Job Description
Position: VP, Chief Privacy Officer
Job Location: New York, NY, Dublin, Ireland, or Dubai, UAE
Department : MetLife’s Global Risk Management organization serves as a strategic enterprise partner to enable responsible growth in our role as a leading and innovative provider of global protection planning and retirement and savings solutions to tens of millions of customers worldwide. The department is committed to building a best-in-class second line of defense for risk identification, measurement, and mitigation.
Within Global Risk, Corporate Ethics and Compliance (CEC) provides for shared ownership of risk management and better coordination of risk prioritization across the company. CEC is responsible for designing and delivering a framework to help MetLife embed compliance and ethical behavior standards in business processes while enabling performance and growth. In its role as a strategic advisor, CEC focuses on existing and emerging risks, partnering constructively with the businesses and functions to implement strong processes, establish effective controls, and foster a culture of compliance. CEC monitors regulatory and industry trends and changes in order to develop and implement appropriate global and regional policies and procedures.
Privacy laws around the world increasingly regulate the way that companies collect, store, process, share, protect and retain personal information. These laws are rapidly changing in response to evolving technologies and the related complexity of preserving individual privacy rights. As MetLife transforms its technological capabilities to meet customer expectations for digital solutions, privacy is more important than ever. The responsible use of personal information and management of global privacy risks is foundational to what we do: Create enduring relationships to help our customers build a more confident future.
The Role: Reporting to the SVP and Head of Enterprise Compliance Programs, the Chief Privacy Officer (“CPO”) is a key member of the CEC leadership team and has overall responsibility for MetLife’s global privacy program. He or she will lead the development and execution of a comprehensive privacy strategy integrated across all business lines, regions, and functions. As the leader of the MetLife Corporate Privacy Office, the CPO will be responsible for operationalizing an expanded global privacy program, with a focus on creating the tools, policies, and training needed to equip employees and other stakeholders to handle personal data appropriately and responsibly. This role requires deep technical expertise, collaborative leadership and influencing capabilities, and has enterprise-wide impact. In addition, this person must be highly effective working cross-functionally. The CPO role presents an opportunity for an experienced leader to join MetLife at a time of external and internal transformation to share a vision for the overall privacy agenda as well as drive its implementation in accordance with MetLife’s commitment to maintaining customer trust while facilitating innovation and growth.
Key Responsibilities:
- Privacy Strategy
- Design and implement a framework and effective operating model for MetLife’s privacy function, including hiring, leading, developing and retaining a global team of approximately 10 to 15 privacy professionals
- Develop and lead initiatives to advance the effectiveness and sophistication of the privacy compliance program while delivering enhanced experiences across the end-to-end customer journey
- Monitor and analyze the business impact of privacy-related changes in the regulatory environment in all regions across MetLife’s global footprint
- Serve as an information privacy resource expert to the organization, advising on privacy and data protection issues and implications for firmwide strategic initiatives
- Program Execution
- Review and update existing privacy policies, procedures, and processes in light of rapidly evolving regulatory requirements and expectations
- Develop and implement firm-wide and site-specific employee and vendor training on privacy regulations, risks, and processes in partnership with Global Learning & Development
- Define relevant metrics, including key performance indicators, and lead the design of reporting to communicate privacy risk management events and progress to executive leadership and the MetLife Board
- Provide strategic direction for risk-based monitoring and testing programs to ensure coherence of privacy-related activities across regions and businesses
- Business Partnership & Advisory
- Partner with MetLife’s global and regional business areas, corporate functions, and regional and country compliance leaders to ensure timely engagement and effective decision-making on privacy risk matters and their impact on business operations and customer experience
- Advise on compliance with relevant laws, regulations, and policies, challenging the business constructively where appropriate
- Assess and facilitate the response to escalations from businesses and compliance officers, including advice on transfer or release of information
- Work with business areas and regional and country Compliance to interpret compliance policy, resolve and prevent breaches and violations as necessary, and oversee external reporting when required
- Team will serve as Compliance leads for corporate functions, such as HR, for which the primary Compliance risk is privacy
- Cross-Functional Collaboration
