The Manager, Privacy Engineering will lead teams that build and extend data privacy-preserving and enhancing processes and technologies in our cloud environments and will manage and enhance the company’s data privacy programs to ensure compliance with privacy frameworks, standards, and regulatory requirements. In collaboration with cross-functional teams, this role will design and monitor risk treatments, maintain system and control inventories, and provide comprehensive reporting on program performance. Additionally, this position is expected to be a subject matter expert, keeping up on industry developments to advise leadership and maintain compliance with evolving standards.
Essential Functions and Responsibilities:
Review privacy frameworks, standards, and guidelines as well as regulatory, industry, and business compliance requirements as decided by the company’s Data Privacy Officer(DPO) to identify, plan, design, and enhance risk treatments in conjunction with risk, legal, and security team members
Maintain accurate inventories of the company’s systems and controls in a GRC platform and complete weekly reviews to monitor and report on the effectiveness and maturity of risk management and data privacy programs
Support internal and external auditors in reviewing the suitability of design and operating effectiveness of data privacy program controls by serving as the primary point of contact for ERM for audit planning, execution, and reporting
Design and implement risk and privacy program metrics that accurately reflect program performance and enable data-driven decision-making
Produce executive and operational reporting on the performance of the privacy program, including conformance to privacy frameworks, data privacy standards, and industry best practices
Serve as the vendor owner for privacy-related vendors, including maintaining due diligence documentation, completing ongoing oversight tasks, and monitoring performance to ensure alignment with program requirements and expectations
Provide sprint, project, and architectural guidance to the privacy engineering team
Produce and deliver job-specific education and training to staff on emerging privacy threats and privacy-enhancing technologies
Collaborate with risk analysts, product managers, and legal representatives to establish and critically monitor risk treatment plans relevant to consumer privacy and data protection risks
Evaluate developments in the industry, advise the Chief Risk Officer and DPO on upcoming changes, and analyze gaps to maintain compliance as requirements evolve
Present an overview of the data privacy program to prospective clients remotely
Support responses to data subject access requests (DSARs) by coordinating responses across departments as required
Complete and update internal program documentation, including client due diligence repositories, responses to industry questionnaires, and responses to individual client privacy program questions received through RFPs and requested as part of clients’ ongoing due diligence of Lumin Digital
Perform other duties as assigned.
Position Specifications
Education:
Bachelor’s Degree in Management Information Systems, Information Assurance, or related field; or equivalent self-study in compliance or audit with demonstrated command of key concepts and technologies and proficiencies in technology risk treatment and monitoring, data privacy, or other technical privacy risk management domains is required.
Relevant industry certifications such as the CIPP/US, CIPM, and/or CDPSE preferred
Experience:
Seven (7) years of experience in a risk management or data privacy program management-related role is required
Experience interpreting and mapping data privacy standards and requirements documents into formal control statements with associated auditable tests required
Experience supporting organizational and program audits through scoping engagements, designing and refining control statements, and collaborating with auditors to obtain and provide evidence as requested required
Experience building presentations and reports to management on the performance, effectiveness, and risks of an enterprise program required
Experience working with data inventory discovery, mapping, and management tools and diagramming visualization tools required
Knowledge, Skills, & Abilities:
Foundational technical knowledge of data privacy management tools, techniques, and procedures
Familiarity with consumer financial technology service provider ecosystem, including how personal information is collected, processed, stored, and shared with third-party providers in digital banking, loan origination, KYC, fraud prevention, and other intermediaries
Familiarity with prevalent data privacy standards and best practices, including the NIST Privacy Framework, ISO 27701/27018, and SOC 2 trust services criteria
Familiarity with rules and regulations relevant to financial services and global technology service providers, including the FFIEC IT Examination Handbook, GLBA Privacy Rule, GDPR EU-US DPF, and COPPA and their implementation requirements and challenges
Ability to work independently as part of a distributed team to meet deadlines related to internal projects and external audit calendars with minimal supervision
Calm and serious attitude, technical aptitude, appropriate sense of urgency, and strong communication and interpersonal skills
Ability to drive data privacy outcomes with a consumer-first, not a compliance-first approach
Curiosity and a strong drive to fully understand and keep apprised of privacy risk management issues and trends
Travel:
Minimal, generally 12 days or less per year, ~2X team get-togethers a year
LIFE AT LUMIN DIGITAL
Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.
At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.
All qualified applicants, including those with arrest or conviction records, will be considered for employment. Any conditional offer will include a notice regarding the review of the candidate’s criminal history as part of the hiring process.
