Operational Risk Officer - Privacy

Company: Citi
Location: Garland
Posted on: January 19, 2023

Job Description:

The US Personal Banking (USPB), In-Business Privacy Officer is responsible for providing governance and oversight, operational risk management and controls leadership across the USPB Businesses for all activities associated with Privacy. This candidate will perform governance and oversight ownership and have responsibility for Privacy covering all privacy related capabilities and requirements including compliance with the Citi Global Privacy Policy, identification and management of operational risks associated with Privacy and working across the business to ensure that effective controls and monitoring are in place to reduce risk. This position will report to the PBWM USPB In Business Privacy Offer Lead and will support the lead to ensure that the USPB is compliant with the Global Privacy Policy, Standards, and Procedures and the applicable laws rules, and regulatory requirements. Key responsibilities include: Risk Identification, Analysis, and Management

• Lead the Privacy Impact Assessment (PIA) process and controls required for all initiatives, new products and services
• Work with Global In-Business Risk Head to identify, quantity, prioritize, and report key data privacy risks and vulnerabilities within the Business
• Provide data privacy specialist risk and control advice and guidance to the product heads and functions
• Assess, evaluate, and validate controls through processes and tools such as the MCA and KRIs as appropriate for data privacy risk
• Support the business in reviewing, maintaining, and enhancing Permanent Control Readiness Standard and Procedures Coordination
  • Support the product heads, function heads, COOs and In Business Risk team on gap analysis and the implementation of global policy requirements and regional standards, and on the assessment of the legal and regulatory requirements with Country Legal and Compliance as well as the development of local procedures as relate to data privacy.
  • Coordinate periodic reviews of the Business's data privacy processes and control and validate changes as a result of such reviews.
  • Track and review deviations and risk acceptances when raised and at the time of renewal to assess the need for deviations and ascertain that the business have implemented and documented effective compensating controls. Issue Escalation
    • Follow Escalation Policy and procedures to ensure effective escalation and socialization of material risk events and issues across businesses for any data privacy related items.
    • Escalate material risk events and issues appropriately Issue Management and Corrective Action Plan (CAP) Management, Coordination and Escalation
      • Assist business in creation of Issues/CAPs related to data privacy as needed (issues and CAPs owned by Product/Region business owner)
      • Track issue and CAP status and progress for data privacy related items and proactively escalate as appropriate.
      • Validate completed data privacy CAPs in the tracking system prior to validation by other control and assessment functions such as Internal Audit and ORM. Audits, Franchise Reviews and Regulatory Examination Management
        • Support the Business and Functions on reviews and audits on data privacy. Support the business on reviewing and responding to findings issues by reviewers.
        • Work with Global In-Business Regulatory head on all reviews and audits to ensure appropriate preparation, pre-review assessments and post-review remediation. Risk and Control Project Management
          • Coordinate and support the Business in the implementation of global, regional and local data privacy regulatory, risk and control projects.
          • Ensure high quality execution for data privacy programs for any Citi initiated programs, in coordination with Global In-Business Risk Head and In Business Regulatory Risk Head. Training and Awareness
            • Perform training on risk and control concepts, processes, tools, and on effective issue self-identification and testing. Customize global and regional training programs to cater for product specific or local requirements and nuances.
            • Create Permanent Control Readiness awareness based upon remit Skills and Experience Minimum five years in the Financial Services IndustryDemonstrated Data Privacy, Information Security or Cyber related risk management experience in a financial services environment or Minimum two years in an Internal audit, Risk Management, or Control Management related role.Working knowledge of Data Privacy Compliance laws, rules, regulations, risks, and appropriate controls. Additionally, familiarity with privacy related technology considerations such as cookies, mobile devices and biometric, geolocation data is desired.Privacy Certification is preferred but not required.Risk-based thinking and analytical mindset.Ability to lead and drive controls across the products and functions irrespective of reporting lines.Ability to develop, execute and monitor initiative plans.Ability to manage through influenceAbility to build rapport and work closely with stakeholders and partners within and outside the businessUp-to-date understanding of key data privacy risk and control concepts, tools and trendsExcellent communication skills (written and verbal)Self-starter who can work independentlyAbility to work on virtual projects and across virtual teams to get work doneAbility to multi-task and manage concurrent projects and deliverablesProficient in the use of basic Microsoft applications (Word, Excel, PowerPoint)Knowledge of PBWM business and products preferred - Job Family Group: Risk Management - Job Family:Operational Risk Time Type: Full time Primary Location: Jacksonville Florida United States Primary Location Salary Range: $96,570.00 - $144,850.00 Citi is an equal opportunity and affirmative action employer.Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .View the " EEO is the Law " poster. View the EEO is the Law Supplement .View the EEO Policy Statement .View the Pay Transparency Posting - Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.

Keywords: Citi, Garland , Operational Risk Officer - Privacy, Other , Garland, Texas