Enterprise Privacy Compliance and Operational Risk Manager

Bank of America
Published
August 5, 2022
Location
Horsham, PA
Category
Job Type

Description

Enterprise Privacy Compliance and Operational Risk Manager

Charlotte, North Carolina;Horsham, Pennsylvania

Job Description:

The EAC C&OR Manager assists in engaging other C&OR officers, including horizontal coverage owners and EAC, to provide comprehensive oversight of FLU/CF activities. This role assists in developing and maintaining a global coverage plan which defines the scope and risk-based focus of the second lines risk management activities. The EAC C&OR Manager also assists in preparing materials for C&OR regulatory exams/audits/inquiries and may assist with preparation for FLU/CF regulatory exams/audits/inquiries

Enterprise Privacy Compliance and Operational Risk is looking for an experienced privacy professional to join as a Compliance and Operational Risk Manager. Reporting to the Global Chief Privacy Officer, this position serves in a senior individual contributor role with responsibility for the execution of the Global Compliance and Operational Risk Program focused primarily on coverage of privacy risks inherent in the collection, use and sharing of personal information and international data transfers.

The position requires a wide breadth of privacy knowledge and working closely with cross-functional teams in legal/ risk/ compliance to advise and oversee the business on data privacy risks. Responsibilities include but are not limited to the following activities:

Drive privacy compliance and operational risk strategy and priorities related to overseeing compliance with data privacy laws, rules and regulations and adherence to the companys policies that ensure the privacy of customer and employee information.

Collaborating across the Enterprise Privacy team, lead in the development and implementation of monitoring and testing coverage plans, privacy risk assessments, business process assessments, and privacy reviews for third parties handling personal information.

Overseeing key regulatory activities.

Evaluating business line initiatives and processes from a privacy risk perspective.

Collaborating across Enterprise Privacy and leadership to provide strategic guidance on emerging privacy trends and requirements

Activities this role performs for their area of coverage include, but are not limited to:

Produces and/or oversees the development of independent risk management reporting as input into governance and management routines

Contributes to participation in industry forums and monitors regulatory expectations, emerging legislation and regulation, political scrutiny, litigation and key influencers (trade associations, PACs, lobbyists, consumer groups, and media) in the EAC subject area to identify and mitigate emerging risks

Identifies regulatory training needs and provides subject matter expertise to support the development of training curriculum

Develops and maintains C&OR-owned policies/standards and reviews relevant FLU/CF-owned policies and standards to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable

Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage, advises business leaders on those changes, directs the appropriate areas to implement or amend policies, standards, procedures and/or processes to address regulatory requirements, and challenges the implementation plan as needed; maintains a comprehensive regulatory inventory

Identifies, aggregates, reports, escalates, inspects and challenges remediation plans, and performs thematic analysis on FLU/CF-owned issues and control enhancements

Ensures C&OR owned issues and control enhancements are identified and addressed appropriately and timely

Contributes to or leads development of risk coverage plans, executes and / or oversees execution of monitoring, testing and risk assessments, and communicates results

Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA) related to EAC themes or trends

Reviews and challenges internal and external operational loss events, including development of remediation plans to strengthen controls, and approves where appropriate

Participates in Scenario Analysis activities for coverage areas and challenges as appropriate

Ensures metrics are designed to measure key risks and control performance, monitors and reports on metric performance and breach remediation

Required/Desired:

Minimum 7 years of risk management or other relevant experience with a minimum of 5 years of direct experience in Privacy including implementing and overseeing global privacy law, rules, regulations

CIPP, CIPM, CIPT or other relevant certification preferred

Ability to build relationships internally and externally

Ability to think strategically

Excellent written and oral communication skills

A Self-motivated, hands-on, driven individual

Job Band:

H4

Shift:

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

2000

Job Description:

