Director - Privacy and Data Protection Oversight
$150,000 - $185,000/Yr
The Judge Group - Sacramento, CA
posted about 2 months ago
Full-time - Senior
Sacramento, CA
Administrative and Support Services
About the position
The Director of Privacy and Data Protection will lead the development, execution, and oversight of Golden 1's privacy program. This role is crucial for ensuring compliance with legal and regulatory requirements while promoting privacy awareness across the organization. The Director will collaborate with various teams to create and maintain privacy policies, review products for privacy issues, and provide consultation on privacy matters.
Responsibilities
- Promote privacy compliance awareness across the organization by building relationships with key business lines and stakeholders, and communicating effectively with senior leadership.
- Collaborate with 1st Line of Defense (1LOD) stakeholders to facilitate data inventory, categorization, and mapping of systems and processes.
- Provide ongoing support as part of the 2nd Line of Defense (2LOD) team.
- Serve as a subject matter expert, offering actionable guidance on privacy and data protection, including data security incident handling.
- Develop and maintain the Credit Union's 2LOD Privacy Compliance Program.
- Stay informed on local, state, and federal privacy laws and monitor changes, reporting them to relevant parties.
- Determine the applicability of law changes and work with 1LOD to implement necessary changes.
- Create and maintain 2LOD Privacy Policies.
- Oversee 1LOD teams on privacy compliance program elements such as procedure alignment, risk assessments, monitoring, and training.
- Guide the Second Line testing team and participate in compliance reviews.
- Review marketing collateral and employee communications for compliance with privacy regulations.
- Prepare and present compliance reports for committees as needed.
- Provide regulatory privacy expertise for new and existing products, services, procedures, and practices.
- Identify and implement controls for managing privacy compliance risk in conjunction with various departments.
- Provide recommendations and action plans to address audit exceptions.
- Collaborate with Human Resources and the Enterprise Development Department to improve privacy compliance training materials.
- Work with legal for assessment and advice on privacy-related compliance risks.
- Foster a positive work environment by promoting skill development, coaching, and ensuring positive employee morale.
Requirements
- Bachelor's degree in business administration, law, finance, accounting, computer science, or a related field.
- 10+ years in privacy, data protection, information security, risk management, auditing, and/or compliance, preferably in the financial services industry.
- Knowledge of California and federal privacy laws (e.g., CCPA/CPRA, CalOPPA, GLBA, GDPR).
- Experience with risk management frameworks.
- Ability to manage multiple assessments and prioritize tasks.
- Strong communication skills and ability to work in a dynamic team environment.
- Consultative approach with all levels of management.
- Strong problem-solving and organizational skills.
- Proficiency in Microsoft Word, Excel, PowerPoint, Adobe Acrobat Pro, and SharePoint.
Nice-to-haves
- Privacy certification such as CIPP or CIPM is preferred.
