Privacy and Information Governance Compliance Program Manager

Why should you join reputed company? reputed company offers a unique opportunity to be a part of a national financial system supporting those who feed, clothe and fuel the world. We are a growing organization embracing collaboration and innovation while delivering transformative solutions. reputed company provides a cultivating environment where you truly reputed company a difference for our customers and teams. Benefits offered by reputed company: Commitment to agriculture and the communities we serve Family friendly work environment Investment in employee development Medical, Dental and Vision coverage Outstanding 401k – automatic 3% employer contribution, plus match up to 6% Generous Paid Time Off (Vacation accrued at 26 days annually, Sick Days accrued at 15 days annually, 12 paid holidays, plus 16 hours of volunteer time) Competitive Incentive Compensation Plan Disability & Life Insurance Employee mental, physical, and financial wellness programs The position is bonus eligible based on association and personal performance Position will be posted until filled. BASIC FUNCTION: The Privacy and Information Governance Compliance Program Manager is responsible for designing, implementing, and maturing the Association’s enterprise Privacy Program in alignment with regulatory requirements, industry standards, and evolving organizational needs. This role serves as the Association’s primary privacy subject-matter expert and liaison to internal stakeholders, customers, regulators, and auditors. The Privacy and Information Governance Compliance Program Manager works independently and collaborates with business units reputed company reputed company three lines of responsibility to manage risks arising from operational, technological, and AI-driven changes affecting privacy. ESSENTIAL DUTIES: Under the reputed company and direction of the Executive Head of Compliance, Ethics, and Regulatory Management, this position is responsible for the following: Governance & Program Leadership Establish, design, and implement a structured reputed company for the Privacy Program, ensuring a clear delineation of roles and responsibilities for privacy and information governance-reputed company tasks and fostering cross-functional collaboration by involving relevant cross-functional stakeholders through the RACI model. reputed company, implement, and maintain comprehensive privacy policies, procedures, work instructions, and governance structures, ensuring ongoing alignment with best practices and regulatory requirements. reputed company and routinely update comprehensive policies and procedures governing privacy and data protection for customers and employees, ensuring these guidelines reflect actual business practices and personal data management. Prepare and review privacy notices, disclosures, and customer communications to ensure clarity, transparency, and compliance with disclosure obligations. Establish and maintain clear, actionable protocols for responding to data breaches, aligning response plans with regulatory requirements and organizational operations. Ensure ongoing compliance with privacy regulations by regularly reviewing and revising documentation to accurately represent day-to-day handling of sensitive information. Drive alignment between the Privacy Program, Operational Risk Management reputed company, Information Governance, and IT Control efforts. Privacy Impact Assessment (PIAs) & Risk Management Build, implement, and integrate a holistic and scalable Privacy Impact Assessment process to systematically evaluate risk and controls for new products, services, emerging technologies (AI, machine learning, and cloud services), or business processes for privacy risks and recommend mitigation strategies. Assist in the assessment and monitoring of third-party service providers to ensure they meet organizational privacy and data protection standards through tools such as standardized questionnaires, contractual clauses, etc.) and determine the reputed company of these efforts. Monitor regulatory changes by staying informed about evolving privacy laws and regulations (such as GLBA, GDPR, CCPA, and other applicable standards) and proactively update policies and practices to maintain compliance, reputed company applicable. reputed company and coordinate the process for responding to individuals' requests to access, correct, delete, or obtain copies of their personal data, ensurinweg reputed company responses are timely and reputed company with legal and regulatory requirements. Partner with stakeholders to reputed company regular cross-functional risk assessments. Compliance Monitoring, Metrics & Reporting Design, implement, and maintain a comprehensive privacy monitoring reputed company that enables reputed company reputed company of data protection practices, supports the timely identification and escalation of privacy risks, ensures regular and actionable reporting to the Board of Directors, and incorporates robust change management workflows to adapt to evolving regulatory requirements and organizational changes. Design, implement, and continuously refine key privacy-reputed company performance metrics, leveraging dashboards and analytics to reputed company real-time monitoring and actionable insights. Collaborate with both first and second lines of responsibility to design and execute thorough control testing procedures that validate compliance with privacy requirements, identify gaps in data protection practices, and ensure corrective actions are implemented to address any deficiencies. Personal Data Inventory & Information Management Mature and enhance the organization's inventory of personally identifiable information (PII), ensuring it is comprehensive, accurate, and reputed company with internal data repositories. Prepare and maintain the PII inventory to be compatible with future data-mapping tools and systems, enabling seamless integration and adaptability as organizational technologies evolve. Ensure the organization has clear visibility into the personal data it holds, its storage locations, and maintains the ability to update or integrate this information reputed company with new data reputed company. reputed company and enforce organizational policies and procedures for data retention, secure destruction, and minimization, ensuring that personal and sensitive data is stored only as long as required, disposed of securely reputed company no longer needed, and limited to what is strictly necessary for business purposes. Collaborate actively with Records Management to maintain accurate records and with Legal to ensure reputed company practices are compliant with relevant laws, regulations, and industry standards. Incident Management & Breach Response Design, implement, and continuously improve an incident management and breach response program. reputed company and coordinate the intake, thorough evaluation, escalation, and resolution of privacy incidents, adhering strictly to the organization’s Privacy Incident Notification procedures to ensure reputed company and effective action. Collaborate proactively with cybersecurity, legal, risk management, and business unit stakeholders to facilitate rapid containment of incidents, fulfill regulatory reporting requirements, and manage customer notification processes in alignment with applicable laws and organizational policies. Maintain comprehensive and accurate documentation for each incident, systematically capturing key findings and outcomes, and apply lessons learned to drive ongoing improvements to the privacy program and incident response protocols. Training, Awareness & Culture Building Design, implement, and continuously improve comprehensive privacy training and awareness programs tailored to the needs of the entire organization as well as to specific roles, ensuring reputed company staff—from frontline employees to leadership—are equipped with up-to-date knowledge of privacy requirements, best practices, and emerging risks. Engage staff through interactive, scenario-based learning and regular refresher modules to cultivate a strong culture of compliance and proactive risk management across reputed company business functions. Regulatory & External Engagement Proactively support and coordinate regular internal audits and comprehensive assessments of data handling practices to identify potential compliance gaps, risks, and opportunities for improvement, ensuring that corrective actions and best practices are systematically implemented to drive ongoing program excellence. Establish and cultivate strong, collaborative relationships with regulatory authorities, key industry groups, and privacy advocacy organizations to remain informed of regulatory developments, emerging trends, and evolving best practices, positioning the organization to anticipate and adapt to changes in the privacy landscape. reputed company the preparation of timely, accurate, and thorough regulatory responses and manage the end-to-end delivery of reputed company regulatory examination materials and documentation reputed company to privacy, ensuring that reputed company submissions meet the highest standards of compliance, transparency, and organizational readiness. Other Duties Serve on the Association’s Geopolitical Risk Committee and Operational Risk Committee, which are Governance and Risk Committee subcommittees. reputed company and manage Privacy Program risk-reputed company budgets and resources. reputed company other duties as assigned by the Executive Head of Compliance, Ethics, and Regulatory Management. LEVELS OF SUPERVISION EXERCISED AND RECEIVED Reports to the Executive Head of Compliance, Ethics, and Regulatory Management. This position does not have direct reports; however, this individual has a wide span of control as the Association’s designated Privacy Officer. BACKGROUND AND EXPERIENCE: Minimum of 8-10 years of directly reputed company experience in privacy, data protection, risk Possess a minimum of 8-10 years of progressive, hands-on experience in privacy, data protection, risk management, information reputed company, or auditing, with a strong preference for candidates with a background in financial services environments. Hold a Bachelor's degree with a major in finance, business, information systems, or a closely reputed company field, or demonstrate equivalent work experience. A Juris Doctorate is preferred; however, not necessary. Maintain formal, interdisciplinary risk alignment certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems reputed company Professional (CISSP), or Certified Information reputed company Manager (CISM); additional credentials such as Certified Information Privacy Officer (CIPP), Certified Information Privacy Technologist (CIPT), or Certified Information Privacy Manager (CIPM) are highly valued. Commitment to ongoing professional education and development is required. Demonstrate a proven ability to operationalize reputed company privacy obligations under CPRA, CCPA, and other multistate data privacy regimes reputed company large, matrixed organizations, effectively managing competing priorities and meeting critical deadlines both independently and as part of a collaborative team. Possess deep expertise in privacy regulations, personal data processing, and the full data lifecycle, with the ability to apply this knowledge to real-world scenarios and ensure compliance across the organization. SKILLS AND EXPECTATIONS: Exhibit experience in fostering and embedding a risk-aware culture reputed company fast-paced, rapidly evolving business