Data Privacy & Governance Principal Director

Technology Full-Time Berwyn, Pennsylvania Raleigh, North Carolina ReqID:5550


Envestnet is seeking a passionate and talented Data Privacy & Governance Principal Director to join our technology team. This position is expected to report to either our Berwyn, PA or Raleigh, NC office.

Envestnet is transforming the way financial advice and wellness are delivered. Our mission is to empower advisors and financial service providers with innovative technology, solutions, and intelligence to make financial wellness a reality for everyone. 

Since our founding 20 years ago, we are fully vested in helping people live an intelligent financial life. If you love the idea of working in a Fintech company with the environment and excitement of a start-up where you are making everyday impact - then read on. 

Job Summary: 

The mission of the Information Security, Privacy and Risk team is to establish a secure risk-managed environment that protects the confidentiality, integrity and availability of information used by the organization. The successful candidate will primarily support the team’s mission by focusing on privacy related security governance, due diligence, and risk mitigation activities. The role will require the candidate to work as part of the team responding to business and regulatory driven data privacy questions, due diligence, and requests in a timely manner. The role requires a broad working knowledge of data privacy and information security standards, data privacy best practices, data privacy policy, and risk management processes. The role will serve as a subject matter expert, leveraging business acumen and expertise to deliver thought leadership, and determine necessary resources, timelines, and deliverables to drive results. The role must be sensitive to the nature of regulatory communication and interactions, and the business context to the requests made of the team. The individual must be self-motivated and feel comfortable working with other members of the legal, compliance and security team to deliver high quality program enhancements in a timely manner.

Job Responsibilities:

  • Data Privacy
    • Lead the cross functional matrixed team that supports our enterprise privacy management program, with an emphasis on ensuring enhancements to the current enterprise program baseline is achieved.
    • Enhance and manage the overall program to support all data security and privacy assurance activities involving risk management, including any and all client-driven due-diligence requests.
    • Lead the development of the Privacy Program and Governance Structure Documentation to include defined roles and responsibilities. Create and maintain a baseline privacy taxonomy along with baseline privacy activity plan and processes linked to existing information security risk management practices.
    • Establish a prioritized plan of action for performing data privacy assessments (DPA) for key product areas.
    • Perform targeted execution of DPA for critical business service areas, with specific consideration of new regulations.
    • Identify and evaluate where additional privacy attestations are required.
    • Lead, plan and complete a data privacy risk assessment for high risk systems.
    • Develop a future staffing and budget plan for the next 18 months to fully build the data privacy function.
    • Review proposed engagement contracts and SLAs to identify implications of contractual language and SLAs regarding data privacy and work with internal teams to establish the appropriate updated standard wording and ensure proper practices are in place.
    • Identify emerging data privacy implications and requirements for consideration into the firm's information security frameworks, strategy, roadmap, policies, and IT initiative roadmap.
    • Facilitate discussions across the Envestnet enterprise to ensure our services address data security and privacy risks to align with and address client, business and regulatory needs.
    • Establish the plan to facilitate qualitative improvements in working practices in support of all data privacy assurance activities.
    • Work to ensure alignment between security and privacy compliance programs including policies, practices, investigations, working within the information security department.
    • Stay abreast of industry, regulatory and company changes and trends as they relate to the financial industry, data security, and privacy information management.
  • Data Privacy and Security Governance
    • Continuously lead the improvement, curation and maintenance of the repository of information type catalogue and privacy impact assessments with clearly defined points of accountability.
    • Work with various stakeholders to ensure accurate, timely and consistent supportable responses to data privacy and risk control assessments. Use influence to gain stakeholder support necessary to achieve expected results.
    • Serve as a consultative partner to stakeholders across the enterprise to manage data privacy and security with an emphasis of information protection.
    • Scope externally conducted data privacy assurance activities such as audit, assessment, and advisory services, and delivers a service specific package of material that reflects the data privacy posture and capabilities supporting the protection of sensitive data.
    • Maintain and update an ongoing process to track, investigate and report inappropriate access and disclosure of protected information. Monitor patterns of inappropriate access and/or disclosure of protected information.
  • Information and Data Privacy Program
    • Facilitate/establish and report on monthly metrics and Key Risk Indicators relating to data privacy risks and for internal use to help plan for needed changes to our services.
    • Lead, plan, or assist, data privacy audits/assessments for assigned areas.
    • Identify and understand complex data privacy risks from a business perspective.
    • Coordinate the development and ongoing maintenance of data privacy related reporting, standards; manage an effective exception process to facilitate and manage requests for non-compliance with policies, standards and baselines.
    • Direct the audit management aspects of data privacy program across service areas, including regulatory and client communications; and manage an effective process for timely response to queries and concerns.
    • Develop relevant metrics, analyze data, and identify trends to help drive improvements to the control environment.
    • Serve as escalation point for a diverse remote team to ensure individual and group success.
    • Directly responsible for ensuring contractual data privacy needs related to information protection are understood and executed or risk accepted to reduce company exposure.
  • Adherence to and application of Envestnet legal, compliance, risk, business continuity and administrative policy within the role and department(s) including the timely completion of training & awareness, affirmations and testing as requested.
  • As part of the responsibilities for this role, you will understand and readily support Envestnet's established corporate business practices, policies, internal controls and procedures designed to create value or minimize risk.

