Head of North America Privacy

Privacy Risk Program ManagerNorthern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.Global Privacy Risk has a structured and risk-based program designed to provide assurance to senior management, legal entity Boards and Risk Committees on compliance with their regulatory obligations.The successful candidate will play a key role in contributing to and delivering the Privacy Risk program of work across North America and Latin America jurisdictions as well as supporting the wider objectives of the Global Privacy Risk Practice by performing a range of activities, including:Act as the Privacy Subject Matter Expert across North America and Latin America jurisdictions and the Data Protection Officer in Canada, driving the implementation of the Northern Trust privacy risk strategies and initiatives across the respective jurisdictions/ legal entities.Support Data Privacy requirements across other legal entities/ jurisdictions as may be delegated by the Chief Privacy Officer.Be the "Trusted Adviser" embedding Privacy risk and compliance into day-to-day activities and keeping privacy risk management and compliance foremost in everything that we do.Liaise with Data Protection Regulators and Clients and present on Northern Trust's Privacy Risk Program as needed.Provide privacy risk advice Business Units and Corporate Functions, offering pro-active, competent and pragmatic advice, interpretation and clarification on regulatory issues and formal training to all levels of Northern Trust staff.Undertake Privacy risk monitoring and testing, advising management of potential compliance problems and recommending procedural changes.The key responsibilities of the role include:For assigned Business Units, provide risk challenge, advice and support on key developments during the year including regulatory engagement, business developments and emerging issues.Oversee the review, interpretation and dissemination of current and proposed laws and regulations for assigned Subject Matter Expert risk areas.Manage Programs/ Projects required to implement regulatory change as well as enhancements to the applicable control framework, as required.Collaborate and work closely with the Chief Privacy Officer, other Regional Heads of Privacy and the Global Privacy Operations Team and support others with less experience or knowledge of specific compliance topics to drive and sustain a culture of compliance.Represent Privacy Risk in Client Due Diligence reviews, ad hoc programs and other internal/external forums.Provide regulator reports on Data Privacy Risk to the respective legal entity Boards and Committees.Provide support to the Chief Privacy Officer on other Privacy risk reduction initiatives as directed.Develop creative ways for embedding Privacy risk into key operational processes, in a way that allows partners to clearly understand their compliance duties.Identify situations to strengthen the management of regulatory risk, including those outside of their assigned SME areas, and recommend plans to address these to the Chief Privacy Officer.Privacy Risk MonitoringWork closely with Global Privacy Operations to execute, monitor and assess the adequacy and effectiveness of the measures, controls and procedures put in place by business units to address NT's compliance with its regulatory obligations.Proactively identify control gaps, assess impact to privacy and identify and design solutions to strengthen the resilience and sustainable operation of controls.Produce timely, accurate, concise and high-quality reports.Privacy and Data Protection Subject Matter ExpertWork with Global Privacy partners to drive the implementation of Data Privacy Programs within the respective legal entities/ jurisdictions, as well as supporting wider regional / global initiatives by providing leadership and direction to promote a culture of data protection compliance.Provide technical guidance and support on privacy and data protection matters, including strong knowledge of the requirements of privacy laws at federal and state level (i.e., GLBA; CCPA/CPRA; PIPEDA) and other local data protection laws as applicable.Provide consultation during data privacy issues/incidents by challenging the norms and supporting a better control environment.Support the Chief Privacy Officer in delivering other elements of the Privacy Risk Program.The successful candidate will benefit from having:Highly motivated individual who wishes to develop their skills within a progressive risk and compliance role.10 or more years of risk management or compliance experience. Minimum 5 years of working privacy risk and compliance knowledge and expertise.In depth knowledge of North America privacy regulations, federal, state, and local laws and regulations, in particular the Gramm Leach Bliley Act and the California Consumer Privacy Act, acquired through formal education and work experience is required.Proven track record in developing and leading privacy risk and compliance strategies, policy and governance frameworks, data protection impact assessments, management of privacy events / incidents and implementation of controls to effectively manage privacy compliance risks.Risk and compliance monitoring experience and/or experience of providing risk and compliance advisory support to other business areas within a financial services environment.Proven ability to convey complex concepts in a clear and concise manner to diverse and senior audiences.Proven exceptional learning agility with a keen desire to support the learning of others.Strong written and oral communication skills.Influencing and conflict resolution skills.Proven ability to adapt to changing priorities, whilst maintaining focus on organization and team activities.Knowledge/Experience of Financial Services would be an advantage.Educated to University level risk or compliance qualification is desirable.Certifications in Data Privacy (e.g., CIPP/US), Risk or Compliance would be an advantage.