- Work closely with peers in CEC and other corporate functions to define roles and responsibilities related to privacy risk management, ensuring consistent processes and approaches, identifying synergies and economies of scale, and breaking down silos in support of a collegial, globally-coordinated privacy program and ethical control culture
- Partner with other control functions, including third-party risk management, to ensure the efficient, effective and risk-based vetting and oversight of vendors and other third parties with access to personal information entrusted to MetLife
- Collaborate with IT Risk, Information Security, and Data Management to ensure alignment between security and privacy compliance programs, including policies, practices, incident response, and investigations
- In partnership with IT Risk and Security, co-own the privacy incident management response plan, which includes coordinating investigations into potential data breaches and partnering with Legal Affairs to determine if incidents meet applicable regulatory reporting requirements
Key Relationships:
- Reports to: SVP, Head of Enterprise Compliance Programs
- Direct reports/team : ~6 directs, team of 10 to 15
- Key Stakeholders : GRM business, region and country risk, compliance, and governance leaders; CISO, Data Management, Legal Affairs, Risk Management, Operations, Internal Audit, Learning & Development, Marketing, Communications, Government Relations, Procurement, HR; leaders of US Business, EMEA, LatAm, Asia, Investments
Candidate Qualifications:
Essential Business Experience and Technical Skills:
- Expertise & experience
- 10-15+ years of relevant compliance or legal experience, including experience developing or managing a privacy compliance program and promoting a risk-aware, governance, and ownership mindset throughout an organization, ideally within financial services or insurance
- Expertise in and proven ability to interpret and apply relevant data privacy laws and regulations to corporate policy and procedures, including, but not limited to, the EU’s General Data Protection Regulation, New York State Department of Financial Services Cyber Security Regulation, the California Consumer Privacy Act, and HIPAA; JD and/or MBA preferred
- Demonstrated effectiveness assessing privacy risks and developing controls and processes appropriate to firm risk appetite while eliminating unnecessary and inefficient processes and activities
- Collaboration
- Excellent interpersonal skills and organizational intelligence required to develop partnerships in a complex, global, matrixed environment
- Demonstrated ability to interface with and influence senior business and functional leaders with respect to privacy matters while accomplishing business objectives
- Sufficient relevant technology and data management acumen to enable productive partnerships with IT risk, security and data teams
- Strong record of driving success within a collaborative team framework
- Leadership
- Motivational leader able to implement a people strategy to attract, retain, and develop talent, embracing diversity and encouraging a culture of inclusivity
- Proactive change management leader able to strengthen privacy compliance coverage across businesses and functions by collaborating on best practices and methodically implementing them
- Proven crisis management skills, including ability to mobilize, lead, and prioritize quickly in the face of data incidents
- Forward-looking thinker; anticipates and plans for regulatory developments, making sound recommendations and decisions on complex matters
- Board-level presentation and communication skills capable of representing MetLife’s privacy commitment and strategy externally with regulators and at industry events
- Travel
- Ability and willingness to travel internationally as needed
MetLife Success Principles
- Experiment with Confidence – Courageously learn and test new ideas without fear of failure
- Act with Urgency – Demonstrate speed to action with agility and determination
- Seek Diverse Perspectives – Source ideas and feedback to expand thinking and make informed decisions
- Seize Opportunity – Drive responsible growth and identify areas for continuous improvement
- Champion Inclusion – Foster an environment where everyone is valued, heard, and can speak up
- Create Alignment – Partner with others across the organization with candor and transparency
- Take Responsibility – Be accountable and act in pursuit of the right outcomes
- Enable Solutions – Anticipate and address obstacles while managing risk
- Deliver What Matters – Execute meaningful priorities and follow through on commitments
MetLife:
MetLife, through its subsidiaries and affiliates, is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.
We are one of the largest institutional investors in the U.S. with $600 billion of total assets under management as of December 31, 2019. We are ranked #44 on the Fortune 500 list for 2019. In 2019, we were named to the Dow Jones Sustainability Index (DJSI) for the fourth year in a row. DJSI is a global index to track the leading sustainability-driven companies.
MetLife is committed to building a purpose-driven and inclusive culture that energizes our people. Our employees work every day to help build a more confident future for people around the world.
We want to make it simple for all interested and qualified candidates to apply for employment opportunities with MetLife. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected] or call our Employee Relations Department at 1-877-843-3711.
MetLife is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at MetLife without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.
MetLife maintains a drug-free workplace.