Compliance Privacy Officer

Overview

SMBC is committed to ensuring that all our customers' and employees' data is protected.  Reporting to the Head of Compliance MIS, Analytics & Technology, the Americas Division (AD) Compliance Privacy Officer (CPO) will oversee all activities related to the Privacy Office at SMBC AD.  The CPO will be responsible for building the Privacy Office across the Americas, including the United States, Canada, Mexico, Brazil, Cayman Islands, Chile, Colombia, and Peru.  Responsibilities include daily operations of the Privacy program; development, implementation, and maintenance of policies and procedures; investigation and tracking of incidents and breaches; and ensuring stakeholder rights in compliance with national and state/territorial laws.

Responsibilities

• Lead the development and implementation of a comprehensive privacy operations program across the Americas, including the United States, Canada, Mexico, Brazil, Cayman Islands, Chile, Colombia, and Peru
• Structure and implement programmatic functions related to governance (policies, data classification, data lifecycle management) and operations (notices, data rights requests, privacy impact assessments, data sharing and transfers, vendor assessment questionnaires)
• Hire and lead privacy compliance and operations managers responsible for the identification and mitigation of Privacy Risks, ensuring compliance with Privacy policies and procedures, and supporting lines of business and group companies with Privacy processes
• Perform information privacy risk assessments and oversee risk mitigation and remediation efforts
• Establish a privacy management framework, inclusive of owning and managing privacy policies and procedures
• Create and maintain consumer consent forms and disclosures for processing of all personal data
• Create and operate Data Subject Access Request (DSAR) processes and procedures to ensure timely processing of all requests
• Review supplier/vendor contracts to identify information sharing relationships and ensure all privacy requirements are addressed
• Establish and administer a process for investigating and acting on privacy complaints
• Drive Privacy awareness through development and delivery of events, training, for internal clients and employees
• Collaborate with legal for assessment and advice on privacy-related risks (e.g., new or existing products and services, technology and applications for the use and processing of data, and from cross-border or inter-company data transmission)
• Identify and plan for implementation of controls for managing Privacy compliance in conjunction with Vendor Management, Records Management, Information Security, Data Governance, Information Technology, and the Privacy Counsel
• Monitor the use and effectiveness of Privacy-related risk mitigation and compliance measures with updates reviewed and implemented as needed
• Collaborate with data privacy and information security legal advisors, data governance team, and information security partners to align 
• Collaborate with Information Security to ensure alignment between security and Privacy programs, including policies, practices, and investigations

Qualifications

• 5+ years of relevant legal and operational privacy experience
• 5+ years of banking experience
• 5+ years of experience directly managing people
• Demonstrable understanding of developing and implementing controls and operational risk management within a financial services organization
• Knowledge and experience with national and state/territorial privacy laws, including CCPA/CPRA, PIPEDA and LGPD
• Experience applying privacy-by-design principles
• Solid understanding of banking products, operations, and data
• Effective negotiation skills, a proactive approach to communicating issues and strength in sustaining independent views. Able to influence across a wide range of internal stakeholders
• Strong leadership and management skills; experience in managing remote teams and teams containing entry-level and senior-level staff
• Excellent written and oral communication skills and experience presenting to executive management
• Bachelor's degree required (JD from an accredited law school is preferred)
• Privacy certification such as CIPP or CIPM is preferred

Employment Type: FULL_TIME