Citi is looking to ensure compliance with its Global Privacy Policy, identify and manage operational risks associated with Privacy, and implement effective controls and monitoring to reduce risk across the business.
Requirements
Demonstrates Data Privacy, Data Privacy Operations, Information Security or Cyber related risk management or minimum two years in an Internal Audit, Risk Management, or Control Management related role
Working knowledge of Data Privacy Compliance laws, rules, regulations, risks, and appropriate controls.
familiarity with privacy related technology considerations such as cookies, mobile devices, biometrics and geolocation data is desired
Risk-based thinking and analytical mindset
Up-to-date understanding of key Data Privacy risk and control concepts, tools and trends
Proficient in the use of basic Microsoft applications (Word, Excel, PowerPoint)
Proficiency in data extraction and manipulation using SQL Python or similar tools
Responsibilities
Complete the Privacy Impact Assessment (PIA) process and controls required for all initiatives, new products and services
Assess, evaluate, and validate controls through processes and tools such as the MCA and KRIs as appropriate for data privacy risk
Support the product heads, function heads, COOs and In Business Risk team on gap analysis and the implementation of global policy requirements and regional standards, and on the assessment of the legal and regulatory requirements with Country Legal and Compliance as well as the development of local procedures as related to data privacy
Support periodic reviews of the Business’s data privacy processes and control and validate changes as a result of such reviews
Track and review deviations and risk acceptances when raised and at the time of renewal to assess the need for deviations and ascertain that the business has implemented and documented effective compensating controls
Follow Escalation Policy and procedures to ensure effective escalation and socialization of material risk events and issues across businesses for any Data Privacy related items
Assist business in creation of Issues/CAPs related to Data Privacy as needed (issues and CAPs owned by Product/Region business owner). Track and escalate as necessary
Other
5-8 years of relevant experience
Strong project management skills
Optimizes work processes by knowing the most effective and efficient processes to get things done, with a focus on continuous improvement
Ability to anticipate and balance the needs of multiple stakeholders, while monitoring tight deadlines or unexpected requirement changes
