Data Privacy Senior Lead Analyst - SVP

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

The Data Privacy Sr. Lead Analyst will report to the Privacy Lead for Chief Operations Office and Technology Business Enablement. The role will entail additional Operational Execution Responsibilities:

• PIA & ROPA Management: Conduct and manage Privacy Impact Assessments (PIAs) and maintain Records of Processing Activities (ROPAs) for O&T.
• Privacy Notice/Consent Support: Help draft, renew, and update privacy notices and consents to comply with legal changes.
• Privacy Advisory: Advise businesses on privacy requirements, processes, and controls for initiatives, new products, and services, engaging legal/compliance as needed.
• Individual Rights Requests Coordination: Coordinate and execute responses to data subject requests. Support periodic reviews of privacy processes, validating changes.
• Audit Support: Support functions with data privacy reviews and audits, assisting in reviewing and responding to reviewer findings

The Data Privacy Sr Lead Analyst is responsible for providing governance and oversight, operational risk management and controls leadership across the respective business for all activities associated with Privacy.  This individual will have responsibility for ensuring compliance with the Citi Global Privacy Policy, identification and management of operational risks associated with Privacy and working across the business to ensure that effective controls and monitoring are in place to reduce risk. 

Responsibilities: 

• Complete the Privacy Impact Assessment (PIA) process and controls required for all initiatives, new products and services
• Assess, evaluate, and validate controls through processes and tools such as the MCA and KRIs as appropriate for data privacy risk
• Support the business in reviewing, maintaining, and enhancing Permanent Control Readiness
• Support product heads, function heads, COOs and In Business Risk teams on gap analysis and the implementation of global policy requirements and regional standards, as well as the assessment of the legal and regulatory requirements with Country Legal and Compliance as well as the development of local procedures as it relates to Data Privacy
• Support periodic reviews of the Business’s data privacy processes and control and validate changes as a result of such reviews
• Track and review deviations and risk acceptances when raised and at the time of renewal to assess the need for deviations and ascertain that the business has implemented and documented effective compensating controls
• Follow Escalation Policy and procedures to ensure effective escalation and socialization of material risk events and issues across businesses for any data privacy related items
• Escalate material risk events and issues appropriately; Assist business in creation of Issues/CAPs related to Data Privacy as needed (issues and CAPs owned by Product/Region business owner)
• Track issue and CAP status and progress for data privacy related items and proactively escalate as appropriate
• Support the Business and Functions on reviews and audits related to Data Privacy.  Support the business on reviewing and responding to findings by reviewers
• Work with Global In-Business Regulatory head on all reviews and audits to ensure appropriate preparation, pre-review assessments and post-review remediation
• Coordinate and support the Business in the implementation of global, regional and local Data Privacy, regulatory and risk and control projects
• Ensure high quality execution for Data Privacy programs for any Citi initiated programs, in coordination with Global Risk and Control and In Business Regulatory Engagement Head
• Perform training on risk and control concepts, processes, tools, and effective issue self-identification and testing.  Customize global and regional training programs to cater to product specific or local requirements and nuances

Qualifications:

• 10+ years of relevant experience
• Demonstrates Data Privacy, Data Privacy Operations, Information Security or Cyber related risk management experience or minimum two years in an Internal audit, Risk Management, or Control Management related role
• Working knowledge of Data Privacy Compliance laws, rules, regulations, risks, and appropriate controls.Additionally, familiarity with privacy related technology considerations such as cookies, mobile devices, biometric and geolocation data is desired
• Strong business analysis competency with historic success in shaping opportunities via conceptual thinking and abstract problem-solving capabilities
• Communicates effectively, develops and delivers multi-mode communications that convey a clear understanding of the unique needs of different audiences; able to drive consensus, and influence relationships at all levels
• Collaborates effectively by building partnerships and working well with others to meet shared objectives
• Strong negotiation, influencing and stakeholder management skills across a variety of stakeholders at different levels
• Optimizes work processes by balancing effective / efficient processes with a focus on continuous improvement. Demonstrates ability to balance between understanding the “big picture” while paying close attention to detail
• Up-to-date understanding of key data privacy risk and control concepts, tools and trends
• Proficient in the use of basic Microsoft applications (Word, Excel, PowerPoint)
• Organizational savvy; understands systems, management processes, knows where to go for information and how to interpret them
• IAPP Certification is a plus

------------------------------------------------------

Job Family Group:

Data Governance

------------------------------------------------------

Job Family:

Data Privacy

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Constructive Debate, Data Governance, Data Management, Internal Controls, Laws and Regulations, Management Reporting, Policy and Procedure, Program Management, Regulatory Management, Risk Controls and Monitors.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.