Manager, Privacy Engineering

The Manager, Privacy Engineering will lead teams that build and extend data privacy-preserving and enhancing processes and technologies in our cloud environments and will manage and enhance the company’s data privacy programs to ensure compliance with privacy frameworks, standards, and regulatory requirements. In collaboration with cross-functional teams, this role will design and monitor risk treatments, maintain system and control inventories, and provide comprehensive reporting on program performance. Additionally, this position is expected to be a subject matter expert, keeping up on industry developments to advise leadership and maintain compliance with evolving standards. Essential Functions and Responsibilities Review privacy frameworks, standards, and guidelines as well as regulatory, industry, and business compliance requirements as decided by the company’s Data Privacy Officer (DPO) to identify, plan, design, and enhance risk treatments in conjunction with risk, legal, and security team members. Maintain accurate inventories of the company’s systems and controls in a GRC platform and complete weekly reviews to monitor and report on the effectiveness and maturity of risk management and data privacy programs. Support internal and external auditors in reviewing the suitability of design and operating effectiveness of data privacy program controls by serving as the primary point of contact for ERM for audit planning, execution, and reporting. Design and implement risk and privacy program metrics that accurately reflect program performance and enable data-driven decision-making. Produce executive and operational reporting on the performance of the privacy program, including conformance to privacy frameworks, data privacy standards, and industry best practices. Serve as the vendor owner for privacy-related vendors, including maintaining due diligence documentation, completing ongoing oversight tasks, and monitoring performance to ensure alignment with program requirements and expectations. Provide sprint, project, and architectural guidance to the privacy engineering team. Produce and deliver job-specific education and training to staff on emerging privacy threats and privacy-enhancing technologies. Collaborate with risk analysts, product managers, and legal representatives to establish and critically monitor risk treatment plans relevant to consumer privacy and data protection risks. Evaluate developments in the industry, advise the Chief Risk Officer and DPO on upcoming changes, and analyze gaps to maintain compliance as requirements evolve. Present an overview of the data privacy program to prospective clients remotely. Support responses to data subject access requests (DSARs) by coordinating responses across departments as required. Complete and update internal program documentation, including client due diligence repositories, responses to industry questionnaires, and responses to individual client privacy program questions received through RFPs and requested as part of clients ongoing due diligence of Lumin Digital. Perform other duties as assigned. Supervisory Responsibility Set clear expectations, offer direction, and ensure alignment with organizational goals while fostering a supportive environment that encourages collaboration, accountability, and growth. Coach, mentor, and provide training opportunities to build team members’ skills, promote internal growth, and prepare staff for future roles and responsibilities. Manage hiring, onboarding, performance evaluations, promotions, compensation, and terminations, ensuring fair, consistent, and compliant application of policies and procedures. Assess team performance regularly, address gaps, and ensure duties are completed efficiently and effectively in alignment with department and organizational objectives. Position Specifications Education Bachelor’s Degree in Management Information Systems, Information Assurance, or related field; or equivalent self-study in compliance or audit with demonstrated command of key concepts and technologies and proficiencies in technology risk treatment and monitoring, data privacy, or other technical privacy risk management domains is required. Relevant industry certifications such as the CIPP/US, CIPM, and/or CDPSE preferred. Experience Seven (7) years of experience in a risk management or data privacy program management-related role is required. Experience interpreting and mapping data privacy standards and requirements documents into formal control statements with associated auditable tests required. Experience supporting organizational and program audits through scoping engagements, designing and refining control statements, and collaborating with auditors to obtain and provide evidence as requested required. Experience building presentations and reports to management on the performance, effectiveness, and risks of an enterprise program required. Experience working with data inventory discovery, mapping, and management tools and diagramming visualization tools required. Knowledge, Skills, & Abilities Foundational technical knowledge of data privacy management tools, techniques, and procedures. Familiarity with consumer financial technology service provider ecosystem, including how personal information is collected, processed, stored, and shared with third-party providers in digital banking, loan origination, KYC, fraud prevention, and other intermediaries. Familiarity with prevalent data privacy standards and best practices, including the NIST Privacy Framework, ISO 27701/27018, and SOC 2 trust services criteria. Familiarity with rules and regulations relevant to financial services and global technology service providers, including the FFIEC IT Examination Handbook, GLBA Privacy Rule, GDPR EU-US DPF, and COPPA and their implementation requirements and challenges. Ability to work independently as part of a distributed team to meet deadlines related to internal projects and external audit calendars with minimal supervision. Calm and serious attitude, technical aptitude, appropriate sense of urgency, and strong communication and interpersonal skills. Ability to drive data privacy outcomes with a consumer-first, not a compliance-first approach. Curiosity and a strong drive to fully understand and keep apprised of privacy risk management issues and trends. Travel Minimal, generally 12 days or less per year, ~2X team get-togethers a year. $200,000 - $225,000 a year LIFE AT LUMIN DIGITAL Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users. At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things. Lumin Digital is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender identity, or any other legally protected basis, in accordance with applicable law. For more information, visit lumindigital.com. #J-18808-Ljbffr