Overview Are you looking to take your career from good to great? As an employee of PenFed, every day is an opportunity to thrive, and be part of a team working to ensure our organization is providing world class service to our members, employees, and our communities. We exist to help our members realize their full potential, educate and encourage their dreams, and make every effort to follow our mission and help our members “do better.” Joining PenFed is more than being an employee; it’s about being a part of the PenFed family. PenFed is hiring a (Hybrid) Privacy Director at our Tysons, Virginia location. PenFed’s Privacy program exists to identify, measure, and manage the risks to consumers and the institution associated with collection, use, sharing, transmission, retention, and disposal of personally identifiable and confidential information. The primary purpose of this job is to oversee all activities related to the organization's privacy posture, including ensuring PenFed has and maintains appropriate privacy policies, conducting privacy impact assessments, ensuring organizational compliance with state and federal privacy laws through advising operational areas and implementing monitoring mechanisms, participating as required in investigation of privacy-related incidents and breaches and recommending appropriate regulatory or other reporting. This position interacts with InfoSec, Data Governance, Marketing, Compliance and Legal partners as well as all Business Units. This position will interact with the Board of Directors and the executive team as a subject matter expert on privacy law compliance. The Privacy officer this officer also serves as the POC for all enterprise education regarding privacy laws and regulations, and will play an advisory role in relevant Steering Groups or Committees whose work requires privacy considerations; the incumbent serves as the initial adjudicator of member privacy requests, assigning requests to appropriate processes. Responsibilities Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties and the position will perform other duties as assigned. + Serve as a primary source of knowledge on how member information handling, both on-line and off-line, aligns with state and federal privacy laws. + With regard to handling of member information: Set standards for member notice; for member opt-in or opt-out choice (Consent Management); for member ability to access, correct/update, delete permissions or other personal information (Data subject Rights); for standards of safeguarding of member information. + Work with Business Units and Data owners to ensure process mapping for all privacy requests is current, complete, and being appropriately applied across the Enterprise. + Establish a system of monitoring compliance with privacy standards, and reporting identified issues to executive and senior management. + Establish a system of assurance of enterprise compliance with privacy standards. + Aggregate member privacy opt-out choices into easily accessible and comprehensible member communication. + Work closely with the Chief Information Officer (CIO) to ensure the privacy program is suited to the company’s Information Systems strategies, promoting privacy by design, and incorporating privacy considerations into the development of new systems, processes and technologies. + Work closely with the Chief Information Security Officer (CISO) to ensure the privacy program is suited to the company’s Information Security strategies. + Develop and maintain incident response plans for addressing privacy incidents and breaches in a timely and effective manner. + Work closely with the Data Governance Council to ensure the privacy program is incorporated into requirements of the enterprise’s Data governance program. + Work closely with the Chief Compliance Officer to ensure the privacy program is suited to the company’s risk appetite within compliance, and to design an ability to monitor business unit compliance with privacy regulations. + As requested, develop and present privacy material for various committee and board meetings such as the Enterprise Risk Management Committee, Financial Management Risk Committee, monthly board meetings, and ad hoc meetings. + Maintain current knowledge of federal, state and international laws and regulations pertaining to privacy regulations and requirements. + Develop employee training on privacy matters, and communicate Privacy policy requirements to employee population. + Perform and/or cause to be performed Privacy impact assessments. + Serve on PenFed’s Data Governance Council. + Serve on PenFed’s Artificial Intelligence Steering Group. + Establish and maintain an appropriate procedure for documenting, tracking, investigating and responding to all complaints concerning the organization’s privacy policies and procedures. + Update privacy policies and procedures in accordance with applicable laws and regulations, as well as financial industry best practices. + Determine how PenFed shares data on its privacy practices with its members and the general public, both on-line and off-line. + Increase member trust in organizational handling of private member information. + Serve as a member of the management team and work with other management team members to develop goals and strategies to meet corporate objectives while maintaining adherence to relevant privacy requirements. + Work directly with any regulatory examiner to facilitate responses to their requests for information and data related to PenFed’s Privacy Program. + Work with Third Party Risk Management (TPRM) on vetting vendors for compliance with privacy and data security policies and legal requirements. *This role is responsible for ensuring business continuity.* Qualifications Equivalent combination of education and experience is considered. + At least 12 years work experience with 5 years at the management/leader level. + 5+ years of familiarity with privacy and/or data protection laws and practices, with an understanding of US Federal and state-level privacy laws.   + At least 7 years’ experience advising on regulatory or legal issues within a regulated financial institution.  + Proven ability to influence effectively across various levels of management. + Ability to work independently. + Ability to launch new initiatives and proven track record of building upon and improving a privacy program. + Strong interpersonal and organizational skills. + Strong written and verbal communications skills. + Bachelor’s Degree or equivalent required. + A postgraduate degree in Law or relevant field (information security, privacy, compliance) is highly desired and will be preferred.  + Certification in privacy (CIPP and/or CIPM) or willingness to obtain certification.  Supervisory Responsibility This position will not supervise employees. Licenses and Certifications Certification in privacy (CIPP and/or CIPM) or willingness to obtain certification.  Work Environment While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise. *Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.* Travel Ability to travel to various worksites and/or conferences may be required. About Us Established in 1935, PenFed today is one of the country’s strongest and most stable financial institutions with over 2.9 million members and over $31 billion in assets. We serve members in all 50 states and the District of Columbia, as well as in Guam and Puerto Rico. We are federally insured by NCUA and we are an Equal Housing Lender. We are available to members worldwide, via the web, seven days a week, twenty-four hours a day. We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more. Equal Employment OpportunityPenFed management will maintain and observe personnel policies which will not discriminate or permit harassment or retaliation against a person because of race, color, creed, age, sex, gender, gender identity, gender expression, religion, national origin, ancestry, marital status, military or veteran status or obligation, the presence of a physical and/or mental disability or medical condition, genetic information, sexual orientation, and all statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment. PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same. PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at 402-639-8568. #LI-Hybrid