The VP – Privacy & Compliance is responsible for the development and execution of CIT’s privacy program and coordinating with business functions to meet these obligations. A successful candidate will be knowledgeable on a range of Privacy topics and skilled at driving execution with cross-functional business teams.
The VP, Privacy & Compliance position is responsible for the following:
- Understanding the applicable data and privacy laws and regulations that apply to the Company and advising on those requirements;
- Promoting awareness of, and compliance with, privacy requirements, and working cross-functionally with the first line of defense to implement privacy policies and to ensure that the appropriate privacy protections are in place;
- Overseeing the adequacy of privacy controls within consumer-facing business lines;
- Supporting the development of the required notices and disclosures and working with the business teams to ensure that they are distributed as required by law;
- Working with the marketing teams to ensure customer marketing choices are presented and applied in appropriate channels;
- Assisting the consumer businesses in the development of effective privacy procedures and conducting periodic reviews of the procedures when necessary;
- Supporting the development and completion of inherent risk questionnaires and control guidance in support of the Company’s annual risk assessment process;
- Coordinating and working with the consumer businesses to complete Privacy Impact Assessments, where necessary;
- Supporting triage efforts when unencrypted personally identifiable information is compromised and make any determinations on breach notification with the Law Department; and
- Supporting the development of the framework and content of the Company’ Privacy Program training.
Required Knowledge, Skills & Abilities:
- Demonstrated leadership, collaboration, teamwork and problem-solving skills which have resulted in exceeding goals and targets;
- Demonstrated skills in verbal communication and listening;
- Excellent writing skills;
- A high level of integrity and trust; and
- Extensive familiarity with regulations related to the financial services industry, including the protection of customer information.
Education & Experience:
- At least 5 years' experience in the privacy profession with an in-depth knowledge of privacy and data security laws, including, but not limited to, the Gramm-Leach-Bliley Act, California Consumer Privacy Act, Health Insurance Portability and Accountability Act, the Children’s Online Privacy Protection Act and CAN-SPAM;
- Law degree and/or graduate degree in general business, public policy, data sciences, or regulatory compliance;
- Must have the technical knowledge of how and why information is collected, stored, and used by the company. This includes knowledge of IT systems, data flows, and other relevant technical skills;
- Must be able to successfully navigate between functions such as Audit, Compliance, Legal and IT; and
- CIPP certification preferred.
Interested applicants should apply at: