Data Privacy & Security Manager

The Data Privacy & Security Manager supports the CISO and Security leadership in strengthening the Bank’s information security and privacy program. This role helps develop and maintain security and privacy policies, monitors regulatory requirements (e.g., FFIEC/FDIC/GLBA/FACTA), leads risk and vendor assessments, and supports incident response and customer/regulator notifications when needed. This role must have strong regulatory knowledge, hands-on risk assessment experience, and the ability to communicate clearly with business partners, auditors, and regulators.

• Drive and maintain privacy and information security policies, standards, and annual manual reviews.
• Lead vendor security due diligence, risk scoring, and ongoing monitoring (including AI/vendor risk considerations).
• Perform and coordinate key regulatory/security assessments (e.g., SWIFT CSP, Fedline, GLBA/FDICIA/FACTA reviews).
• Oversee risk assessments for restricted information and ensure timely resolution of security violations.
• Collaborate closely with the CISO & Head of Security, Compliance, IT, and Marketing on incident response, breach notification, and regulatory communications, State and Federal regulators in accordance with legal and policy obligations.
• Prepare clear reporting and presentations for Management and the Board.
• Assist in developing and delivering employee training on privacy and information security.
• Serve as a point of contact for regulatory agencies and internal auditors.

Education/Experience:

Requirements

1. Bachelor’s degree in Information Security, Accounting, Cybersecurity, Computer Science or Risk Management related.
2. 5+ years of experience working with data security, compliance, Information Technology, IT Audit, and in conducting regulatory research.
3. Knowledge of laws and regulations affecting individual privacy, electronic security and/or information technology.
4. Familiarity with FFIEC, FDIC, GLBA, FACTA, SWIFT CSP, Fedline requirements
5. Broad range of technical knowledge about systems, networks, and telecommunications (SWIFT, CSP, Feldline, DLP).

Combination of education and experience will be considered. 

Skills & Competencies

1. Must be proficient in the use of personal computer(s) that utilize a variety of operating systems (e.g., Microsoft Windows XX, Macintosh, linux).
2. Must have familiarity of, or the ability to gain a fundamental understanding of prevailing laws such as Federal Trade Commission's Red Flag Rules, Gramm-Leach-Bliley Act (GLBA), BSA, FFIEC.
3. Ability to interpret SOC reports, FDICIA, and regulatory guidelines.
4. Policy Development & Governance: Creating and maintaining security/privacy manuals.
5. Strong project management and policy development skills.
6. Must possess strong organizational, analytical, interpersonal, problem solving, written and verbal communication skills.
7. Must be able to handle confidential and sensitive information. Computer proficient in MS Software, (e.g. Excel, Word, and Outlook).

Preferences

• Experience working in the Banking industry and auditors.

Licenses/Certifications

• CISM (Certified Information Security Manager), Highly preferred
• CISA (Certified Information Systems Auditor), Highly preferred
• CISSP (Certified Information Systems Security Professional), Preferred
• CIPM or CIPP (Privacy certifications), Preferred
• CRISC (Certified in Risk and Information Systems Control), Preferred
• CompTIA Security+ or Certified Ethical Hacker (CEH) for technical depth, Preferred