Manager, Privacy Engineering

The Manager, Privacy Engineering will lead teams that build and extend data privacy-preserving and enhancing processes and technologies in our cloud environments and will manage and enhance the company’s data privacy programs to ensure compliance with privacy frameworks, standards, and regulatory requirements. In collaboration with cross-functional teams, this role will design and monitor risk treatments, maintain system and control inventories, and provide comprehensive reporting on program performance. Additionally, this position is expected to be a subject matter expert, keeping up on industry developments to advise leadership and maintain compliance with evolving standards.
Essential Functions and Responsibilities:Review privacy frameworks, standards, and guidelines as well as regulatory, industry, and business compliance requirements as decided by the company’s Data Privacy Officer(DPO) to identify, plan, design, and enhance risk treatments in conjunction with risk, legal, and security team membersMaintain accurate inventories of the company’s systems and controls in a GRC platform and complete weekly reviews to monitor and report on the effectiveness and maturity of risk management and data privacy programsSupport internal and external auditors in reviewing the suitability of design and operating effectiveness of data privacy program controls by serving as the primary point of contact for ERM for audit planning, execution, and reportingDesign and implement risk and privacy program metrics that accurately reflect program performance and enable data-driven decision-makingProduce executive and operational reporting on the performance of the privacy program, including conformance to privacy frameworks, data privacy standards, and industry best practicesServe as the vendor owner for privacy-related vendors, including maintaining due diligence documentation, completing ongoing oversight tasks, and monitoring performance to ensure alignment with program requirements and expectationsProvide sprint, project, and architectural guidance to the privacy engineering teamProduce and deliver job-specific education and training to staff on emerging privacy threats and privacy-enhancing technologiesCollaborate with risk analysts, product managers, and legal representatives to establish and critically monitor risk treatment plans relevant to consumer privacy and data protection risksEvaluate developments in the industry, advise the Chief Risk Officer and DPO on upcoming changes, and analyze gaps to maintain compliance as requirements evolvePresent an overview of the data privacy program to prospective clients remotelySupport responses to data subject access requests (DSARs) by coordinating responses across departments as requiredComplete and update internal program documentation, including client due diligence repositories, responses to industry questionnaires, and responses to individual client privacy program questions received through RFPs and requested as part of clients’ ongoing due diligence of Lumin DigitalPerform other duties as assigned.

Position Specifications
Education: Bachelor’s Degree in Management Information Systems, Information Assurance, or related field; or equivalent self-study in compliance or audit with demonstrated command of key concepts and technologies and proficiencies in technology risk treatment and monitoring, data privacy, or other technical privacy risk management domains is required.Relevant industry certifications such as the CIPP/US, CIPM, and/or CDPSE preferred
Experience:Seven (7) years of experience in a risk management or data privacy program management-related role is requiredExperience interpreting and mapping data privacy standards and requirements documents into formal control statements with associated auditable tests requiredExperience supporting organizational and program audits through scoping engagements, designing and refining control statements, and collaborating with auditors to obtain and provide evidence as requested requiredExperience building presentations and reports to management on the performance, effectiveness, and risks of an enterprise program requiredExperience working with data inventory discovery, mapping, and management tools and diagramming visualization tools required
Knowledge, Skills, & Abilities:Foundational technical knowledge of data privacy management tools, techniques, and proceduresFamiliarity with consumer financial technology service provider ecosystem, including how personal information is collected, processed, stored, and shared with third-party providers in digital banking, loan origination, KYC, fraud prevention, and other intermediariesFamiliarity with prevalent data privacy standards and best practices, including the NIST Privacy Framework, ISO 27701/27018, and SOC 2 trust services criteriaFamiliarity with rules and regulations relevant to financial services and global technology service providers, including the FFIEC IT Examination Handbook, GLBA Privacy Rule, GDPR EU-US DPF, and COPPA and their implementation requirements and challengesAbility to work independently as part of a distributed team to meet deadlines related to internal projects and external audit calendars with minimal supervisionCalm and serious attitude, technical aptitude, appropriate sense of urgency, and strong communication and interpersonal skillsAbility to drive data privacy outcomes with a consumer-first, not a compliance-first approachCuriosity and a strong drive to fully understand and keep apprised of privacy risk management issues and trends
Travel: Minimal, generally 12 days or less per year, ~2X team get-togethers a year
LIFE AT LUMIN DIGITAL
Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.
At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.
All qualified applicants, including those with arrest or conviction records, will be considered for employment. Any conditional offer will include a notice regarding the review of the candidate’s criminal history as part of the hiring process.
For more information, visit lumindigital.com.