Data Privacy & Security Manager

The Data Privacy & Security Manager is responsible for assisting the CISO & Director of Security with designing, implementing, and overseeing enterprise-wide information security and privacy policies, strategies, and initiatives. This role ensures compliance with regulatory requirements, mitigates risks, and safeguards the confidentiality, integrity, and availability of customer and company data. 

• Lead and manage information security initiatives that safeguard privacy, confidentiality, and data integrity across the Bank.  

• Design, implement, and maintain information security and privacy policies and procedures. 

• Conduct annual reviews and updates of security manuals, policies, and incident response plans. 

• Oversee risk assessments for restricted information and ensure timely resolution of security violations. 

• Perform SOC, FDICIA, GLBA, FACTA RA, SWIFT CSP, and Fedline assessments. 

• Monitor compliance with FDIC, FFIEC, and other regulatory guidelines. 

• Review vendor management checklists and ensure adherence to AI-approved guidelines. 

• Monitor vendor risk scores and escalate significant changes. 

• Respond to phishing alerts and coordinate takedown efforts. 

• Monitor Google Alerts for data breaches and review DLP reports for data in transit and at rest. 

• Collaborate closely with the CISO & Head of Security, Compliance, and Marketing teams to coordinate timely notifications to customers and State and Federal regulators in accordance with legal and policy obligations. 

• Prepare reports and presentations for senior management and the Board. 

• Assist in developing and delivering employee training on privacy and information security. 

• Serve as a point of contact for regulatory agencies and internal auditors. 

Education/Experience: 

Requirements 

1. Bachelor’s degree in Information Security, Cybersecurity, Computer Science or Risk Management.  

1. 8+ years of experience working with data security, compliance, Information Technology, IT Audit, and in conducting regulatory research. 

1. Knowledge of laws and regulations affecting individual privacy, electronic security and/or information technology.   

1. Familiarity with FFIEC, FDIC, GLBA, FACTA, SWIFT CSP, Fedline requirements 

1. Broad range of technical knowledge about systems, networks, and telecommunications (SWIFT, CSP, Feldline, DLP).   

Combination of education and experience will be considered.   

Skills & Competencies 

1. Must be proficient in the use of personal computer(s) that utilize a variety of operating systems (e.g., Microsoft Windows XX, Macintosh, linux).   

1. Must have familiarity of, or the ability to gain a fundamental understanding of prevailing laws such as Federal Trade Commission's Red Flag Rules, Gramm-Leach-Bliley Act (GLBA), BSA, FFIEC.   

1. Ability to interpret SOC reports, FDICIA, and regulatory guidelines. 

1. Policy Development & Governance: Creating and maintaining security/privacy manuals. 

1. Strong project management and policy development skills. 

1. Must possess strong organizational, analytical, interpersonal, problem solving, written and verbal communication skills.   

1. Must be able to handle confidential and sensitive information.  Computer proficient in MS Software, (e.g. Excel, Word, and Outlook).  

Preferences 

• Experience working in the Banking industry.   

Licenses/Certifications (preferred) 

• CISSP (Certified Information Systems Security Professional)  

• CISM (Certified Information Security Manager)  

• CRISC (Certified in Risk and Information Systems Control)  

• CIPM or CIPP (Privacy certifications)  

• CompTIA Security+ or Certified Ethical Hacker (CEH) for technical depth.