Privacy Engineering Manager

Summary

Join Lumin Digital as the Manager, Privacy Engineering, leading teams in building and enhancing data privacy processes and technologies within cloud environments. You will manage and improve the company's data privacy programs to ensure compliance. Collaborate with cross-functional teams to design and monitor risk treatments, maintain system inventories, and provide comprehensive reporting. Serve as a subject matter expert, advising leadership and maintaining compliance with evolving standards. This role involves reviewing privacy frameworks, supporting audits, designing program metrics, and producing reports. You will also manage privacy-related vendors and provide training to staff.

Requirements

• Bachelor’s Degree in Management Information Systems, Information Assurance, or related field; or equivalent self-study in compliance or audit with demonstrated command of key concepts and technologies and proficiencies in technology risk treatment and monitoring, data privacy, or other technical privacy risk management domains is required
• Seven (7) years of experience in a risk management or data privacy program management-related role is required
• Experience interpreting and mapping data privacy standards and requirements documents into formal control statements with associated auditable tests required
• Experience supporting organizational and program audits through scoping engagements, designing and refining control statements, and collaborating with auditors to obtain and provide evidence as requested required
• Experience building presentations and reports to management on the performance, effectiveness, and risks of an enterprise program required
• Experience working with data inventory discovery, mapping, and management tools and diagramming visualization tools required
• Foundational technical knowledge of data privacy management tools, techniques, and procedures
• Familiarity with consumer financial technology service provider ecosystem, including how personal information is collected, processed, stored, and shared with third-party providers in digital banking, loan origination, KYC, fraud prevention, and other intermediaries
• Familiarity with prevalent data privacy standards and best practices, including the NIST Privacy Framework, ISO 27701/27018, and SOC 2 trust services criteria
• Familiarity with rules and regulations relevant to financial services and global technology service providers, including the FFIEC IT Examination Handbook, GLBA Privacy Rule, GDPR EU-US DPF, and COPPA and their implementation requirements and challenges
• Ability to work independently as part of a distributed team to meet deadlines related to internal projects and external audit calendars with minimal supervision
• Calm and serious attitude, technical aptitude, appropriate sense of urgency, and strong communication and interpersonal skills
• Ability to drive data privacy outcomes with a consumer-first, not a compliance-first approach
• Curiosity and a strong drive to fully understand and keep apprised of privacy risk management issues and trends

Responsibilities

• Review privacy frameworks, standards, and guidelines as well as regulatory, industry, and business compliance requirements as decided by the company’s Data Privacy Officer(DPO) to identify, plan, design, and enhance risk treatments in conjunction with risk, legal, and security team members
• Maintain accurate inventories of the company’s systems and controls in a GRC platform and complete weekly reviews to monitor and report on the effectiveness and maturity of risk management and data privacy programs
• Support internal and external auditors in reviewing the suitability of design and operating effectiveness of data privacy program controls by serving as the primary point of contact for ERM for audit planning, execution, and reporting
• Design and implement risk and privacy program metrics that accurately reflect program performance and enable data-driven decision-making
• Produce executive and operational reporting on the performance of the privacy program, including conformance to privacy frameworks, data privacy standards, and industry best practices
• Serve as the vendor owner for privacy-related vendors, including maintaining due diligence documentation, completing ongoing oversight tasks, and monitoring performance to ensure alignment with program requirements and expectations
• Provide sprint, project, and architectural guidance to the privacy engineering team
• Produce and deliver job-specific education and training to staff on emerging privacy threats and privacy-enhancing technologies
• Collaborate with risk analysts, product managers, and legal representatives to establish and critically monitor risk treatment plans relevant to consumer privacy and data protection risks
• Evaluate developments in the industry, advise the Chief Risk Officer and DPO on upcoming changes, and analyze gaps to maintain compliance as requirements evolve
• Present an overview of the data privacy program to prospective clients remotely
• Support responses to data subject access requests (DSARs) by coordinating responses across departments as required
• Complete and update internal program documentation, including client due diligence repositories, responses to industry questionnaires, and responses to individual client privacy program questions received through RFPs and requested as part of clients’ ongoing due diligence of Lumin Digital
• Perform other duties as assigned

Preferred Qualifications

Relevant industry certifications such as the CIPP/US, CIPM, and/or CDPSE preferred

Benefits

• $200,000 - $225,000 a year
• Minimal, generally 12 days or less per year, ~2X team get-togethers a year