Information Governance & Data Protection Manager

Information & Data Governance

• Partner with first-line Data Governance teams to establish and maintain a robust enterprise data governance framework aligned to recognized industry standards (e.g., Basel BCBS 239, COBIT, ISO 20022).

• Develop, refine, and enforce governance policies and standards.

• Ensure alignment of data governance practices with applicable regulations, including Sarbanes-Oxley (SOX) and Dodd-Frank.

• Promote strong data quality practices, including validation, reconciliation, and integrity monitoring.

• Establish clear data ownership and stewardship models in collaboration with business stakeholders.

• Monitor, assess, and report on data quality and governance effectiveness.

• Ensure adherence to regulatory requirements and evolving industry best practices.

Information & Data Protection

• Establish and maintain policies, standards, procedures, and guidelines for secure information handling.

• Implement and oversee data protection strategies and supporting technologies.

• Conduct risk assessments to identify vulnerabilities within data handling and processing activities.

• Enforce appropriate controls including encryption, access management, and monitoring mechanisms.

• Lead response efforts related to data incidents, ensuring timely remediation and risk mitigation.

• Ensure compliance with applicable data protection regulations such as GDPR and GLBA.

Records Retention & Management

• Develop and maintain records retention policies, standards, schedules, and procedures.

• Oversee compliant archiving and secure disposal of records in accordance with legal and regulatory requirements.

• Partner with Legal and Compliance teams to mitigate records-related risks.

• Conduct periodic audits of records management practices to ensure effectiveness and compliance.

• Strong written and verbal communication skills

• Advanced analytical and problem-solving capabilities

• Ability to collaborate effectively across business and risk functions

• Demonstrated experience building, leading, and developing high-performing teams

• Bachelor’s degree in Information Security, Risk Management, or a related field

• Minimum 7 years of experience in information security, data governance, data protection, or records management

• Deep understanding of regulatory and industry standards (e.g., GDPR, CCPA, ISO 27001)

• Knowledge of governance frameworks such as Basel BCBS 239, COBIT, and ISO 20022

• Professional certifications such as CISM, CISSP, or CRISC preferred

#LI-MM2