The EAC C&OR Manager assists in engaging other C&OR officers, including horizontal coverage owners and EAC, to provide comprehensive oversight of FLU/CF activities. This role assists in developing and maintaining a global coverage plan which defines the scope and risk-based focus of the second lines risk management activities. The EAC C&OR Manager also assists in preparing materials for C&OR regulatory exams/audits/inquiries and may assist with preparation for FLU/CF regulatory exams/audits/inquiries

Enterprise Privacy Compliance and Operational Risk is looking for an experienced privacy professional to join as a Compliance and Operational Risk Manager. Reporting to the Global Chief Privacy Officer, this position serves in a senior individual contributor role with responsibility for the execution of the Global Compliance and Operational Risk Program focused primarily on coverage of privacy risks inherent in the collection, use and sharing of personal information and international data transfers.

The position requires a wide breadth of privacy knowledge and working closely with cross-functional teams in legal/ risk/ compliance to advise and oversee the business on data privacy risks. Responsibilities include but are not limited to the following activities:

Drive privacy compliance and operational risk strategy and priorities related to overseeing compliance with data privacy laws, rules and regulations and adherence to the companys policies that ensure the privacy of customer and employee information.

Collaborating across the Enterprise Privacy team, lead in the development and implementation of monitoring and testing coverage plans, privacy risk assessments, business process assessments, and privacy reviews for third parties handling personal information.

Overseeing key regulatory activities.

Evaluating business line initiatives and processes from a privacy risk perspective.

Collaborating across Enterprise Privacy and leadership to provide strategic guidance on emerging privacy trends and requirements

Activities this role performs for their area of coverage include, but are not limited to:

Produces and/or oversees the development of independent risk management reporting as input into governance and management routines

Contributes to participation in industry forums and monitors regulatory expectations, emerging legislation and regulation, political scrutiny, litigation and key influencers (trade associations, PACs, lobbyists, consumer groups, and media) in the EAC subject area to identify and mitigate emerging risks

Identifies regulatory training needs and provides subject matter expertise to support the development of training curriculum

Develops and maintains C&OR-owned policies/standards and reviews relevant FLU/CF-owned policies and standards to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable

Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage, advises business leaders on those changes, directs the appropriate areas to implement or amend policies, standards, procedures and/or processes to address regulatory requirements, and challenges the implementation plan as needed; maintains a comprehensive regulatory inventory

Identifies, aggregates, reports, escalates, inspects and challenges remediation plans, and performs thematic analysis on FLU/CF-owned issues and control enhancements

Ensures C&OR owned issues and control enhancements are identified and addressed appropriately and timely

Contributes to or leads development of risk coverage plans, executes and / or oversees execution of monitoring, testing and risk assessments, and communicates results

Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA) related to EAC themes or trends

Reviews and challenges internal and external operational loss events, including development of remediation plans to strengthen controls, and approves where appropriate

Participates in Scenario Analysis activities for coverage areas and challenges as appropriate

Ensures metrics are designed to measure key risks and control performance, monitors and reports on metric performance and breach remediation

Required/Desired:

Minimum 7 years of risk management or other relevant experience with a minimum of 5 years of direct experience in Privacy including implementing and overseeing global privacy law, rules, regulations

CIPP, CIPM, CIPT or other relevant certification preferred

Ability to build relationships internally and externally

Ability to think strategically

Excellent written and oral communication skills

A Self-motivated, hands-on, driven individual

Shift:

1st shift (United States of America)

Hours Per Week:

40

Learn more about this role

Full time

JR-21081247

Band: H4

Manages People: No

Travel: No

Manager:

Talent Acquisition Contact:

Janette Flowers

Referral Bonus:

2000

Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.

To view the "EEO is the Law" poster, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) .

To view the "EEO is the Law" Supplement, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .

Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (Policy) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.

To view Bank of Americas Drug-free workplace and alcohol policy, CLICK HERE .

Apply
Drop files here browse files ...

Related Jobs

August 14, 2022
August 14, 2022
August 14, 2022

Author: