Position Summary

The Privacy Officer is responsible for overseeing and managing the Bank's enterprise privacy program, ensuring compliance with applicable federal and state privacy laws and regulations, and embedding privacy-by-design principles across the organization. This role partners closely with Legal, Compliance, IT, Information Security, Risk, and business stakeholders and serves as the primary internal subject-matter expert on data privacy matters. The position reports to the Deputy General Counsel and does not require a law degree.

Key Responsibilities

Privacy Program Management

• Define and manage the Bank's enterprise privacy program, including policies, standards, procedures, and controls frameworks.
• Create and manage through the Privacy Program maturity and adoption Roadmap.
• Monitor and assess compliance with applicable privacy and data protection laws and regulations (e.g., GLBA, state privacy laws, breach notification laws).
• Conduct periodic control validation exercises.
• Primary liaison for regulatory examinations, internal audits, and management reporting related to privacy matters.

Advisory & Business Support

• Serve as a subject matter expert to business units on privacy requirements related to products, services, marketing initiatives, and vendor engagements.
• Define standards and guidelines on data collection, use, sharing, retention, and disposal practices.
• Collaborate with Legal on privacy-related contract provisions, vendor due diligence, and third-party risk management.

Incident Response & Issue Management

• Coordinate privacy-related incident response, including investigation, documentation, escalation, and post-incident remediation, in partnership with Legal, Information Security, and Compliance.
• Assist with breach notification analysis and execution under applicable laws and regulatory expectations.

Training & Awareness

• Develop and deliver privacy training and awareness programs for employees and relevant third parties.
• Promote a culture of privacy awareness and accountability across the organization.

Governance & Reporting

• Prepare privacy-related reporting and metrics for senior management, risk committees, and the board, as appropriate.
• Track regulatory developments and emerging privacy risks; recommend program enhancements accordingly.

Qualifications

• 5-10 years of experience in privacy, data protection, compliance, risk management, or a related field, preferably within financial services or a regulated environment.
• Strong working knowledge of U.S. privacy laws applicable to financial institutions (e.g., GLBA, state privacy and breach laws).
• Experience developing or managing privacy policies, procedures, and controls.
• Ability to work cross-functionally and communicate complex privacy concepts to non-technical stakeholders.
• Strong organizational skills with the ability to manage multiple priorities.

Preferred

• Experience supporting regulatory examinations or audits.
• Familiarity with information security concepts and data governance frameworks.
• Professional certifications such as CIPP/US, CIPM, or similar (or willingness to obtain).

Other Information

• This role does not require a law degree.
• The Privacy Officer works closely with Legal but is not expected to provide legal advice.

Our job titles may span more than one career level. The starting base salary for this role is between $130,000 - $150,000. The actual base pay is dependent upon many factors, such as: training, transferrable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future.

Hybrid Work Model
Effective February 18, 2025, employees in office-based positions will be working a Hybrid work schedule consisting of three days or more, on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence. This Hybrid work model does not apply to, and daily in-person attendance is required for, the contact center, branch service roles, and general services where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance does not apply to roles that have been designated as "remote".

Search Firm Representatives- Please Read Carefully
Amalgamated Bank does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for the position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.