Golden 1 Credit Union
Privacy and Data Protection Oversight Director
Golden 1 Credit Union, Sacramento, California, United States, 95828
Privacy and Data Protection Oversight Director
Sacramento, CA, USA Req #5432
Thursday, August 22, 2024TITLE: PRIVACY AND DATA PROTECTION DIRECTORSTATUS: EXEMPTREPORTS TO: VP - CORPORATE COMPLIANCEDEPARTMENT: CORPORATE COMPLIANCEJOB CODE: 11701PAY RANGE: $152,300.00 - $185,000.00 ANNUALLYGENERAL DESCRIPTION:The Privacy and Data Protection Oversight Director will be responsible for development, execution and oversight of Golden 1’s privacy program. The Director will be responsible for developing and maintaining policies, notices, and other documentation in support of the privacy program, reviewing Golden 1’s products and services to identify privacy-related issues, and consulting on privacy matters. The Director will work cross-functionally to support teams across the Credit Union on privacy and data protection issues, and to ensure policies and practices comply with applicable legal and regulatory requirements.TASKS, DUTIES, FUNCTIONS:Promotes Privacy compliance awareness across the organization by establishing and maintaining relationships with key business lines and functional stakeholders. This role is expected to effectively communicate with senior leadership on an ongoing basis.Collaborate with key 1st Line of Defense (1LOD) stakeholders to facilitate data inventory/categorization/mapping of systems and processes.The Privacy Officer is part of the Second Line of Defense (2LOD) team providing ongoing support to 1LOD teams.Serve as a subject matter expert; provide actionable, business-savvy guidance on matters related to privacy and data protection, including ensuring appropriate handling of data security incidents.Builds, executes, and maintains the Credit Union’s 2LOD Privacy Compliance Program.Maintain a thorough understanding of Privacy laws on local, state, and federal level.Monitor, track, and report changes to local, state, and federal laws, regulations, rules, and guidance to business owners, compliance management, and senior managers.Determines applicability of law changes to Golden 1 and work with 1LOD on implementing changes as required.Creates and maintains 2LOD Privacy Policies.Provided oversight to 1LOD Teams on Privacy compliance program elements such as procedure alignment, risk assessments, monitoring, training, etc.Guides the Second Line testing team and participate in Second line Compliance Reviews to support ongoing compliance with applicable regulations and laws.Reviews marketing collateral and employee communications to ensure compliance with applicable privacy and CCPA regulations and laws.Prepare and present compliance reports for Compliance and other committees, as required and/or necessary.As applicable, participates, provides direction and makes key decisions for project needs.Provide regulatory Privacy subject matter expertise to the Credit Union with new and existing products, services, procedures, processes, and practices to ensure ongoing compliance with applicable laws, rules, and regulations.Identify and plan for implementation of controls for managing Privacy Compliance Risk in conjunction with Vendor Management, Records Management, Information Security, Data Governance, Information Technology.Provide recommendations and action plans to responsible management in addressing exceptions from audits, reviews, or examinations by utilizing internal systems for tracking and through resolution.Collaborate with Human Resources and the Enterprise Development Department to assess, develop, and improve Privacy compliance training materials.Collaborate with legal for assessment and advice on Privacy-related Compliance Risks.Foster a positive and engaging work environment by promoting skill development, coaching for improvement and growth, inspiring others through words and actions, ensuring positive employee morale throughout Golden 1, and embracing our mission, vision, and core values.Perform all other related duties as assigned.PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THE PERFORMANCE OF THESE TASK:Effective oral and written communication skills required to proof-read, review, summarize, and report on complex government and legal rules, regulations, and guidance.Must possess sufficient manual dexterity to skillfully operate an on-line computer terminal and other standard office equipment, such as financial calculators, personal computer, facsimile machine and telephone.ORGANIZATIONAL CONTACTS & RELATIONSHIPS:INTERNAL:
All levels of staff.EXTERNAL:
Vendors, management and the staff of other financial institutions.QUALIFICATIONS:EDUCATION:
Bachelor’s degree in business administration, law, finance, accounting, computer science or other related field or Associate’s degree coupled with commensurate experience. May be considered if individual demonstrates skill level appropriate for the position.EXPERIENCE:
