- Manage the day-to-day operations regarding incident identification and resolution, providing guidance on identifying and classifying sensitive FINRA data, and recommending procedures to safeguard FINRA information from potential loss.
- This responsibility includes interactions with staff at all levels, investigating facts surrounding incidents and breaches, documenting resolution of incidents or breaches, identifying and recommending mitigation activities, and communicating with managers, HR, Insider Risk, Technology, IA and other internal risk mitigation partners as appropriate.
- As directed by the Chief Privacy Officer & Associate General Counsel (CPO & AGC), amend, draft, and enhance FINRA’s corporate privacy and information security program to meet operational and legal requirements and communicate requirements to staff.
- Serve as management escalation point to address data privacy, risk issues raised by internal constituents including senior-level management. In addition, serve as primary contact for referrals from internal constituents on potential information breaches.
- Manage the development and implementation of department-level privacy guidelines that add specific procedures for staff to follow.
- Serve as project manager for FINRA’s Privacy Impact Assessment (PIA) initiatives to include creating and implementing processes for the assessment and mitigation of data handling risks by both vendor and in-house systems and applications.
- The PIA initiative requires the development and execution of detailed project plans, frequent communication and coordination with other internal stakeholders and interaction with technical teams to ensure satisfaction of all requirements for successful project completion.
- Serve as project manager for FINRA’s Data Mapping and Minimization project by collaborating with senior department leaders to assess and prioritize activities, developing and executing a detailed project plan, collaborating with internal stakeholders and briefing status to FINRA leadership. Develop and implement solutions to ensure data-mapping effort remains current and functional.
- Interact with all staff and management levels on risk identification and provide appropriate mitigation of matters.
- Escalate items to CPO & AGC as necessary, including trends that are affecting multiple business lines in FINRA and any legal implications.
- Prepare and deliver briefings/presentations to senior management, Information Managers, and Information Owners on developments affecting their departments or new procedures implemented to safeguard FINRA from exposure.
- Develop and implement metrics to measure effectiveness of program and departmental compliance.
- Serve as backup for the CPO & AGC, as needed.
- Other duties as assigned to ensure continued FINRA and staff compliance with evolving privacy and information security standards and policies.
EDUCATION & EXPERIENCE:
- Minimum of a bachelor’s degree or equivalent experience plus at least 8 years work experience with 5 years of experience in privacy, information security policy, information management or a directly related field.
- Extensive experience in data or information policy, preferably in financial services regulation, compliance or a non-profit environment.
- Expert understanding of privacy and data security policies and operations.
- Extensive experience in project management. Experience managing and conducting privacy impact assessments and/or data minimization efforts a plus.
- Strong interpersonal and leadership skills.
- Demonstrated communication, management, negotiation, decision-making and collaboration skills. CIPP/US or CIPM preferred.
Application Submission Information: