Manager, Information Governance and Privacy
The Manager, Information Governance and Privacy, will work under the Leader of the Information Governance (IG) and Privacy programs within the Governance Risk Compliance Department, including three global functions: Information Management, Privacy Compliance, and Information Governance Risk Management. The Manager is responsible for continuing to operate and further develop the global programs with strategic direction and advice from the Leader, implementing the compliance requirements, identifying and remediating risks, and managing programs on behalf of the global organization. Accountabilities:
- Oversee, manage and continue to enhance the risk-based IG and Privacy programs for CME Group, providing assurances that information is managed in compliance with relevant US and non-US regulations (e.g., CFTC, SEC, GDPR, FRCP, and FSA requirements), corporate policies and procedures (e.g. CME Group Records & Information Management Policy, Retention Schedule, Confidentiality and Data Protection Policy), and industry best practices to enhance efficiencies, reduce costs, and manage risks relating to information management. The programs include strategies for:
- Storage, maintenance, and retrieval of active, inactive and permanent Records onsite and offsite
- Record of Processing Activities and Data Privacy Assessments
- Destruction of Records eligible for destruction
- Data Classification
- Protection (including physical, privacy, etc.) of essential information and preservation of historically valuable records
- Along with the Leader, the Manager will play a critical role in providing advice and guidance to the Google transformation program focusing on the entire lifecycle management involved in moving our data from the CME to the Google environment(s) and managing it, assisting with demonstrating that our data continues to meet records retention requirements, and that we incorporate and achieve privacy requirements for the management of CME data at Google.
- Gain a comprehensive understanding of risk management issues associated with IG and develop procedures to mitigate or accept risk within agreed-upon tolerances for the identified issues, gaps, and weaknesses in the program in connection with CMEâ€™s Enterprise Risk Management (ERM) and Third-Party Risk Management (TPRM) programs.
- Partner with Architecture and Product Management to facilitate development of solutions to improve controls and meet strategic goals with respect to IG design requirements, including sunsetting of equipment and the data stored in alternative and unmanaged solutions (e.g., databases, laptops, scanners, etc.).
- Manage and oversee compliance with the Companyâ€™s Records Retention Schedule, Records Retention & Information Management Policy, Confidentiality and Data Protection Policy, and related policies and procedures in accordance with applicable regulation and current best practices.
- Partner with the Leader to advise on IG and Privacy requirements for discrete efforts/projects involving the creation, storage, use, transmission, or destruction of information for integration consideration.
- Provide education and awareness to the organization or specific groups of individuals on their roles and responsibilities for managing company records and information.
- Analyze and evaluate information management throughout the Company relating to both hard copy and electronic data (â€Recordsâ€), including the management of off-site inventories for all locations.
- Partner with business units, including international affiliates, to gather data classification, privacy records retention, discovery, and disposition information to meet legal and regulatory requirements.â€¯
- Identify issues, gaps, and weaknesses in the programs. Recommend action plans/solutions to address identified gaps and weaknesses, partnering with business partners to implement the recommendations in establishing governance and management across electronic environments to introduce controls which enforce company policies (e.g. data classification, retention, legal hold, etc.)
- Monitor regulatory environments with legal and continually review standards and guidelines to assist in the companyâ€™s ability to demonstrate compliance (e.g., recordkeeping, information management, information security, information preservation, data destruction, retention schedule, standard access, data privacy) through updating policies in accordance with those requirements.
- Advocate for the importance of and compliance with Records and Information Management and Privacy at all levels within the organization.
- Six (6)+ years of experience in operating and/or establishing records management and privacy programs in a legal, consulting or industry environment. This includes writing policies and procedures, evaluating automated records management and privacy compliant systems; developing and conducting training on records management and privacy; analyzing current program and systems.
- BS or BA in Business, Library/Information Science, Cybersecurity & Data Privacy, Compliance & Risk Management or related field, or related experience and/or training.
- Prior records management and privacy experience in a law firm, company, or other legal environment, including involvement and with familiarity with Document Management solutions and database management.
- Experience with all aspects of records managementâ€¯and privacy in relation to the Software Development Life Cycle (SDLC).
- Financial markets experience; strong knowledge of trade lifecycle; familiarity with recordkeeping and privacy regulations.
- Previous experience leading and managing teams, direct and indicate reporting staff.
- Ability to multi-task and manage tight and conflicting priorities to meet expected deadlines.
- Superior leadership, communication, management, and interpersonal skills.
- Ability to develop cooperative relationships and influence direction.
CME Group: Where Futures Are Made
CME Group (www.cmegroup.com) is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. With 2,500 employees located around the world, we're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.