10 or more years’ experience in privacy, data protection, information security, risk management, auditing and/or compliance, preferably in the financial services industry.KNOWLEDGE/SKILLS:Knowledge of California and federal privacy and data protection-related laws, regulations, and guidance such as CCPA/CPRA, CalOPPA, CFIPA, GLBA, GDPR, RFPA, CAN-SPAM, and FCRA.Experience with risk management frameworks (preferably in security or privacy) to objectively measure risks, monitor risk levels, and track remediation.Ability to manage a queue against strategic priorities and show expertise in being able to handle multiple assessments at a time.Willing to learn and apply processes unique to the challenges of Golden 1.Comfortable operating on an unpaved road and dealing with ambiguity.Ability to communicate at a management level (oral and written) and work well with others in a dynamic team environment.Demonstrated ability to utilize a consultative approach with all levels of management.Ability to work effectively and collaboratively within the department, with business unit owners, and others outside of the credit union.Strong problem-solving, credit union operations, and organizational skills with the ability to present information logically.Ability to positively communicate suggested solutions and alternate outcomes.Ability to multi-task effectively and meet deadlines with limited supervision.Ability to work independently with minimal direction and exhibit initiative.Demonstrated ability to think critically and analyze and communicate complex information to all levels of management and staff.Proficiency in Microsoft Word, Excel, and PowerPoint as well as Adobe Acrobat Pro and SharePoint.PHYSICAL REQUIREMENTS:Prolonged sitting throughout the workday with occasional mobility required.Corrected vision within the normal range.Hearing within normal range. A device to enhance hearing will be provided if needed.Ability to lift 15 lbs. as may be required.Occasional movements throughout the department daily to interact with staff, accomplish tasks, etc.LICENSES / CERTIFICATIONS:Privacy certification such as CIPP or CIPM is preferred.#LI-HybridTHIS JOB DESCRIPTION IN NO WAY STATES OR IMPLIES THAT THESE ARE THE ONLY DUTIES TO BE PERFORMED BY THIS EMPLOYEE. HE OR SHE WILL BE REQUIRED TO FOLLOW OTHER INSTRUCTIONS AND TO PERFORM OTHER DUTIES REQUESTED BY HIS OR HER SUPERVISOR THAT ARE WITHIN HIS / HER KNOWLEDGE, SKILL AND ABILITY AS WELL AS HIS / HER MENTAL AND PHYSICAL ABILITIES.REV. 7/5/2024
#J-18808-Ljbffr
Sacramento, CA, USA Req #5432
Thursday, August 22, 2024TITLE: PRIVACY AND DATA PROTECTION DIRECTORSTATUS: EXEMPTREPORTS TO: VP - CORPORATE COMPLIANCEDEPARTMENT: CORPORATE COMPLIANCEJOB CODE: 11701PAY RANGE: $152,300.00 - $185,000.00 ANNUALLYGENERAL DESCRIPTION:The Privacy and Data Protection Oversight Director will be responsible for development, execution and oversight of Golden 1’s privacy program. The Director will be responsible for developing and maintaining policies, notices, and other documentation in support of the privacy program, reviewing Golden 1’s products and services to identify privacy-related issues, and consulting on privacy matters. The Director will work cross-functionally to support teams across the Credit Union on privacy and data protection issues, and to ensure policies and practices comply with applicable legal and regulatory requirements.TASKS, DUTIES, FUNCTIONS:Promotes Privacy compliance awareness across the organization by establishing and maintaining relationships with key business lines and functional stakeholders. This role is expected to effectively communicate with senior leadership on an ongoing basis.Collaborate with key 1st Line of Defense (1LOD) stakeholders to facilitate data inventory/categorization/mapping of systems and processes.The Privacy Officer is part of the Second Line of Defense (2LOD) team providing ongoing support to 1LOD teams.Serve as a subject matter expert; provide actionable, business-savvy guidance on matters related to privacy and data protection, including ensuring appropriate handling of data security incidents.Builds, executes, and maintains the Credit Union’s 2LOD Privacy Compliance Program.Maintain a thorough understanding of Privacy laws on local, state, and federal level.Monitor, track, and report changes to local, state, and federal laws, regulations, rules, and guidance to business owners, compliance management, and senior managers.Determines applicability of law changes to Golden 1 and work with 1LOD on implementing changes as required.Creates and maintains 2LOD Privacy Policies.Provided oversight to 1LOD Teams on Privacy compliance program elements such as procedure alignment, risk assessments, monitoring, training, etc.Guides the Second Line testing team and participate in Second line Compliance Reviews to support ongoing compliance with applicable regulations and