Job DescriptionThe Privacy Specialist serves as a key contributor to the enterprise privacy program for a FINRA-registered broker-dealer and SEC-registered investment adviser.
This role operates with a high degree of independence and judgement, leading assigned privacy workstreams and supporting compliance with applicable regulations, including GLBA and Regulation S-P. The Privacy Specialist partners cross-functionally to implement privacy practices, assess risk, and enhance program effectiveness.
The position works under the direction of the Principal Privacy Officer and is responsible for driving execution of core privacy activities, identifying opportunities for process improvement, and ensuring operational alignment with regulatory expectations and internal standards.
What You'll Do: - Privacy Program Execution & Governance
- Own and execute assigned components of the enterprise privacy program, ensuring alignment with regulatory requirements and internal policies.
- Manage intake, triage, and resolution of privacy-related inquiries, exercising judgement in prioritization and response.
- Maintain and enhance privacy policies, procedures, and standards, recommending updates based on regulatory changes and business needs.
- Provide guidance to internal stakeholders on privacy requirements and best practices.
- Data Inventory & Data Mapping
- Manage assigned portions of the enterprise data inventory, including data mapping and system documentation.
- Analyze data flows and data usage to identify potential privacy risks or gaps.
- Partner with business and technology teams to ensure data inventory accuracy and completeness.
- Recommend improvements to data governance processes and documentation standards.
- Vendor Risk & Third-Party Oversight
- Lead privacy-related components of vendor risk assessments, including review of data protection documentation.
- Evaluate vendor practices and identify gaps relative to regulatory and company standards.
- Partner with Risk, Legal, and Procurement to ensure appropriate mitigation strategies are implemented.
- Track and report on vendor-related privacy risks and remediation status.
- Privacy Incident Management
- Manage intake, tracking, and coordination of privacy incidents in accordance with established protocols.
- Evaluate incident details and escalate issues as appropriate, applying judgment to assess risk and impact.
- Identify trends in incidents and recommend process or control improvements.
- Coordinate cross-functional response efforts and ensure proper documentation and resolution.
- Vendor Risk & Third-Party Oversight
- Lead privacy-related components of vendor risk assessments, including review of data protection documentation.
- Evaluate vendor practices and identify gaps relative to regulatory and company standards.
- Partner with Risk, Legal, and Procurement to ensure appropriate mitigation strategies are implemented.
- Track and report on vendor-related privacy risks and remediation status.
- Privacy Incident Management
- Manage intake, tracking, and coordination of privacy incidents in accordance with established protocols.
- Evaluate incident details and escalate issues as appropriate, applying judgment to assess risk and impact.
- Identify trends in incidents and recommend process or control improvements.
- Coordinate cross-functional response efforts and ensure proper documentation and resolution.
What You Need to Have: - Bachelor's degree in Business, Legal Studies, Information Security, or related field.
- 6+ years of experience in privacy, compliance, risk, legal, or related field.
- Experience supporting or executing privacy programs, preferably in financial services or a regulated industry.
- Strong analytical and problem-solving skills, with the ability to interpret regulatory requirements and apply them in practice.
- Demonstrated ability to manage work independently and exercise sound judgment in decision-making.
What's Nice to Have: - Experience with privacy regulations such as GLBA, Regulation S-P, and state privacy laws (e.g., CCPA).
- Professional certifications (e.g., CIPP, CIPM, CIPT).
- Experience with privacy management tools (e.g., OneTrust).
- Experience in financial services is a plus.
- Strong communication skills with the ability to influence stakeholders across functions.
#LI-Hybrid
Please review our Workforce Privacy Policy for further details on what information we collect and the purposes for collection.
