VP Privacy Product Manager-CDAO

The Chief Data and Analytics Office (CDAO) is responsible for building enterprise-scale, cutting-edge platforms for Data Management & Analytics and AI/ML Operations that are used firm-wide by the JPMC workforce.

As a Privacy Product Manager - Vice President, you will take the lead in understanding, formulating, and executing well-designed, user-friendly product features that implement privacy frameworks, policies, and procedures. Your role is crucial in ensuring the ethical, responsible, and compliant use of data and AI/ML technologies across the firm, embedding privacy by design and supporting compliance with global privacy regulations and JPMC's privacy standards.

You will be instrumental in integrating privacy and data protection technology into the company's structure, adhering to sustainable best practices in compliance with JPMC technology, operational risk, and relevant regulations. Collaborating with cross-functional teams-including the Firmwide CDO, data scientists, engineers, design, legal, compliance, and business units-you will spearhead privacy initiatives and ensure they align with regulatory requirements and industry best practices. Additionally, you will manage the delivery of risk and control issues, action plans, control processes, and preparations for audits and regulatory examinations.

Job Responsibilities

• Design and implement comprehensive privacy products that operationalize privacy frameworks, policies, and procedures to ensure the ethical and compliant use of data and AI/ML technologies across the organization.
• Ensure compliance with relevant privacy and data protection regulations (e.g., GDPR, CCPA), standards, and guidelines, as well as emerging global privacy laws.
• Identify, assess, and mitigate risks associated with data privacy, including data quality, protection, user consent, transparency, and accountability.
• Collaborate with cross-functional stakeholders (Firmwide CDO, data scientists, designers, engineers, legal, compliance, and business units) to integrate privacy-by-design principles into the AI/ML and data development lifecycle, and deliver firmwide control standards and procedures-including adherence to controls in technology and cyber risk domains (application security, vulnerability management, and data management).
• Establish monitoring and reporting mechanisms to track compliance with privacy policies and identify areas for improvement.
• Present product/program updates, risk management findings, and recommendations to senior leaders and stakeholders, ensuring transparency and accountability in privacy practices.
• Stay abreast of industry trends, regulatory changes, and emerging risks related to privacy and data protection to proactively address potential threats.

• 6+ years of experience in product management, privacy, data protection, technology governance, risk management, or compliance within regulated industries such as financial services.
• Bachelor's degree in Computer Science, Information Technology, Business Administration, or a related field.
• Strong understanding of privacy regulations (e.g., GDPR, CCPA), data governance, and technology risk/compliance principles.
• Proven experience in business analysis and driving operational change/system development with the ability to identify critical privacy requirements by understanding complex and interdependent processes.
• Familiarity with industry standards, frameworks, and regulations related to privacy and data protection.
• Strong critical thinking and problem-solving skills, with the ability to identify and mitigate privacy risks effectively.
• Excellent presentation and communication skills, with the ability to convey complex privacy and compliance information to senior leaders and stakeholders.
• Proven ability to collaborate effectively across cross-functional teams and build strong working relationships.

• Experience with privacy-enhancing technologies or public cloud platforms (e.g., AWS, GCP, Azure) is a plus.
• Advanced certifications in privacy (e.g., CIPP, CIPM), data governance, or related fields.
• Relevant certifications such as CISSP, CISA, CRISC, or certifications in privacy, data protection, and MLOps are highly desirable.