The Privacy Compliance Manager leads the Privacy Compliance team within Compliance Risk Management. The Manager is responsible for assisting the Director of Governance, Assurance, and Privacy in overseeing compliance risk mitigation and discouraging actions that may expose KeyCorp and its subsidiaries to regulatory, compliance, or reputational risks in excess of Key’s risk tolerance. This position will be responsible for managing Key’s compliance approach with all privacy related statutes and regulations, including, but not limited to GLBA, HIPAA, Regulation P, FCRA, FACT Act, TCPA, CAN-SPAM, and state data protection requirements. This position will have oversight of compliance risk programs and policies including providing highly specialized guidance and oversight on current and emerging regulatory privacy compliance risks. This position will be responsible for evaluating privacy risks and mitigation measures during the development and launch of new products and services. This position is responsible for the ongoing development and implementation of the privacy program within the various lines of business and coordinating with other groups within Key (1st, 2nd, and 3rd Line of Defense). The qualified candidate must be able to work independently and use sound judgment, taking into consideration risk tolerances of the assigned LOBs and Key’s overall risk appetite. This position will be responsible for leading a team of direct reports.
ESSENTIAL JOB FUNCTIONS
- Lead a team of compliance risk professionals who are responsible for managing Key’s compliance approach with all privacy related statutes and regulations.
- Responsible for setting the strategic direction for privacy compliance across Key.
- Responsible for staffing and developing processes to fully implement the privacy compliance program into Compliance Risk Management.
- Provide strong leadership, mentoring, and guidance to subordinates, peers and other members of the team as well as other members of Risk Management.
- Analyze and provide feedback around privacy-related risks associated with the offering of new and/or enhanced products, services, processes, business initiatives, and outsourced third party activities.
- Respond to internal and external audits, exams, and requests for information.
- Develop and maintain positive working relationships with internal clients, staff, peers, and LOB senior management.
- Maintain relationships with industry peers and regulatory bodies.
- Identify, respond and/or escalate privacy-related risks as appropriate
- Assist in the development of policies, standards, procedures and guidelines to align with corporate risk appetites, tolerances and policies.
- Conduct review and challenge activities and escalate as warranted.
- Support or direct project teams in the ongoing development and implementation of strategic plans and objectives, and regulatory changes.
- Support other risk disciplines in privacy-related risk identification, mitigation, and reporting.
- Exemplify understanding of and implement the three-lines-of-defense model.
- Perform other duties as required.
- Bachelor’s degree or comparable education required; Juris Doctorate, CRCM, or CIPP, a plus.
- Minimum of 5-10 years of relevant industry experience; management experience preferred.
- Extensive knowledge of the privacy related statutes and regulations, including, but not limited to GLBA, HIPAA, Regulation P, FCRA, FACT Act, TCPA, CAN-SPAM, and state data protection requirements
- In-depth practical knowledge of internal controls, risk assessments, compliance processes, and applicable techniques for the implementation of regulatory and legal requirements.
- Strong relationship management and leadership skills, including the ability to work in a team environment and positively accept and lead through change.
- Proven track record of integrity, strong ethics, and sound decision-making skills, including the ability to make decisions independently and quickly.
- Ability to effectively communicate to lines of business and senior management, both in writing and verbally.
- Strong attention to detail coupled with strong problem-solving and analytical skills.
- Proven ability to have, maintain, and establish strong contacts within the industry to be aware of current industry issues and practice.
- Proven ability to think proactively and drive results through people.
- Strong project management and/or continuous improvement skill.
KeyCorp's roots trace back 190 years to Albany, New York. Headquartered in Cleveland, Ohio, Key is one of the nation's largest bank-based financial services companies, with assets of approximately $134.5 billion at March 31, 2017. Key provides deposit, lending, cash management, insurance, and investment services to individuals and businesses in 15 states under the name KeyBank National Association through a network of more than 1,200 branches and more than 1,500 ATMs. Key also provides a broad range of sophisticated corporate and investment banking products, such as merger and acquisition advice, public and private debt and equity, syndications, and derivatives to middle market companies in selected industries throughout the United States under the KeyBanc Capital Markets trade name. KeyBank is Member FDIC.
ABOUT THE BUSINESS:
Key Enterprise Risk Management provides leadership on risk management strategies and initiatives for credit, market, compliance and operational risk, as well as portfolio management, quantitative analytics and asset recovery activities.
KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to engaging a diverse workforce and sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.