Job Information
Bank of America Enterprise Privacy Compliance & Operational Risk Manager in New York, New York
Enterprise Privacy Compliance & Operational Risk Manager
Charlotte, North Carolina;New York, New York; Chicago, Illinois; Plano, Texas
Job Description:
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.
One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.
Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.
Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!
Job Description:
Enterprise Privacy is a global team of subject-matter experts responsible for Compliance & Operational Risk coverage of Data Privacy across the enterprise operating in a highly technical, fast-changing and dynamic environment. This job is responsible for the execution of the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy and the Compliance and Operational Risk Management (CORM) Program for data privacy risks. Key responsibilities include identifying, escalating, and mitigating risks in a timely manner, engaging with Front Line Units and Control Functions (FLU/CF) leaders globally, coordinating with the FLU/CF Compliance and Operational Risk Officer teams, executing the CORM Program and the Policies, identifying themes and trends, and conducting analysis for new and emerging risks. The successful candidate will deploy a combination of extensive data management and privacy risk expertise to support the Enterprise Privacy Office to deliver on business-critical strategic objectives.
Responsibilities:
Assesses risks, associated controls and their effectiveness, driving compliance with applicable laws, rules, and regulations and adhering to policies
Engages in activities to provide independent compliance and operational risk oversight of Front Line Unit or Control Function (FLU/CF) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively the Policies) and the Compliance and Operational Risk Management Program and Standard Operating Procedures
Identifies and escalates problems or issues that arise and drives actions to address the root causes that lead to compliance risk issues and/or operational risk losses, including opening new issues based on risk severity in the centralized issues tool
Manages inventory of processes, risks, controls, and associated metrics for risk appetite and limits, reporting violations of compliance or regulatory activities
Analyzes and interprets applicable laws, rules, and regulations to provide clear and practical advice to stakeholders, and identify and manage risks including monitoring the regulatory environment to identify regulatory changes applicable to area(s) of coverage and maintaining a comprehensive regulatory inventory, while supporting communication of regulatory changes to the FLU/CF and ensuring that policies, standards, procedures and/or processes are appropriately implemented or amended to address regulatory requirements
Identify and manage risks including monitoring the regulatory environment to identify regulatory changes applicable to area(s) of coverage and maintaining a comprehensive regulatory inventory, while supporting communication of regulatory changes to the FLU/CF and ensuring that policies, standards, procedures and/or processes are appropriately implemented or amended to address regulatory requirements
Responds to regulatory inquiries, other audits, and examinations and identifies regulatory training needs supporting the development of the training curriculum
Reviews and challenges FLU/CF process, risk, Single Process Inventory and FLU/CF Risk and Control Self-Assessment related to themes or trends, while monitoring the regulatory environment to identify regulatory changes applicable to area(s) of coverage
Skills:
Advisory
Regulatory Compliance
Reporting
Risk Management
Written Communications
Active Listening
Analytical Thinking
Interpret Relevant Laws, Rules, and Regulations
Negotiation
Policies, Procedures, and Guidelines Management
Adaptability
Business Process Analysis
Issue Management
Monitoring, Surveillance, and Testing
Desired Skills :
In depth knowledge of or certification in law, rule, regulation and/or Data Privacy
International Association of Privacy Professional (IAPP) accredited certification programs
Working knowledge of privacy risk identification, assessment, and management frameworks, including issue management and designing, and implementing privacy related controls.
Excellent written and verbal communication and presentation skills, able to create compelling arguments and influence across all levels of the organization.
Excellent relationship building skills to partner effectively across diverse, cross-functional teams in complex and rapidly changing environments.
Required Skills:
Bachelor’s Degree or equivalent experience
7 years minimum of business and functional experience in a Risk Management/Compliance/Audit role or a highly regulated domain.
Shift:
1st shift (United States of America)
Hours Per Week:
40
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the "EEO is the Law" poster, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) .
To view the "EEO is the Law" Supplement, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .
View the LA County Fair Chance Ordinance (https://dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30.2024.pdf) .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
To view Bank of America’s Drug-free Workplace and Alcohol Policy, CLICK HERE .
This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.