Enterprise Privacy Compliance & Operational Risk Manager

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Job Description:
Enterprise Privacy is a global team of subject-matter experts responsible for Compliance & Operational Risk coverage of Data Privacy across the enterprise operating in a highly technical, fast-changing and dynamic environment. This job is responsible for the execution of the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy and the Compliance and Operational Risk Management (CORM) Program for data privacy risks. Key responsibilities include identifying, escalating, and mitigating risks in a timely manner, engaging with Front Line Units and Control Functions (FLU/CF) leaders globally, coordinating with the FLU/CF Compliance and Operational Risk Officer teams, executing the CORM Program and the Policies, identifying themes and trends, and conducting analysis for new and emerging risks. The successful candidate will deploy a combination of extensive data management and privacy risk expertise to support the Enterprise Privacy Office to deliver on business-critical strategic objectives.

Responsibilities:

• Assesses risks, associated controls and their effectiveness, driving compliance with applicable laws, rules, and regulations and adhering to policies

• Engages in activities to provide independent compliance and operational risk oversight of Front Line Unit or Control Function (FLU/CF) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively the Policies) and the Compliance and Operational Risk Management Program and Standard Operating Procedures

• Identifies and escalates problems or issues that arise and drives actions to address the root causes that lead to compliance risk issues and/or operational risk losses, including opening new issues based on risk severity in the centralized issues tool

• Manages inventory of processes, risks, controls, and associated metrics for risk appetite and limits, reporting violations of compliance or regulatory activities

• Analyzes and interprets applicable laws, rules, and regulations to provide clear and practical advice to stakeholders, and identify and manage risks including monitoring the regulatory environment to identify regulatory changes applicable to area(s) of coverage and maintaining a comprehensive regulatory inventory, while supporting communication of regulatory changes to the FLU/CF and ensuring that policies, standards, procedures and/or processes are appropriately implemented or amended to address regulatory requirements

• Identify and manage risks including monitoring the regulatory environment to identify regulatory changes applicable to area(s) of coverage and maintaining a comprehensive regulatory inventory, while supporting communication of regulatory changes to the FLU/CF and ensuring that policies, standards, procedures and/or processes are appropriately implemented or amended to address regulatory requirements 

• Responds to regulatory inquiries, other audits, and examinations and identifies regulatory training needs supporting the development of the training curriculum

• Reviews and challenges FLU/CF process, risk, Single Process Inventory and FLU/CF Risk and Control Self-Assessment related to themes or trends, while monitoring the regulatory environment to identify regulatory changes applicable to area(s) of coverage

Skills:

• Advisory

• Regulatory Compliance

• Reporting

• Risk Management

• Written Communications

• Active Listening

• Analytical Thinking

• Interpret Relevant Laws, Rules, and Regulations

• Negotiation

• Policies, Procedures, and Guidelines Management

• Adaptability

• Business Process Analysis

• Issue Management

• Monitoring, Surveillance, and Testing

Desired Skills:

• In depth knowledge of or certification in law, rule, regulation and/or Data Privacy

• International Association of Privacy Professional (IAPP) accredited certification programs

• Working knowledge of privacy risk identification, assessment, and management frameworks, including issue management and designing, and implementing privacy related controls.

• Excellent written and verbal communication and presentation skills, able to create compelling arguments and influence across all levels of the organization.

• Excellent relationship building skills to partner effectively across diverse, cross-functional teams in complex and rapidly changing environments.

Required Skills: 

• Bachelor’s Degree or equivalent experience 

• 7 years minimum of business and functional experience in a Risk Management/Compliance/Audit role or a highly regulated domain.

Shift:

Hours Per Week: