Regional Data Privacy Officer

  • Salary + Bonus + Benefits
  • Hong Kong
  • Permanent, Full time
  • Wells Fargo Bank
  • 12 Nov 18

The Regional Data Privacy Officer oversees all regional activities related to the development, implementation, maintenance of and adherence to Wells Fargo’s data protection and privacy policies and procedures and applicable privacy and data protection laws, regulations and requirements.

About Wells Fargo: Wells Fargo & Company (NYSE: WFC) is a diversified, community-based financial services company with $2.0 trillion in assets. Founded in 1852 and headquartered in San Francisco, Wells Fargo provides banking, insurance, investments, mortgage, and consumer and commercial finance through more than 8,500 locations, 13,000 ATMs, the internet (wellsfargo.com) and mobile banking, and has offices in 42 countries and territories to support customers who conduct business in the global economy. With approximately 273,000 team members, Wells Fargo serves one in three households in the United States. Wells Fargo & Company was ranked No. 25 on Fortune’s 2017 rankings of America’s largest corporations. Wells Fargo’s vision is to satisfy our customers’ financial needs and help them succeed financially. News, insights and perspectives from Wells Fargo are also available at Wells Fargo Stories.

The Regional Data Privacy Officer oversees all regional activities related to the development, implementation, maintenance of and adherence to Wells Fargo’s data protection and privacy policies and procedures and applicable privacy and data protection laws, regulations and requirements. The Regional Data Privacy Officer will provide subject matter expertise locally to the region with respect to privacy and data protection requirements and issues. This position reports to the Global Chief Privacy Officer in Information Risk Management Oversight, Corporate Risk. The position is located in Hong Kong.

Role Responsibilities:
•Develop and administer any regional or country-level privacy policies and standards, in coordination with the Global Chief Privacy Officer and front line privacy leaders where appropriate; provide advice, guidance and enterprise procedures on the interpretation of privacy requirements and such policies
•Understand the personal data processing activities conducted by the businesses and staff functions operating in the region or country and participate in new product, initiative or function due diligence risk management processes to ensure they address data protection and privacy issues, including consultation on cross-border transfers of personal data
•Monitor and communicate to privacy leaders, regional management, Compliance, Corporate Risk and other appropriate groups about any data protection and privacy developments within the region, in coordination with the Global Data Privacy Office
•Develop and deliver (or arrange for development and delivery of) regional level privacy and data protection training as appropriate; review, provide input and approve any privacy-related training developed by the businesses
•Independently review controls and procedures to implement applicable data protection and privacy policies and applicable privacy-related laws, regulations and any country or region-specific procedures developed by the businesses and staff functions and design and/or coordinate independent testing as appropriate
•Provide reports about the status of compliance with the Global Data Protection and Privacy Policy and regional policies and escalate privacy-related issues and incidents to the Global Chief Privacy Officer and appropriate business and function management; consult with the business, privacy leaders and the Global Chief Privacy Officer regarding policy escalations and exceptions
•Coordinate with regional management to (a) make and maintain any regulatory filings related to data protection required by local law for all legal entities operating in the region or country and (b) be the primary point of contact for data protection regulatory authorities
 
Basic requirements:
•Minimum of 6 years in compliance, operational risk, IT systems security, business process management, or financial services, of which at least 3 years must include direct experience in compliance or operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk)

Minimum education and skills:
•Bachelor’s degree or higher
•Strong knowledge of privacy and data protection requirements in the region
•Relevant compliance, risk or data protection and privacy experience
•Strong organizational and facilitation skills
•Experience working independently and virtually within a global organization
•Exceptional communication and influencing skills
•Good working knowledge of technology related controls and security measures
 

Preferred experience and credentials:
•10+ years’ experience in financial services or regulated industry
•CIPP or equivalent certification or qualification
•Leadership and team management experience
•Experience in advising senior management
•Law degree a plus