AVP, US Privacy Officer
Duties: Develop strategic plans to ensure that long-term goals, vision, objectives, and overall direction of the Privacy Office support corporate long-term goals and objectives and determining resource requirements (i.e.; staffing, funding, equipment) based on business objectives or operational needs in conjunction with the Deputy Chief Compliance Officer. Operate as primary legal counsel on all privacy and information security issues, including contract negotiations, regulatory matters, and mergers and acquisitions activities. Guide, interface, and influence interactions and communications with senior-level leaders on the governance of the strategies of the Privacy Office. Work cross-functionally with legal and IT security to provide direction and guidance on Enterprise-wide projects. The scope of this position is expansive as it interfaces globally across the organization and with varying levels of leadership. Stay abreast of, and be accountable for, compliance with ever-changing privacy laws, regulations, and industry standards. Guiding and developing governance and processes to ensure compliance and mitigate risk. Develop and oversee the creation, implementation, and maintenance of privacy and information security policies and procedures at the business unit, consistent with the corporation’s compliance standards and aligned with the corporate strategy. Drive the privacy and information security policies, standards and guidelines to build sound practices into the corporate culture. Develop and monitor privacy program to document, track, investigate and respond to all inquiries and complaints regarding the business unit’s privacy policies and practices. Maintain privacy program to validate compliance with privacy and security laws, practices and procedures by: being informed and knowledgeable about all applicable state and federal laws and regulations and oversee the implementation of measures required for compliance. Continuous review of business unit practices, including encouraging the development and implementation of privacy best practices. Remain up-to-date on latest trends and best practices in the industry. Enforce privacy and security policies and procedures, including working with human resources to impose sanctions for failure to comply. Oversee the timely and cost-efficient distribution of privacy notices, as required by state and federal laws and regulations. Participate in the development and delivery of Assurant corporate and business unit privacy and security training and awareness programs for all workforce members, contractors, business associates, and other third parties when requested. Develop and implement business unit-specific training and awareness programs. Provide ongoing communications and participate in relevant events to increase employees’ awareness regarding privacy issues. Routinely conduct an assessment and/or collaborate with others to access key risk areas, internally and externally. Assessment should validate that the policies, procedures, and training have been effectively implemented and have resulted in operational compliance, through Development of appropriate criteria to determine level of privacy and security compliance. Development and maintenance of appropriate procedures, forms and sampling methodologies to appropriately evaluate the area’s standing on the criteria and determine compliance findings. Review of remediation efforts regarding privacy and security deficiencies, in coordination with appropriate departments and management. Oversee development and maintenance of the business unit’s incident response program, and function as an incident coordinator in situations in which the program must be implemented. Lead cross-functional project team responsible for executing incident response plan. Determine appropriate staffing levels based on workload. Hire and/or train staff as appropriate for their role. Develop goals and plans for the department, including work prioritization and performance goals; routine meetings to discuss work activities and goals, establishing career progression standards, and developing training programs. Provide employee development and feedback through annual performance reviews, audits of work, investigating all complaints concerning areas of responsibility and staff, and taking corrective or disciplinary action if necessary.
Qualification and Experience
Qualifications: College-level degree. JD and active standing in a Bar association. 8+ years experience in insurance, compliance, privacy, or legal. Prior experience developing & implementing a privacy program. Knowledge & application of laws & regulations affecting privacy & security such as GLB, HIPAA, COPPA, CAN-SPAM, PIPEDA, GDPR and other privacy principles. Demonstrated leadership skills. Demonstrated ability to influence C-suite leaders without direct authority.
One Chase Manhattan Plaza
New York City, NY 10005