Global Chief Privacy Officer & SSBI Data Protection Officer, Managing Director

Who we are looking for

With immediate effect we are looking for a Global Chief Privacy Officer & SSBI Data Protection Officer, Managing Director. This role will report to Global Chief Compliance Officer and SSBI Chief Administrative Officer. This role can be performed in a hybrid model, where you can balance work from home and office. We are open to hire in Munich or Frankfurt, Germany; Krakow, Poland, London, UK; Boston or New Jersey, US.

Why this role is important to us

The team you will be joining plays an important role in the overall success of the organization. Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. To make that happen we need teams like yours to help navigate employees and the organization as a whole. In your role you will strive for cutting-edge solutions, that are straightforward and scalable. You will help us build resilience and execute day to day deliverables at our best.

• As a member of the Senior Compliance Leadership Team, provide compliance technical advice and consulting as a subject matter expert on data protection standards and strategically developing, enforcing and leading the global privacy compliance program;
• Fulfill the role of the data protection officer of State Street Bank International GmbH (SSBI), a German credit institution with branches across Europe, in line with the requirements of Global Data Protection Regulation and local data protection laws in the countries where SSBI is operating;
• Continue to improve and build upon a strong global privacy compliance program that keeps pace with applicable global regulations as well as local regulations applicable to SSBI, including oversight for testing and reporting of applicable law, regulatory guidance, and internal policy requirements;
• Ensure effective execution of privacy and data protection requirements, maintenance and adherence to related policies and procedures, commensurate with the level of privacy risk;
• Work collaboratively with the Chief Data Office, Chief Information Security Officer and other internal stakeholders across governance forums, strategic projects and engagements to drive the execution of the global privacy compliance program;
• Assist the business and corporate functions with the design and execution of internal controls to address privacy and data protection business requirements and mitigate privacy risks;
• Execute an effective global regulatory change management program by keeping pace with changes in regulation and working with business partners to identify and assess the impact of privacy regulatory changes to the firm, business, technology operations, processes or operating procedures;
• Direct incident response for privacy breaches in coordination with internal partners who oversee mitigation strategies and regulatory communications;
• Assist with preparing for or leading privacy related regulatory examinations, internal audits and internal testing requirements;
• Work with business and corporate partners to ensure that privacy incidents are reported timely and accurately and assist in determining necessary client notifications, as appropriate;
• Ensure that controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raise awareness about them;
• Give advice and recommendations to the organization about the interpretation or application of the data protection rules;
• Create a register of processing operations within the organization and notify the appropriate data protection authority about those that present specific risks via prior consultation;
• Ensure data protection compliance within her organization and help the latter to be accountable in this respect;
• Handle queries or complaints on request by the organization, the controller, other person(s), or on her own initiative;
• Cooperate with and act as the contact point for the data protection authorities (responding to requests about investigations, complaint handling, and inspections, etc.);
• Draw the organization's attention to any failure to comply with the applicable data protection rule;

• Lead a team of privacy professionals in conducting privacy impact assessments in collaboration with business, product, engineering and legal teams to design and implement process improvements to ensure risk mitigation activities are effective;

• Proactively manage privacy risk through managing governance forums, performing risk assessments, directing monitoring and testing efforts, and implementing related training programs;

• Ensure privacy practices align with regulatory and compliance standards by identifying potential areas of vulnerability and developing and executing risk mitigation action plans;
• Champion privacy awareness across the firm by leading Privacy Awareness campaigns, training and educational programs to help ensure privacy considerations and embedded in business processes.

• Ability to manage multiple simultaneous tasks in a high pressure, deadline-driven environment;
• Strong abilities in analytical thinking, problem solving, research, time management, and verbal and written communication;
• Qualified to collaborate with individuals across business lines and corporate functions;
• Ability to take ownership and initiative, to negotiate, influence and build consensus and successfully navigate within a demanding and international environment of a leading global financial institution;
• Embrace the appropriate stature, authority, and accountability to execute an operating model that adheres to an enterprise wide program;
• Ability to work well with a geographically dispersed group of privacy and risk management professionals;
• Self-motivated and the ability to work with a high degree of independence.

• Certified Information Privacy Professional or Certified Information Privacy Manager Accreditation
• Undergraduate college degree required, JD or MBA degrees preferred
• Minimum of 10 years of experience working in an internal control, compliance, investigation or data function
• Comprehensive knowledge of European data protection regulations and their application, including technical and organizational measures and procedures
• Expert understanding of processes and information flows of business and corporate functions that manage customer and employee data as well as other confidential information
• Proven experience in preparing and presenting high-quality presentations to senior stakeholders, including the Board of Directors
• Capable of leading global teams and producing high quality and/or final work product and solutions under strict regulatory or management deadlines
• Strong problem solving skill and comfortable making logical decisions when faced with ambiguous requirements
• Strong written and verbal communication skills - ability to communicate technically with stakeholders
• Written and verbal communication skills in both English and German