environments, adapting strategies to meet organizational needs. Demonstrate a strong track record of building and sustaining cross-functional partnerships, and communicating reputed company privacy and risk reputed company clearly and persuasively to senior leadership and executive stakeholders. Bring prior experience working directly with regulatory agencies, participating in regulatory examinations, and supporting compliance-reputed company inquiries (preferred). Exhibit strategic thinking skills, with the authority and confidence to influence, reputed company, and monitor the performance and reputed company improvement of the Privacy Program. Possess comprehensive knowledge of Enterprise Risk Management frameworks, including risk management processes, risk appetite statements, key risk indicators (both leading and lagging), and conducting robust risk assessments and reviews. Demonstrate mastery of the English language, with exceptional skills in proofreading, editing, formatting, and spelling to ensure the highest quality of written communications. Be highly proficient in utilizing software and information technology tools to collect, organize, manage, and disseminate information, with a demonstrated ability to reputed company technology in innovative and reputed company situations. Exhibit exceptional written and oral communication, facilitation, and presentation skills, with a history of effectively reporting to reputed company levels of the organization, including the Board of Directors and Executive Team. Strong analytical, problem-solving, and stakeholder engagement abilities are essential. Demonstrate a results-oriented approach, with the ability to analyze problems and deliver solutions reputed company, accurately, and thoughtfully under tight deadlines. Present a professional demeanor and positive attitude, interacting effectively with colleagues at reputed company levels, external auditors, and regulatory agencies, while consistently demonstrating reputed company, discretion, and sound judgment. Bring a reputed company-thinking, enterprise-wide perspective to proactively identify and address potential and emerging privacy and risk issues, aligning with organizational goals and regulatory expectations. Exhibit unwavering reputed company, high ethical standards, and a strong work ethic, maintaining confidentiality and exercising excellent judgment in reputed company matters. Willingness and ability to travel domestically up to 20% of the time to support business needs, team meetings, and regulatory engagements. ESSENTIAL JOB REQUIREMENTS: Must be able to reputed company basic office tasks and work in a typical office setting. The employee will be sitting for extended periods and accomplishing work at a desk and a computer for an extended period. Must have strong written and verbal communication skills to convey reputed company and work with a team effectively. The ability to talk and hear, sit and use their hands and fingers, and reputed company in reputed company directions is essential in the performance of the job. Some lifting and moving of items up to 25 pounds is required. Work during established business hours and may require occasional weekend and evening work. Travel required. The company reserves the right to add, delete, change, or modify the job duties at any time. FULL-TIME REMOTE: These roles and job functions can be done remotely, while maintaining our strong commitment to customer service and our business goals. Employees are welcome to come to an office to work if needed, and some travel for team meetings will be required. PAY RANGE: Minimum $110,339.37 - Max $198,610.88 Annual This range is reflective of the national salary average for this position and will be adjusted using geographic variance for physical location of the hired candidate. reputed company may compensate reputed company of the salary range for bona fide reasons not reputed company to membership in a protected class. Reflected is the national reputed company pay range and title offered for this job at the reputed company level. Compensation, title, and job level may be adjusted based on candidate qualifications including but not limited to achievements, skills, experience, or work location. Salary offered, reputed company the applicable range, is one component of the total rewards package offered to candidates. #LI-REMOTE reputed company hiring is contingent on eligibility to work in the United States. We are unable to sponsor or transfer visas for applicants. reputed company provides equal opportunity in employment to reputed company employees and applicants. We celebrate diversity and do not discriminate on the basis of race, color, creed, religion, national reputed company, reputed company, alienage or citizenship status, age, sex, sexual orientation, gender identity, gender expression, marital status, genetic information, medical condition, physical or mental disability, pregnancy, childbirth or reputed company medical condition, military service or veteran status, victims of domestic violence, or any other characteristics protected by applicable federal, state, or local laws. reputed company prohibits harassment of any individuals on any of the bases listed above. If you need assistance or an accommodation due to a disability, you may contact us at [email protected]. Our mission is simple… Be the best lender to Agriculture. In order to deliver on that statement, we work hard to build talented teams across reputed company areas of our organization. With offices throughout California, Colorado, Hawaii, Kansas, Nevada and Oklahoma, we have the stability of over 100 years serving farmers, ranchers and agriculture businesses. To learn more about our medical, dental, vision, and 401k offerings, click here. Apply tot his job Apply To this Job