Compliance Privacy Advisor, Principal Associate

Overview

Compliance Privacy Advisor, Principal Associate The Capital One Privacy Compliance team is seeking a Compliance Privacy Advisor, Principal Associate (PA) with a passion for mitigating privacy risk at a technologically focused financial institution. The PA will join our Privacy Compliance team and perform key privacy compliance activities to ensure compliance with state, federal, and international privacy laws and regulations.  

The PA performs a key risk management role to ensure the business complies with applicable federal, state, and international Privacy laws and regulations. The PA will apply risk, process management, and analytical skills to drive actions in support of privacy risk objectives in Compliance and the business. A successful PA is a highly motivated, forward thinking self-starter who can work autonomously, is quick to adapt, technologically adept, a problem solver, and an adaptive learner. 

Responsibilities

Closely follow emerging privacy trends across the country and internationally, including the development of new privacy laws

Maintain subject matter expertise of applicable privacy laws and regulations such as GDPR, UK DPA, FCRA, FACTA, TCPA, TSR, CAN-SPAM, GLBA, PIPEDA, FFIEC guidance, CCPA, and CA SB1

Provide guidance and effective challenge on privacy risks and support business lines through various interactions and forum engagements

Advise business lines on the application of privacy requirements, development of controls and monitoring, remediation/corrective action of compliance breakdowns, and changes in law and regulation

Support and, as necessary, participate in evaluation of business line initiatives and processes from a privacy risk perspective

Assist business lines in developing and maintaining the Compliance Management Program (i.e. how to monitor, report, and train)

Actively participate on complex projects by providing guidance, advice, and effective challenge

Actively engage with privacy compliance testing and third party compliance

Review privacy-related complaints generated from business lines and provide guidance on remediation; escalate and consult with subject matter experts, when necessary

Evaluate privacy issues and events for compliance impacts

Assist in capturing, maintaining, and analyzing compliance data, interpreting it to ensure consistency and adequate Compliance Risk Management 

Participate in reporting activities used by Senior Leadership

The ideal candidate will possess:

Clear results orientation and focus on achieving both short and long-term goals

A proven track record of supporting and working across teams

Ability to navigate “white space” or ambiguous situations to drive results

Solid teamwork skills; ability to build and leverage the capabilities of a high-performing team

Interpersonal, presentation, and communications skills (written and oral),

Strong judgment, influencing skills, integrity, and discretion in handling highly sensitive issues

Ability to effectively challenge first line of defense risk taking, risk assessments, and risk mitigation efforts

Successful track record of thriving in both a highly regulated industry and a fast paced, entrepreneurial, and dynamic environment

Strong project management or process management skills and strong organizational skills

Ability to balance operating independently with appropriate escalation to and interaction with senior leadership

Willingness to work as a team player and interact with associates across functions, departments, and job levels, both inside and outside Compliance

Understanding of key regulatory and audit requirements, including the three lines of defense risk management framework

Basic Qualifications

Bachelor’s degree or military experience

At least 3 years of compliance, risk management, legal, regulatory examiner or audit experience

At least 3 years of experience working with internal business customers

Preferred Qualifications

Master’s degree or Juris Doctor

4+ years of compliance, risk management, legal, regulatory examiner or audit experience

CIPP (Certified International Privacy Professional) certification, or CRCM (Certified Regulatory Compliance Manager) certification