laws.Reviews marketing collateral and employee communications to ensure compliance with applicable privacy and CCPA regulations and laws.Prepare and present compliance reports for Compliance and other committees, as required and/or necessary.As applicable, participates, provides direction and makes key decisions for project needs.Provide regulatory Privacy subject matter expertise to the Credit Union with new and existing products, services, procedures, processes, and practices to ensure ongoing compliance with applicable laws, rules, and regulations.Identify and plan for implementation of controls for managing Privacy Compliance Risk in conjunction with Vendor Management, Records Management, Information Security, Data Governance, Information Technology.Provide recommendations and action plans to responsible management in addressing exceptions from audits, reviews, or examinations by utilizing internal systems for tracking and through resolution.Collaborate with Human Resources and the Enterprise Development Department to assess, develop, and improve Privacy compliance training materials.Collaborate with legal for assessment and advice on Privacy-related Compliance Risks.Foster a positive and engaging work environment by promoting skill development, coaching for improvement and growth, inspiring others through words and actions, ensuring positive employee morale throughout Golden 1, and embracing our mission, vision, and core values.Perform all other related duties as assigned.PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THE PERFORMANCE OF THESE TASK:Effective oral and written communication skills required to proof-read, review, summarize, and report on complex government and legal rules, regulations, and guidance.Must possess sufficient manual dexterity to skillfully operate an on-line computer terminal and other standard office equipment, such as financial calculators, personal computer, facsimile machine and telephone.ORGANIZATIONAL CONTACTS & RELATIONSHIPS:INTERNAL:
All levels of staff.EXTERNAL:
Vendors, management and the staff of other financial institutions.QUALIFICATIONS:EDUCATION:
Bachelor’s degree in business administration, law, finance, accounting, computer science or other related field or Associate’s degree coupled with commensurate experience. May be considered if individual demonstrates skill level appropriate for the position.EXPERIENCE:
10 or more years’ experience in privacy, data protection, information security, risk management, auditing and/or compliance, preferably in the financial services industry.KNOWLEDGE/SKILLS:Knowledge of California and federal privacy and data protection-related laws, regulations, and guidance such as CCPA/CPRA, CalOPPA, CFIPA, GLBA, GDPR, RFPA, CAN-SPAM, and FCRA.Experience with risk management frameworks (preferably in security or privacy) to objectively measure risks, monitor risk levels, and track remediation.Ability to manage a queue against strategic priorities and show expertise in being able to handle multiple assessments at a time.Willing to learn and apply processes unique to the challenges of Golden 1.Comfortable operating on an unpaved road and dealing with ambiguity.Ability to communicate at a management level (oral and written) and work well with others in a dynamic team environment.Demonstrated ability to utilize a consultative approach with all levels of management.Ability to work effectively and collaboratively within the department, with business unit owners, and others outside of the credit union.Strong problem-solving, credit union operations, and organizational skills with the ability to present information logically.Ability to positively communicate suggested solutions and alternate outcomes.Ability to multi-task effectively and meet deadlines with limited supervision.Ability to work independently with minimal direction and exhibit initiative.Demonstrated ability to think critically and analyze and communicate complex information to all levels of management and staff.Proficiency in Microsoft Word, Excel, and PowerPoint as well as Adobe Acrobat Pro and SharePoint.PHYSICAL REQUIREMENTS:Prolonged sitting throughout the workday with occasional mobility required.Corrected vision within the normal range.Hearing within normal range. A device to enhance hearing will be provided if needed.Ability to lift 15 lbs. as may be required.Occasional movements throughout the department daily to interact with staff, accomplish tasks, etc.LICENSES / CERTIFICATIONS:Privacy certification such as CIPP or CIPM is preferred.#LI-HybridTHIS JOB DESCRIPTION IN NO WAY STATES OR IMPLIES THAT THESE ARE THE ONLY DUTIES TO BE PERFORMED BY THIS EMPLOYEE. HE OR SHE WILL BE REQUIRED TO FOLLOW OTHER INSTRUCTIONS AND TO PERFORM OTHER DUTIES REQUESTED BY HIS OR HER SUPERVISOR THAT ARE WITHIN HIS / HER KNOWLEDGE, SKILL AND ABILITY AS WELL AS HIS / HER MENTAL AND PHYSICAL ABILITIES.REV. 7/5/2024
#J-18808-Ljbffr