SunTrust Banks Director of Privacy Compliance in Atlanta, Georgia
Req ID: W455641
Job Description This position reports directly to our Chief Privacy Officer, and is responsible for ensuring that the company maintains compliance with SunTrust’s public-facing and internal privacy policies and procedures. The position sits within SunTrust’s Enterprise Compliance Organization, and is responsible for executing the company’s Compliance Framework for privacy (including management of privacy monitoring and testing, training, risk assessments and reporting). The Director will work directly with many enterprise teammates to analyze and evaluate privacy risks, and assist business leaders in baking privacy into the design of products and services. The position is a senior management role with high expectations for privacy subject matter expertise, integrity, work ethic, team building and Client First approach.
Responsibilities and Primary Activities:
Drafting, editing, modifying and implementing enterprise privacy policies and procedures. This person will be acting pursuant to direction from the Chief Privacy Officer (CPO) and working hand in hand with Legal on the development and maintenance of enterprise privacy policies that set expectations for the enterprise. This person will need to work with Privacy subject matter experts and other business liaisons to ensure implementation throughout the enterprise.
Privacy Testing, Monitoring, Reporting – this person will be expected to produce metrics that indicate how the Enterprise Privacy Office is performing, where there are privacy gaps throughout the enterprise, and progress towards closing those gaps.
Privacy Impact Assessments and Vendor/Product/Service reviews – this person will have primary responsibility for working with operational risk and Third Party Risk partners and others to assess new products, services and third parties for privacy risks. The person will be expected to be the subject matter expert and be able to quickly and comprehensively weigh in and report on the risks.
Privacy Training – this person will be expected to convert enterprise privacy policies and other educational materials into formal and informal training material for the enterprise (PowerPoints, compliance guides, Q&As, etc.). The person will be acting at the direction of the CPO but will have a tremendous amount of latitude and responsibility to serve as a primary subject matter expert and perform high level training for various audiences
Privacy Consulting – this person will be expected to join many meetings at various levels of the organization and be a primary voice of the Enterprise Privacy Office. The expectation is that the person will be able to provide immediate substantive guidance on business initiatives, and also be a member of working groups to ensure privacy is represented well and baked into the development of new enterprise products and services. Qualifications Minimum Requirements:
- CIPP/US, Bachelor’s Degree
- 7-10 years of relevant experience in privacy law or compliance; Proven leadership, organization, facilitation, problem solving, strategic thinking, team-building, communication and presentation skills; In-depth knowledge of applicable U.S. and international privacy laws and regulations, including but not limited to GLBA, Regulation P, GDPR, FCRA/FACTA, TCPA, CAN-SPAM, COPPA, HIPAA, COPPA and NYDFS Cybersecurity Regulation.
Written and verbal presentation skills, including ability to independently create and present complex material in an easily digestible format; Ability to draft /create and execute risk assessments (including Privacy Impact Assessments), enterprise and line of business-specific training; Experience with creating/mapping/assessing controls against regulatory requirements, developing and reporting on privacy metrics. Demonstrated ability to influence and drive internal and external stakeholders to quick and appropriate decisions in a collaborative and collegial manner. Must be very proficient with PowerPoint, Word, and Visio. Preferred Qualifications:
Juris Doctor, CIPM, CIPP/E, CIPP/C
- Financial services and/or Program ownership experience
Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national origin, age, disability, veteran status, pregnancy, marital status, citizenship status, sexual orientation, gender identity, genetic information, or any other classification protected by applicable laws.
To review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeocselfprintposter.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCPEEOSupplementFinalJRFQA_508c.pdf
© 2017 SunTrust Banks, Inc. All rights reserved.
SunTrust is federally registered service marks of SunTrust Banks, Inc.