Vice President - Data Privacy & Cyber Security Compliance
- Manhattan, NY, USA
- Permanent, Full time
- Barclays - US
- 12 Nov 18
The Data Privacy & Cyber Security is a second line of defence which is independent and separate from the first line functions performed by the shapes the manner in which Barclays identifies and reports on Data Privacy and Cyber Security risk.
Purpose of role
Reporting locally into the Head of Compliance Barclaycard US, based in Wilmington Delaware, and functionally into the Vice President BI Data Privacy, the successful candidate will primarily provide coverage for Data Privacy and Cyber Security (supporting both Corporate and Investment Banking, Barclays Bank Delaware and Functions) in the America's region. The candidate is expected to be well versed in Barclays' Businesses, cross-Jurisdictional regulation and compliance obligations to the various financial services regulators in their countries of operation, with an emphasis on the Americas Data Privacy and Cyber Security regulatory regime. This role is regularly engaged with and advises stakeholders involved in Data Privacy and Cyber Security (e.g. Chief Security Office, Cyber and Information Security, Internal Records Management, Sourcing, Legal, Audit, Marketing, HR, IT).
- Primary point of contact for queries arising from BI Business and Functional/Infrastructure teams relating to Data Privacy and Cyber Security Compliance matters and policies.
- Guide and advise the Businesses in line with relevant Barclays-wide policies and standards related to Data Privacy, and Cyber Security in accordance with the strategy and governance framework.
- Ensure that Data Privacy and Cyber Security requirements are communicated across the region and/or Businesses as appropriate
- Ensure that the Businesses are advised of changes to Data Privacy and Cyber Security related law/regulations and work with the Businesses to implement any operational changes. As necessary, collaborate with Legal to support these discussions and approach to address.
- Ensure that the Data Privacy and Cyber Security activities performed in the Americas region are consistent with a second line of defence role and responsibility and in accordance with Compliance goals.
- Ensure that Data Privacy and Cyber Security Compliance-related incidents, breaches, and risk events are properly reported and recorded, including escalation to senior management.
- Provide input into or measure, as appropriate, conformance, assurance, and reviews from the perspective of Data Privacy, Cyber Security and Functions Compliance within the Businesses, such as verification checks or monitoring reviews.
- Review and challenge annual reports/attestations relating to Data Privacy and Cyber Security by the Business and/or Compliance or other infrastructure functions
- Ensure Data Privacy and Cyber Security requirements are considered in new product approval, technology, and off-shoring processes.
- Manage and co-ordinate the handling of Data Privacy and Cyber Security related issues. Advise on compliance with personal data transfer requirements, and provide input into the governance of personal data transfers generally
- Fulfil governance and reporting requirements internally within Compliance, as well and check/challenge Business reporting, in relation to Data Privacy and Cyber Security key risks and risk appetite.
- Update training information and ensures that there are appropriate Data Privacy and Cyber Security training and awareness programmes in place in the Americas for Compliance; review Business training documents for completeness.
- Work closely with the other members of the Data Privacy and Cyber Security functions in order to develop a centralised, best-in-class second line function.
- As necessary, collaborate with the Businesses in developing Business standards and procedures.
Essential Skills/Basic Qualifications
- A Senior VP experience working in the Data Privacy and Cyber Security function of an international financial services corporation having a clear understanding of the data transfer process and compliance with regional and global data privacy obligations.
- Ability to operate in a fast moving business environment and make decisions bearing in mind business objectives and commercial requirements.
- Strong technical and regulatory knowledge in the areas of Data Privacy and Cyber Security.
- Experience in outsourcing and technology governance (activities, processes, controls and risk management) of an international corporation is a plus.
- Experience with handling and information control and management of data breach or technology related incidences is also an advantage.
- Ability to handle senior stakeholders, regulators and lead the Data Privacy and Cyber Security Compliance function for the region while demonstrating a strong commercial and control mindset.
- Clear understanding of the relevant data privacy obligations and requirements in relation to complying with marketing privacy (in all forms), surveillance, online privacy issues, issues that arise in the context of suppliers and third parties, and HR privacy issues.
- Experience with privacy impact assessments and privacy risk and control assessments.
- Understanding of Data Privacy and Cyber Security related issues that arise in relation to the use of enterprise-wide technology ( e.g. outsourcing, technology).
- Experience with conformance testing, reviews and assurance.
Desirable skills/Preferred Qualifications
- Desirable skills/Preferred Qualifications
- Certifications in one or more of the following disciplines: data privacy, legal, compliance information risk or information technology would be useful.
- An information technology qualification would also be helpful.
- Professional Privacy Certification from the International Association of Privacy Professionals (e.g. CIPP US/E/G) or equivalent is preferred.