for senior management, risk committees, and the board, as appropriate.
• Track regulatory developments and emerging privacy risks; recommend program enhancements accordingly.

• 5‑10 years of experience in privacy, data protection, compliance, risk management, or a related field, preferably within financial services or a regulated environment.
• Strong working knowledge of U.S. privacy laws applicable to financial institutions (e.g., GLBA, state privacy and breach laws).
• Experience developing or managing privacy policies, procedures, and controls.
• Ability to work cross‑functionally and communicate complex privacy concepts to non‑technical stakeholders.
• Strong organizational skills with the ability to manage multiple priorities.

• Experience supporting regulatory examinations or audits.
• Familiarity with information security concepts and data governance frameworks.
• Professional certifications such as CIPP/US, CIPM, or similar (or willingness to obtain).

• This role does not require a law degree.
• The Privacy Officer works closely with Legal but is not expected to provide legal advice.