Data Privacy and Protection Lead

Industry: Finance & Insurance


5 - 7 years

Posted 46 days ago


As an ambassador for and key member of the Enterprise Data Management team, the Data Privacy and Protection Lead is responsible for developing the strategy and approach for classifying and protecting sensitive data within the firm and engaging members of the Chief Privacy Office, Chief Information Security Office, Data Stewards, Legal, Compliance, Risk, and Technology Subject Matter Experts to co-ordinate implementation of data classification and protection policies and standards across the TD Ameritrade data and application eco-system.

The Data Privacy and Protection Lead will lead the evaluation, selection and implementation of data privacy and security tools and solutions that are effective and efficient. Data Privacy and Protection are top priorities for TD Ameritrade and are at the forefront of our business. This is a great opportunity to continue to grow your experience in data privacy and security management.


  • Conduct stakeholder analysis and publish it to the cross-functional team
  • Develop operating and engagement models
  • Refine existing data privacy policy and standards with input from various stakeholders; maintain and publish revisions
  • Develop and maintain an implementation plan for classifying and protecting sensitive data within the firm
  • Execute against the plan in collaboration with the enterprise data governance authority, CISO, Chief Privacy Officer, Technology, Legal, Compliance and other organizations
  • Develop the process and procedures document for classifying and protecting sensitive data with input from various enterprise stakeholders – based on the approved data privacy policy and standards
  • Evaluate the TD Ameritrade business supply chain to identify key processes that generate or manipulate sensitive data
  • Identify risks associated with each based on TDA's privacy policy and standards
  • Analyze internal applications and associated data to determine if remediation is required


  • Bachelor's degree in Computer Science, Engineering or relevant field or equivalent experience
  • 7 years total experience
  • Relevant experience includes privacy governance and/or privacy operations management and/or privacy legal experience in an US entity
  • Minimum 3 years of privacy management experience required
  • Minimum of 2 years of experience with regulatory requirements and compliance issues in at least one of the following areas: CCPA, PCI/GLBA, GDPR/EU Data Protection Directive, US State Privacy Laws, or other international privacy/data protection regulations and requirements
  • Excellent attention to detail, reporting, and managing of tasks
  • Excellent verbal/written communication skills, time management and analytical/problem solving abilities
  • Versatility, ability to prioritize and handle a large number of matters, and ability to work effectively and collegially on a small legal team with significant workload
  • Military education or experience may be considered in lieu of civilian requirements listed