LendingClub’s Risk Department is seeking talented candidates for the position of Head of Privacy – reporting to the Chief Risk Officer. Based in San Francisco, CA, the Head of Privacy will work transversally with all areas of Compliance, the corporate functions and the business units, to ensure the organization complies with privacy and customer information security laws and regulations.
He/she will develop the privacy compliance program in close partnership with Information security and the Legal teams.
He/she will develop the privacy risk assessment and define privacy-related processes needed to mitigate the risks and comply with all State and Federal laws and regulations applicable to our businesses.
He/she will prepare regular reports to senior management regarding the privacy function, the privacy and identity theft risks associated with the organization’s activities.
He/she will advise on compliance obligations and guide the borrower and investor businesses of LendingClub to ensure they align their practices and deploy fully the organization’s privacy and identity theft policies, procedures and processes.
The successful candidate must have expert knowledge, demonstrated interest, and significant experience in privacy regulation and financial services compliance.
This individual will demonstrate outstanding communication and project management skills, an ability to anticipate and deliver on the needs of a fast-paced and innovative business, attention to detail, a broad understanding of the compliance management system, a self-starter and the flexibility to simultaneously work on a wide range of initiatives.
What You'll Do
- Provides guidance and assists in the identification of compliance risks, implementation, and maintenance of organization information privacy processes and procedures in coordination with information security and legal counsel
- Works with senior management and the compliance team to establish an organization-wide privacy compliance program
- Performs initial and periodic privacy risk assessments and conducts related ongoing compliance monitoring activities
- Works with privacy counsel, enterprise risk, third party vendor management, technology and the business units to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials which are reflecting the current organization and legal requirements
- Oversees, directs, updates, delivers, or ensures delivery of initial and recurrent privacy training and orientation to all employees, contractors, and other appropriate third parties
- Participates in the development, implementation, and ongoing compliance monitoring of all third-party providers to ensure all privacy concerns, requirements, and responsibilities are addressed
- Works with counsel, information security, corporate technology and the business units to ensure tracking of access to protected confidential financial information, customer information sharing in accordance with privacy notice disclosures, investigation of compromise incidents, evaluation to determine incident notification requirements under applicable laws, drafting of any such required notice
- Partners with customer advocacy on all complaints concerning the organization’s privacy policies, procedures and processes in coordination with legal counsel
- Initiates, facilitates and promotes activities to foster information privacy awareness within LendingClub
- Reviews all system-related information security plans throughout the organization to ensure alignment between security and privacy practices, in coordination with technology risk and legal counsel
- Maintains current knowledge of applicable federal and state privacy laws (and international laws like GDPR), and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance
- Interact with bank partners, investors, internal and external auditors or regulators during audits, examinations or due diligences related to privacy and customer information security compliance matters
- Partner with Legal and Information security teams to assess the impact of changes to regulations, and oversee the implementation of regulatory changes
- Minimum Bachelor's degree and 5+ years of relevant experience in privacy regulation and compliance functions. CIPP/US certification preferred
- Prior compliance privacy officer experience preferred
- Experience within a financial institution or technology company preferred, both would be ideal
- Expert knowledge of GLBA, Right to Financial Privacy, California Privacy rules and Civil Code Data Breach notification, FCRA Identity Theft Red Flags, and other privacy and information security related laws; knowledge of GDPR preferred
- Team player, able to influence, collaborate, negotiate and solve problems with business partners and expert teams across the organizational lines
- Strong analytical and critical thinking skills, with strong attention to detail and accuracy
- Desire and ability to quickly learn about the activities and specificities of our unique business model, advanced technology capabilities, and evolving regulatory environment
- Self-starter, willing to take ownership and drive initiatives to resolution while reporting appropriately on progress made and escalating when difficulties are encountered
- Comfortable with balancing multiple and competing priorities
- Excellent writing and presentation skills
LendingClub is an equal opportunity employer and dedicated to diversity and inclusion in the workplace. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender identity, sexual orientation, age, marital status, pregnancy status, veteran status, or disability status. We believe that a variety of perspectives will make our teams and business stronger as we work together to transform the traditional banking system.