EMEA Director Privacy and Data Protection.
Job Location: MetLife Europe location
Department:
Compliance Risk Management (CRM) delivers a compliance risk framework that enables the businesses and functions to comply with applicable internal and external rules and regulations and maintain risk levels within MetLife’s risk appetite. CRM provides constructive challenge to the businesses and functions, partnering closely with them to implement strong processes and effective controls, as well as to foster and embed a culture of compliance.
Within CRM, the Privacy Compliance Group (PCG) is a central oversight team responsible for the design, maintenance, and oversight of the Global Privacy and Data Protection Policy and Standard including Global Privacy Program for MetLife.
Role Value Proposition:
This position reports directly to the EMEA Head of Privacy. Supporting the EMEA Head of Privacy, you will be responsible for promoting a data protection culture across the business and managing the day-to-day operations of PCG, interpreting, implementing, and updating global compliance policies, with a specific focus on EMEA region country privacy laws. In addition, this position will be responsible for devising and implementing strategies to further the ongoing maturity of MetLife’s global and EMEA region privacy compliance program; conducting and communicating risk assessments; personal data incident management; and leading privacy training initiatives.
Key Responsibilities:
1. Active day-to-day involvement in execution and implementation of the PCG operating model for the EMEA countries, including handling privacy incidents, meeting local notification requirements, production and review of regional privacy metrics, monitoring of regulatory developments, and developing and delivering training.
2. Deputise and discharge duties of the EU Data Protection Officer.
3. Lead technology and change projects on the integration of new or updated privacy and data protection requirements.
4. Manage privacy risk assessments including being the point of escalation using OneTrust system of record.
5. Maintain cross-functional working groups to coordinate privacy efforts, including current projects and regulatory awareness.
6. Partner with corporate functions, business units, and Regional/Country Compliance Officers to ensure effective awareness and engagement on privacy risk.
7. Advise and support Country Compliance Officers on compliance with relevant privacy laws, regulations, and policies.
8. Work closely with peers in CRM to ensure consistent processes and approaches are followed.
9. Stay abreast of changes in the regional regulatory environment and analyze the business impact of privacy-related regulatory changes.
10. Support EMEA Privacy Head in reviewing and updating existing global privacy policies in line with regulatory requirements.
11. Develop and lead initiatives to advance the effectiveness of the regional Privacy Program.
12. Develop and execute annual training plans on privacy regulations and risks.
13. Report and oversee metrics to measure regional privacy risk.
14. In partnership with Information Security, co-own the regional privacy incident management response plan.
15. Advise on compliance policy interpretation and resolve significant breaches and violations.
16. Work collaboratively with other control functions for effective oversight of vendors with access to personal information.
17. Participate in privacy and data protection issues and regional strategic initiatives.
18. Oversee execution of all elements of the PCG Privacy Program.
Candidate Qualifications, Essential Business Experience, Competencies, and Technical Skills:
1. 8+ years of risk management or compliance experience in a relevant business, including relevant privacy experience.
2. Excellent ability to manage privacy risk assessments.
3. In-depth knowledge and proven expertise in analyzing and applying privacy laws and regulations.
4. Information Security knowledge on firewalls, patching, encryption, and secure sharing of personal data.
5. Excellent knowledge of supply chain risk and privacy risks related to vendor management.
6. Experience handling data breaches and mobilizing in response to incidents.
7. Strong relationship-building skills with other functional leads.
8. Ability to lead CRM in strengthening the privacy risk management program.
9. Excellent interpersonal and communication skills.
Preferred qualifications:
* Experience maintaining Privacy compliance programs for a multi-national organization.
* Practitioners Certificate in Data Protection/CIPP or equivalent certification.
* Recognized Compliance Certification or Qualification.
Travel
Must be flexible to travel internationally.
Number of Openings
1
#J-18808-Ljbffr