Director, Compliance (Data Privacy) Director, Compliance (Data Privacy) …

Silicon Valley Bank
in Santa Clara, CA, United States
Permanent, Full time
Be the first to apply
Silicon Valley Bank
in Santa Clara, CA, United States
Permanent, Full time
Be the first to apply
Director, Compliance (Data Privacy)
The Director of Data Privacy is responsible for providing comprehensive privacy oversight, advisory and risk management services to internal stakeholders across SVB Financial Group. This role represents the global oversight function (second line of defense) for the Privacy related regulations within Corporate Compliance. This individual is accountable for the design, implementation and maintenance of the Privacy Program, which defines required protections to the processing of personal information based on regulatory requirements.

This Privacy Program is comprised of privacy policies, program documents, guidance notes, Privacy Notices, Privacy Statements, procedures, evidence of adherence to privacy controls, etc. The Privacy Program addresses regulatory privacy requirements. The Director of Data Privacy is responsible for designing policy statements and frameworks to ensure compliance around the collection (and minimization), use, storage, accuracy and disposal of customer, employee and other personal information processed by SVB.

Primary Responsibilities
  • Development and maintenance of SVB's Privacy Program, which includes privacy policies, program documents, guidance notes, Privacy Notices, Privacy Statements, procedures, evidence of adherence to privacy controls, etc.
  • Responsible for updates to the Privacy Program to address changes in technology, business organization structure, IT infrastructure, applications, procedures, legal and regulatory requirements, evolving threats and vulnerabilities. Senior Management, Regulators, or the Board of Directors may recommend updates to this Program.
  • Ensure SVB addresses incidents involving Personal Data in compliance with legal and regulatory requirements for notification to regulators and/or impacted individuals
  • Responsible for the daily administration of the Company's privacy-related concerns and leadership of the SVB Data Privacy team
  • Collaborates with Business Units in a number of areas including, but not limited to, Incident Response, Cyber Security, Legal, Human Resources, and Vendor Management
  • Define policy expectations for where consent from individuals is required for processing of personal information, the method for obtaining consent (e.g. Opt-in, Opt-out, etc.) and management of consent
  • Development, maintenance and delivery of related communications and training
  • Establish and maintain policies to respond to valid data subject requests (access, deletion, correction, etc.) and privacy-related incident investigation and response activities across the bank
  • Responsible for privacy aspects of regulatory inquiries and examinations.
  • Reporting to management (including management of international entities) on privacy-related regulatory developments or instances of non-compliance
  • At minimum, on an annual basis, provide an attestation to the Chief Compliance Officer of the international offices and branches on the effectiveness of controls within the Director of Data Privacy's area of responsibility to ensure that applicable privacy regulatory requirements are being met, which is supported by verifiable information that is available upon request.
  • Development of content and approval of policies within the Privacy program.
  • Determination of when privacy incidents require notification to individuals, clients and/or regulators (decision taken with Legal and Data Protection Officer where appropriate)
  • Responsible for identification, risk rating and mitigation recommendations of privacy-related risks across projects globally

  • 10+ years of experience in the various privacy disciplines (e.g., Privacy program and policy, privacy law, information governance, incident response, information security, training and awareness, etc.)
  • Must have 5+ years of work experience in Privacy and/or Compliance-related risk management. Open to experience in other relevant fields (i.e., finance, business administration, information technology, etc.) as along as candidate can demonstrate relevancy to this Information Security based role.
  • Interpret relevant regulations and understand how to adapt to regulatory changes
  • A working knowledge of how to establish a privacy program including how to achieve business alignment, data governance, data subject inquiry and compliant handling processes
  • A knowledge of privacy frameworks and how to organize privacy policies and program activities (education, monitoring, data inventories, etc.)
  • Knowledge of regulatory requirements related to Privacy, including but not limited to GLBA, GDPR, CCPA, various state laws, FCRA, and FACTA, etc.
  • Effectively resolving conflicts in the workplace, either between oneself and colleagues or among other colleagues, without escalating the situation or creating long-term rifts in the working environment
  • Strong verbal and written communication skills including experience in Audit/Compliance/Regulatory discussions
  • B.A. or B.S. degree in Information Security, Computer Science or similar field or Bachelors Degree or J.D. or equivalent work experience in Privacy, Compliance, information security, audit or related field
  • One or more International Association of Privacy Professionals (IAPP) certifications such as CIPP/U, CIPP/EU and/or CIPM required
  • Legal or Operational background in the Financial Services industry preferred
  • Certification in governance and risk management (e.g. CRISC, CGEIT, etc.) preferred
  • Experience leading privacy program development and managing privacy-related controls and risk management
  • Experience leading teams required
  • Experience working with or on a team focused on Compliance
  • Demonstrated capacity to learn, intellectual honesty and independent thinking
  • Must be able to collaborate with domestic and international teams
  • Create and implement a strategic plan for the privacy program
  • Create general and targeted training related to information protection and privacy
  • Present to senior executives and the board about the status of privacy initiatives
  • Monitor local and global regulatory developments related to privacy
  • Develop and update internal policies related to privacy
  • Collaborate with new product development teams to integrate privacy into product design