The qualified candidate will assist in the development, implementation, management and administration of client Privacy and Data Protection Compliance Program (the Program). The Program covers all aspects of customer data protection and confidentiality. The candidate will provide leadership, training, and management over the Privacy Compliance Program. They will collaborate with professionals in the Legal Department, People Services Human Resources Department, Information Technology, Global Security Department, and other business units to verify that client Privacy Compliance Program is complete and addresses all aspects of privacy risk to the Firm or any of the Firms Introducing Firms.
The candidate will also provide information and recommendations relating to emerging privacy and data protection issues. Specifically, the associates duties include, but are not limited to the following:
?Provide guidance and assistance in the identification, implementation, and maintenance of client privacy and data protection program, and policies and procedures in coordination with the Business Teams, Compliance Department, Legal Department, and Information Security;
?Work with the business units to maintain and improve a Corporate-wide Privacy Compliance Program that complies with the Regulation S-P provisions of the GLBA, state and federal privacy laws, and the BNYM Information Security Policies and Procedures;
?Perform initial and periodic privacy risk assessments and track remediation;
?Perform Data Leakage Prevention (DLP) incident management, escalation, research, communication, documentation and applicable remediation efforts, as required. Build and maintain a DLP strategy that aligns with emerging threats;
?Develop, coordinate and implement Privacy training for all client associates, as well as training materials that can add value to our clients and their investors. Provide various communication channels to foster privacy and data protection awareness globally (briefing sessions, privacy forums, Webex, privacy committee or working group, etc.);
?Develop a Privacy Impact Assessment process that can be implemented.
?Participate in division and corporate working groups and initiatives relating to privacy and data protection matters;
?Conduct a review of specific policies and procedures and enhance supervisory procedures to address changing business and regulatory environments, if such guidance is requested;
?Assist business units with understanding applicable US and/or international laws and regulations as it relates to Privacy;
?Provide leadership in the planning, design, and execution of privacy- and data-protection-related projects;
?Responsible for data privacy incident management investigations and reporting to and working with all applicable clients and law enforcement agencies;
?Participate in the annual strategic review of the Pershing Privacy Compliance program.
?Serve as a resource and provide guidance to the business units regarding data privacy and data security matters; and
In addition to responsibilities related to client Privacy and Data Protection Program, the candidate will have functions related to client Identity Theft Prevention Program which will include, but are not limited to:
?Managing, escalating, documenting, and resolving identity theft incidents;
?Supporting firm-wide and enterprise-wide identity theft initiatives;
?Assisting business units and IBDs with identity theft related matters, managing identity theft training;
?Alerting appropriate business units of identity theft matters that may have an impact the firm or its customers.
?Managing the annual review of the Red Flags / ID Theft program.
EDUCATION, EXPERIENCE, SKILLS DESIRED (MUST BE JOB RELATED):
?7-10 years previous experience in data protection/security, privacy, technology, compliance, and/or technology risk.
?Strong leader, as well as team player, self-starter who can identify initiatives that will add value to the firm.
?Technical and strategic experience with a Data Loss Prevention system desired.
?Excellent critical thinking skills, investigation and incident handling experience a plus.
?Superior decision-making skills, moral/ethical standards, coordination, multi-tasking, detail orientation, and organization skills.
?Strong communication skills (verbal and written).
?Strong knowledge of Microsoft applications (e.g. Word, Excel, PowerPoint, Access)
?Bachelors degree in business, and/or technology. Law degree a plus. IAPP Certification, CISSP or similar appreciated.