Full Job Description
Overview
Are you looking to take your career from good to great? As
an employee of PenFed, every day is an opportunity to thrive, and be
part of a team working to ensure our organization is providing world
class service to our members, employees, and our communities. We exist
to help our members realize their full potential, educate and
encourage their dreams, and make every effort to follow our mission
and help our members "do better." Joining PenFed is more than being an
employee; it's about being a part of the PenFed family.
PenFed is
hiring a (Hybrid) Privacy Director at our Tysons, Virginia location.
PenFed's Privacy program exists to identify, measure, and manage the
risks to consumers and the institution associated with collection,
use, sharing, transmission, retention, and disposal of personally
identifiable and confidential information. The primary purpose of this
job is to oversee all activities related to the organization's privacy
posture, including ensuring PenFed has and maintains appropriate
privacy policies, conducting privacy impact assessments, ensuring
organizational compliance with state and federal privacy laws through
advising operational areas and implementing monitoring mechanisms,
participating as required in investigation of privacy-related
incidents and breaches and recommending appropriate regulatory or
other reporting. This position interacts with InfoSec, Data
Governance, Marketing, Compliance and Legal partners as well as all
Business Units. This position will interact with the Board of
Directors and the executive team as a subject matter expert on privacy
law compliance.
The Privacy officer this officer also serves as the
POC for all enterprise education regarding privacy laws and
regulations, and will play an advisory role in relevant Steering
Groups or Committees whose work requires privacy considerations; the
incumbent serves as the initial adjudicator of member privacy
requests, assigning requests to appropriate
processes.
Responsibilities
Reasonable accommodation may be made
to enable individuals with disabilities to perform the essential
functions. This is not intended to be an all-inclusive list of job
duties and the position will perform other duties as assigned.
+
Serve as a primary source of knowledge on how member information
handling, both on-line and off-line, aligns with state and federal
privacy laws.
+ With regard to handling of member information: Set
standards for member notice; for member opt-in or opt-out choice
(Consent Management); for member ability to access, correct/update,
delete permissions or other personal information (Data subject
Rights); for standards of safeguarding of member information.
+
Work with Business Units and Data owners to ensure process mapping for
all privacy requests is current, complete, and being appropriately
applied across the Enterprise.
+ Establish a system of monitoring
compliance with privacy standards, and reporting identified issues to
executive and senior management.
+ Establish a system of assurance
of enterprise compliance with privacy standards.
+ Aggregate member
privacy opt-out choices into easily accessible and comprehensible
member communication.
+ Work closely with the Chief Information
Officer (CIO) to ensure the privacy program is suited to the company's
Information Systems strategies, promoting privacy by design, and
incorporating privacy considerations into the development of new
systems, processes and technologies.
+ Work closely with the Chief
Information Security Officer (CISO) to ensure the privacy program is
suited to the company's Information Security strategies.
+ Develop
and maintain incident response plans for addressing privacy incidents
and breaches in a timely and effective manner.
+ Work closely with
the Data Governance Council to ensure the privacy program is
incorporated into requirements of the enterprise's Data governance
program.
+ Work closely with the Chief Compliance Officer to ensure
the privacy program is suited to the company's risk appetite within
compliance, and to design an ability to monitor business unit
compliance with privacy regulations.
+ As requested, develop and
present privacy material for various committee and board meetings such
as the Enterprise Risk Management Committee, Financial Management Risk
Committee, monthly board meetings, and ad hoc meetings.
+ Maintain
current knowledge of federal, state and international laws and
regulations pertaining to privacy regulations and requirements.
+
Develop employee training on privacy matters, and communicate Privacy
policy requirements to employee population.
+ Perform and/or cause
to be performed Privacy impact assessments.
+ Serve on PenFed's
Data Governance Council.
+ Serve on PenFed's Artificial
Intelligence Steering Group.
+ Establish and maintain an
appropriate procedure for documenting, tracking, investigating and
responding to all complaints concerning the organization's privacy
policies and procedures.
+ Update privacy policies and procedures
in accordance with applicable laws and regulations, as well as
financial industry best practices.
+ Determine how PenFed shares
data on its privacy practices with its members and the general public,
both on-line and off-line.
+ Increase member trust in
organizational handling of private member information.
+ Serve as a
member of the management team and work with other management team
members to develop goals and strategies to meet corporate objectives
while maintaining adherence to relevant privacy requirements.
+
Work directly with any regulatory examiner to facilitate responses to
their requests for information and data related to PenFed's Privacy
Program.
+ Work with Third Party Risk Management (TPRM) on vetting
vendors for compliance with privacy and data security policies and
legal requirements.
*This role is responsible for ensuring business
continuity.*
Qualifications
Equivalent combination of education
and experience is considered.
+ At least 12 years work experience
with 5 years at the management/leader level.
+ 5+ years of
familiarity with privacy and/or data protection laws and practices,
with an understanding of US Federal and state-level privacy
laws.??
+ At least 7 years' experience advising on regulatory or
legal issues within a regulated financial institution.?
+ Proven
ability to influence effectively across various levels of
management.
+ Ability to work independently.
+ Ability to launch
new initiatives and proven track record of building upon and improving
a privacy program.
+ Strong interpersonal and organizational
skills.
+ Strong written and verbal communications skills.
+
Bachelor's Degree or equivalent required.
+ A postgraduate degree
in Law or relevant field (information security, privacy, compliance)
is highly desired and will be preferred.?
+ Certification in
privacy (CIPP and/or CIPM) or willingness to obtain
certification.?
Supervisory Responsibility
This position will
not supervise employees.
Licenses and
Certifications
Certification in privacy (CIPP and/or CIPM) or
willingness to obtain certification.?
Work Environment
While
performing the duties of this job, the employee is regularly exposed
to an indoor office setting with moderate noise.
*Most roles
require working in an office setting with moderate noise and the
ability to lift 25 pounds.*
Travel
Ability to travel to various
worksites and/or conferences may be required.
About
Us
Established in 1935, PenFed today is one of the country's
strongest and most stable financial institutions with over 2.9 million
members and over $31 billion in assets. We serve members in all 50
states and the District of Columbia, as well as in Guam and Puerto
Rico. We are federally insured by NCUA and we are an Equal Housing
Lender. We are available to members worldwide, via the web, seven days
a week, twenty-four hours a day. We provide our employees with a
lucrative benefits package including robust medical, dental and vision
plan options, plenty of paid time off, 401k with employer match,
on-site fitness facilities at our larger locations, and more. Equal
Employment OpportunityPenFed management will maintain and observe
personnel policies which will not discriminate or permit harassment or
retaliation against a person because of race, color, creed, age, sex,
gender, gender identity, gender expression, religion, national origin,
ancestry, marital status, military or veteran status or obligation,
the presence of a physical and/or mental disability or medical
condition, genetic information, sexual orientation, and all statuses
protected by applicable state or local law in all recruiting, hiring,
training, compensation, overtime, position classifications, work
assignments, facilities, promotions, transfers, employee treatment,
and in all other terms and conditions of employment. PenFed will also
prohibit retaliation against individuals for raising a complaint of
discrimination or harassment or participating in an investigation of
same. PenFed will also reasonably accommodate qualified individuals
with a disability so that they can apply for a job or perform the
essential functions of a job unless doing so causes a direct threat to
these individuals or others in the workplace and the threat cannot be
eliminated by reasonable accommodation or if the accommodation creates
an undue hardship to PenFed. Contact human resources (HR) with any
questions or requests for accommodation at 402-639-8568.
#LI-Hybrid