The Director, Privacy-Corporate Functions is engaged in the implementation and maintenance of the Company’s privacy program within the corporate functions. The Director will report to the Corporate Functions Privacy Officer (VP for Privacy Program Management). The VP Privacy Program Management sits within the Operational Risk Management (ORM) organization and is part of Enterprise Risk Management.
Under the guidance of the Corporate Functions Privacy Officer, the Director will lead the projects and assessments of the processes around the collection, use, storage and disposal of customer/employee personal information within the corporate functions and will help to educate the corporate functions associates around privacy risks and privacy risk management. The Director will also work closely with the designated HIPAA Privacy Official and Security Official to ensure compliance with HIPAA regulations within the corporate functions.
- Support the Corporate Functions Privacy Officer with duties and obligations pertaining to privacy compliance for the corporate functions. These include but are not limited to privacy risk assessments, business process assessments, privacy incident management, privacy awareness and training, privacy due diligence reviews for vendors handling personal information.
- Ensure the corporate functions adherence to the Privacy Program, the HIPAA and General Data Protection Regulation (GDPR) programs (if applicable), and any local or business-specific privacy requirements.
- Collaborate with various members in the Operational Risk Management, Legal, Compliance and Information Technology departments to identify and control privacy risks; follow key trends and latest laws and regulations.
- Ensure that corporate functions maintain an inventory that identifies all systems, business processes, shared drives and other repositories where sensitive personal information is used, stored or accessed.
- Ensure that corporate functions maintain an inventory of third parties handling personal information on behalf of Prudential. Support privacy due diligence reviews for corporate function vendors (new and existing) handling personal information.
- Manage the annual privacy risk assessment process; conduct privacy impact assessments as required within the corporate functions; and conduct other privacy assessments as needed (e.g., HIPAA privacy assessments), all with an eye to ensuring that appropriate controls are in place to mitigate privacy risks.
- Enable the corporate functions to identify, investigate and remediate privacy incidents (including privacy breaches) in a timely manner consistent with legal requirements.
- Report on privacy incidents, operational risk events relating to privacy and key risk indicators occurring within the corporate functions. Identify and follow up on privacy issues and action plans with an eye to closing incidents and issues in a timely manner.
- Utilize educational tools including training and awareness sessions to reinforce strong privacy protection practices within the corporate functions.
- Be an active member of the privacy community within Prudential.
- Participate in continued privacy education and be an advisor to corporate functions management around privacy related matters.
A little about us:
Our support of the military includes providing civilian employment opportunities to transitioning service members and military spouses.