Director, Compliance - Deputy Privacy Officer
Role details
Job location
Tech stack
Job description
This position will report to the Vice President, Privacy Officer and Fair & Responsible Banking Officer. The Director, Privacy Compliance, operates in a deputy privacy officer capacity, supporting all aspects of the Privacy Program and requires the Director to not only fulfill oversight of the program but perform detailed daily tasks to monitor the health of the program. The Privacy Director will lead enterprise privacy risk management across products, marketing/ad-tech, operations, and third parties. This role designs and executes the privacy program; oversees compliance with evolving state consumer privacy laws; ensures adherence to federal financial privacy obligations (e.g., GLBA/Reg P, FCRA); and orchestrates privacy incident response in partnership with Corporate Security and Legal. The Director will establish policy, perform risk assessments, advise on business initiatives (including digital marketing technologies), and deliver reporting to senior leadership and governance committees.
What You'll Do
Ad-Tech Governance & Marketing Privacy
- Set enterprise standards for cookies, pixels, SDKs, tag managers, advertising IDs, consent banners, and cross-site tracking; implement controls to limit profiling/targeting of minors and sensitive categories.
- Evaluate ad-tech stacks (e.g., CDP/DMP, clean rooms, measurement partners) for lawful bases, consent preferences (opt-in/opt-out), and data minimization; drive vendor due diligence and contractual controls (DPA, SCCs/appropriate safeguards).
- Partner with Marketing, Digital, Data, and Engineering to design consent management, accurate preference signaling, and compliant audience creation/activation; lead periodic audits of trackers and SDKs.
State and Federal Privacy Law Compliance
- Build and maintain a multi-state compliance program covering consumer rights (access, deletion, correction, portability), opt-out rights (sale/share/targeted advertising), and risk assessments (DPIAs) as applicable.
- Monitor legislative changes; translate new requirements into policies, standards, and implementation roadmaps for business teams.
- Own program controls for GLBA/Reg P, Interagency Security Guidelines, and FCRA touchpoints (e.g., permissible purpose, adverse action data handling); align notices with model form requirements and internal policy governance.
- Partner with Product, Servicing, and Vendor Management to ensure appropriate use and sharing of NPI/PII, including affiliate sharing boundaries and marketing limits.
Policy, Training, Testing & Monitoring
- Develop and maintain privacy policies, procedures, and standards; implement training and awareness programs tailored to various business teams.
- Design testing/monitoring plans and dashboards; prepare metrics for executives and governance committees (e.g., DSAR SLAs, opt-out rates, ad-tech audit findings, incident trends).
Risk & Advisory for Products and Change Management
- Embed privacy by design in product lifecycle (requirements, design reviews); provide business requirements for projects that involve consumer data.
- Conduct DPIAs/PIAs and vendor assessments; advise on data retention, minimization, and de-identification.
Requirements
Minimum: Indicate minimum education, skills and experience required.
- 7+ years of privacy experience in financial services, with hands-on GLBA/Reg P program responsibility and demonstrated familiarity with FCRA.
- Deep expertise in ad-tech privacy (cookies/pixels/SDKs, consent frameworks, audience targeting, clean rooms) and practical implementation of consent and opt-out controls.
- Proven leadership of privacy incident response, including cross-functional coordination with SOC and Legal, regulatory notifications, and customer communications.
- Strong working knowledge of U.S. state privacy laws (e.g., CCPA/CPRA and other comprehensive state laws) and experience operationalizing consumer rights.
- Ability to translate law/regulation into technical and process requirements; experience guiding engineering and marketing teams through compliant implementations.
- Excellent communication, stakeholder management, and governance reporting skills; experience preparing materials for senior leadership/committees.
Preferred education, skills, and experience.
- Experience with privacy tooling (consent management platforms, DSAR orchestration, tag governance, data mapping/records of processing).
- Background in financial-sector controls (FFIEC/Interagency security guidelines) and privacy testing/monitoring programs.
- Industry certifications (e.g., CIPP/US, CIPM, CIPT) and familiarity with advertising standards and trust frameworks.
The Americans with Disabilities Act
The Americans with Disabilities Act of 1990 (ADA) prohibits discrimination by employers, in compensation and employment opportunities, against qualified individuals with disabilities who, with or without reasonable accommodation, can perform the "essential functions" of a job. A function may be essential for any of several reasons, including: the job exists to perform that function, the employee holding the job was hired for his/her expertise in performing the function, or only a limited number of employees are available to perform that function.
Benefits & conditions
- Competitive base salaries
- Bonus incentives
- Generous PTO, Floating Holidays and 12 Federal Holidays observed
- Support for financial-well-being and retirement 401k with employer match
- Comprehensive medical, dental, vision, hospital indemnity, critical illness, pet insurance and more
- Employer paid short-term/long-term disability and basic life insurance
- Flexible hybrid working arrangements.
- Paid parental leave and adoption reimbursement programs
- Free access to on-site staffed fitness centers (in Delaware) and gym subsidy (for locations outside Delaware)
- Confidential counseling support (EAP), Health Advocacy services and Wellness program with financial incentives
- Tuition Reimbursement and Family Scholarship Programs
- Career development and training opportunities