Required Qualifications: 

  • Minimum 10 years of progressive experience in regulated information privacy and financial services (preferred).
  • Bachelor’s/master’s degree in a related discipline
  • Professional certification(s): CISA, CRISC, CISM or CISSP (or willingness to pursue)
  • Privacy and Information Security Risk management experience with ability to effectively apply risk principles to business situations.
  • Strong knowledge of NYDFS, CPRA, GDPR, GLBA, NIST privacy and security standards, as well as FFIEC IT examination guidelines and other relevant privacy practices.
  • Familiar with cloud security attestations and how to implement to ensure readiness as a service provider.
  • Strong written presentation and communication skills, with the ability to complete high-quality deliverables for senior management.
  • Excellent influencing and problem-resolution skills.
  • The ability to complete high-quality deliverables for senior management.
  • Must have strong interpersonal skills and qualities which enable you to work with peers and various levels of management.
  • A self-starter, who can effectively navigate a complex organizational structure, managing teams through influence and direct line management.
  • Proven success developing relevant metrics, analyzing data, and identifying trends to help drive improvements to the client focused control assurance processes and operating environment.
  • The ability to work independently, make decisions and multitask effectively in a diverse project-oriented environment.

About Us: 

Envestnet is a leading independent provider of technology‐enabled investment and practice management solutions to financial advisors who are independent, as well as those who are associated with small or mid‐sized financial advisory firms and larger financial institutions. Envestnet's technology is focused on addressing financial advisors' front, middle, and back‐office needs while leveraging our platform to grow their businesses and expand client relationships.

We offer a highly competitive compensation and benefits package as well as the excitement, challenges, and rewards of a fast-growing, entrepreneurial company.

Why Choose Envestnet: 

  • Be a member of a leading financial services and products innovation company
  • Competitive Compensation/Total Reward Packages that include:
    • Health Benefits (Health/Dental/Vision)
    • Paid Time Off (PTO) & Volunteer Time Off (VTO)
    • 401K – Company Match
    • Annual Bonus Incentives
    • Equity
    • Parental Stipend
    • Tuition Reimbursement
    • Student Debt Program
    • Charitable match
    • Wellness Program
  • Work on global projects with diverse, energetic, team members who respect each other and celebrate differences

Envestnet is an Equal Opportunity Employer.

Envestnet refers to the family of operating subsidiaries of the public holding company, Envestnet, Inc. (NYSE: ENV).

#LI-AQ1 #LI-Hybrid