Manager, Privacy Engineering

The Manager, Privacy Engineering will lead teams that build and extend data privacy-preserving and enhancing processes and technologies in our cloud environments and will manage and enhance the company’s data privacy programs to ensure compliance with privacy frameworks, standards, and regulatory requirements. In collaboration with cross-functional teams, this role will design and monitor risk treatments, maintain system and control inventories, and provide comprehensive reporting on program performance. Additionally, this position is expected to be a subject matter expert, keeping up on industry developments to advise leadership and maintain compliance with evolving standards.

Essential Functions and Responsibilities:

Review privacy frameworks, standards, and guidelines as well as regulatory, industry, and business compliance requirements as decided by the company’s Data Privacy Officer(DPO) to identify, plan, design, and enhance risk treatments in conjunction with risk, legal, and security team members

Maintain accurate inventories of the company’s systems and controls in a GRC platform and complete weekly reviews to monitor and report on the effectiveness and maturity of risk management and data privacy programs

Support internal and external auditors in reviewing the suitability of design and operating effectiveness of data privacy program controls by serving as the primary point of contact for ERM for audit planning, execution, and reporting

Design and implement risk and privacy program metrics that accurately reflect program performance and enable data-driven decision-making

Produce executive and operational reporting on the performance of the privacy program, including conformance to privacy frameworks, data privacy standards, and industry best practices

Serve as the vendor owner for privacy-related vendors, including maintaining due diligence documentation, completing ongoing oversight tasks, and monitoring performance to ensure alignment with program requirements and expectations

Provide sprint, project, and architectural guidance to the privacy engineering team

Produce and deliver job-specific education and training to staff on emerging privacy threats and privacy-enhancing technologies

Collaborate with risk analysts, product managers, and legal representatives to establish and critically monitor risk treatment plans relevant to consumer privacy and data protection risks

Evaluate developments in the industry, advise the Chief Risk Officer and DPO on upcoming changes, and analyze gaps to maintain compliance as requirements evolve

Present an overview of the data privacy program to prospective clients remotely

Support responses to data subject access requests (DSARs) by coordinating responses across departments as required

Complete and update internal program documentation, including client due diligence repositories, responses to industry questionnaires, and responses to individual client privacy program questions received through RFPs and requested as part of clients’ ongoing due diligence of Lumin Digital

Perform other duties as assigned.

Position Specifications

Education: 

Bachelor’s Degree in Management Information Systems, Information Assurance, or related field; or equivalent self-study in compliance or audit with demonstrated command of key concepts and technologies and proficiencies in technology risk treatment and monitoring, data privacy, or other technical privacy risk management domains is required.

Relevant industry certifications such as the CIPP/US, CIPM, and/or CDPSE preferred

Experience:

Seven (7) years of experience in a risk management or data privacy program management-related role is required

Experience interpreting and mapping data privacy standards and requirements documents into formal control statements with associated auditable tests required

Experience supporting organizational and program audits through scoping engagements, designing and refining control statements, and collaborating with auditors to obtain and provide evidence as requested required

Experience building presentations and reports to management on the performance, effectiveness, and risks of an enterprise program required

Experience working with data inventory discovery, mapping, and management tools and diagramming visualization tools required

Knowledge, Skills, & Abilities:

Foundational technical knowledge of data privacy management tools, techniques, and procedures

Familiarity with consumer financial technology service provider ecosystem, including how personal information is collected, processed, stored, and shared with third-party providers in digital banking, loan origination, KYC, fraud prevention, and other intermediaries

Familiarity with prevalent data privacy standards and best practices, including the NIST Privacy Framework, ISO 27701/27018, and SOC 2 trust services criteria

Familiarity with rules and regulations relevant to financial services and global technology service providers, including the FFIEC IT Examination Handbook, GLBA Privacy Rule, GDPR EU-US DPF, and COPPA and their implementation requirements and challenges

Ability to work independently as part of a distributed team to meet deadlines related to internal projects and external audit calendars with minimal supervision

Calm and serious attitude, technical aptitude, appropriate sense of urgency, and strong communication and interpersonal skills

Ability to drive data privacy outcomes with a consumer-first, not a compliance-first approach

Curiosity and a strong drive to fully understand and keep apprised of privacy risk management issues and trends

Travel: 

Minimal, generally 12 days or less per year, ~2X team get-togethers a year

LIFE AT LUMIN DIGITAL

Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.

At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.

All qualified applicants, including those with arrest or conviction records, will be considered for employment. Any conditional offer will include a notice regarding the review of the candidate’s criminal history as part of the hiring process.

For more information, visit lumindigital.com.