American AgCredit logo

Privacy and Information Governance Compliance Program Manager

American AgCredit
3 hours ago
Full-time
Remote
United States
$110,339.37 - $198,610.88 USD yearly
Information Governance

Why should you join our team?

American AgCredit offers a unique opportunity to be a part of a national financial system supporting those who feed, clothe and fuel the world. We are a growing organization embracing collaboration and innovation while delivering transformative solutions. American AgCredit provides a cultivating environment where you truly make a difference for our customers and teams.

Benefits offered by American AgCredit:

  • Commitment to agriculture and the communities we serve
  • Family friendly work environment
  • Investment in employee development
  • Medical, Dental and Vision coverage
  • Outstanding 401k – automatic 3% employer contribution, plus match up to 6%
  • Generous Paid Time Off (Vacation accrued at 26 days annually, Sick Days accrued at 15 days annually, 12 paid holidays, plus 16 hours of volunteer time)
  • Competitive Incentive Compensation Plan
  • Disability & Life Insurance
  • Employee mental, physical, and financial wellness programs
  • The position is bonus eligible based on association and personal performance

Position will be posted until filled.

BASIC FUNCTION:

The Privacy and Information Governance Compliance Program Manager is responsible for designing, implementing, and maturing the Association’s enterprise Privacy Program in alignment with regulatory requirements, industry standards, and evolving organizational needs. This role serves as the Association’s primary privacy subject-matter expert and liaison to internal stakeholders, customers, regulators, and auditors. The Privacy and Information Governance Compliance Program Manager works independently and collaborates with business units within all three lines of responsibility to manage risks arising from operational, technological, and AI-driven changes affecting privacy.

ESSENTIAL DUTIES:

Under the oversight and direction of the Executive Head of Compliance, Ethics, and Regulatory Management, this position is responsible for the following:

Governance & Program Leadership

  • Establish, design, and implement a structured framework for the Privacy Program, ensuring a clear delineation of roles and responsibilities for privacy and information governance-related tasks and fostering cross-functional collaboration by involving relevant cross-functional stakeholders through the RACI model.

  • Develop, implement, and maintain comprehensive privacy policies, procedures, work instructions, and governance structures, ensuring ongoing alignment with best practices and regulatory requirements.

  • Develop and routinely update comprehensive policies and procedures governing privacy and data protection for customers and employees, ensuring these guidelines reflect actual business practices and personal data management.

  • Prepare and review privacy notices, disclosures, and customer communications to ensure clarity, transparency, and compliance with disclosure obligations.

  • Establish and maintain clear, actionable protocols for responding to data breaches, aligning response plans with regulatory requirements and organizational operations.

  • Ensure ongoing compliance with privacy regulations by regularly reviewing and revising documentation to accurately represent day-to-day handling of sensitive information.

  • Drive alignment between the Privacy Program, Operational Risk Management Framework, Information Governance, and IT Control efforts.

Privacy Impact Assessment (PIAs) & Risk Management

  • Build, implement, and integrate a holistic and scalable Privacy Impact Assessment process to systematically evaluate risk and controls for new products, services, emerging technologies (AI, machine learning, and cloud services), or business processes for privacy risks and recommend mitigation strategies.

  • Assist in the assessment and monitoring of third-party service providers to ensure they meet organizational privacy and data protection standards through tools such as standardized questionnaires, contractual clauses, etc.) and determine the cadence of these efforts.

  • Monitor regulatory changes by staying informed about evolving privacy laws and regulations (such as GLBA, GDPR, CCPA, and other applicable standards) and proactively update policies and practices to maintain compliance, when applicable.

  • Oversee and coordinate the process for responding to individuals' requests to access, correct, delete, or obtain copies of their personal data, ensurinweg all responses are timely and comply with legal and regulatory requirements.

  • Partner with stakeholders to perform regular cross-functional risk assessments.

Compliance Monitoring, Metrics & Reporting

  • Design, implement, and maintain a comprehensive privacy monitoring framework that enables continuous oversight of data protection practices, supports the timely identification and escalation of privacy risks, ensures regular and actionable reporting to the Board of Directors, and incorporates robust change management workflows to adapt to evolving regulatory requirements and organizational changes.

  • Design, implement, and continuously refine key privacy-related performance metrics, leveraging dashboards and analytics to enable real-time monitoring and actionable insights.

  • Collaborate with both first and second lines of responsibility to design and execute thorough control testing procedures that validate compliance with privacy requirements, identify gaps in data protection practices, and ensure corrective actions are implemented to address any deficiencies.

Personal Data Inventory & Information Management

  • Mature and enhance the organization's inventory of personally identifiable information (PII), ensuring it is comprehensive, accurate, and aligned with internal data repositories.

  • Prepare and maintain the PII inventory to be compatible with future data-mapping tools and systems, enabling seamless integration and adaptability as organizational technologies evolve.

  • Ensure the organization has clear visibility into the personal data it holds, its storage locations, and maintains the ability to update or integrate this information efficiently with new data management solutions.

  • Oversee and enforce organizational policies and procedures for data retention, secure destruction, and minimization, ensuring that personal and sensitive data is stored only as long as required, disposed of securely when no longer needed, and limited to what is strictly necessary for business purposes.

  • Collaborate actively with Records Management to maintain accurate records and with Legal to ensure all practices are compliant with relevant laws, regulations, and industry standards.

Incident Management & Breach Response

  • Design, implement, and continuously improve an incident management and breach response program.

  • Lead and coordinate the intake, thorough evaluation, escalation, and resolution of privacy incidents, adhering strictly to the organization’s Privacy Incident Notification procedures to ensure prompt and effective action.

  • Collaborate proactively with cybersecurity, legal, risk management, and business unit stakeholders to facilitate rapid containment of incidents, fulfill regulatory reporting requirements, and manage customer notification processes in alignment with applicable laws and organizational policies.

  • Maintain comprehensive and accurate documentation for each incident, systematically capturing key findings and outcomes, and apply lessons learned to drive ongoing improvements to the privacy program and incident response protocols.

Training, Awareness & Culture Building

  • Design, implement, and continuously improve comprehensive privacy training and awareness programs tailored to the needs of the entire organization as well as to specific roles, ensuring all staff—from frontline employees to leadership—are equipped with up-to-date knowledge of privacy requirements, best practices, and emerging risks. Engage staff through interactive, scenario-based learning and regular refresher modules to cultivate a strong culture of compliance and proactive risk management across all business functions.

Regulatory & External Engagement

  • Proactively support and coordinate regular internal audits and comprehensive assessments of data handling practices to identify potential compliance gaps, risks, and opportunities for improvement, ensuring that corrective actions and best practices are systematically implemented to drive ongoing program excellence.

  • Establish and cultivate strong, collaborative relationships with regulatory authorities, key industry groups, and privacy advocacy organizations to remain informed of regulatory developments, emerging trends, and evolving best practices, positioning the organization to anticipate and adapt to changes in the privacy landscape.

  • Lead the preparation of timely, accurate, and thorough regulatory responses and manage the end-to-end delivery of all regulatory examination materials and documentation related to privacy, ensuring that all submissions meet the highest standards of compliance, transparency, and organizational readiness.

Other Duties

  • Serve on the Association’s Geopolitical Risk Committee and Operational Risk Committee, which are Governance and Risk Committee subcommittees.

  • Oversee and manage Privacy Program risk-related budgets and resources.

  • Perform other duties as assigned by the Executive Head of Compliance, Ethics, and Regulatory Management.

LEVELS OF SUPERVISION EXERCISED AND RECEIVED

Reports to the Executive Head of Compliance, Ethics, and Regulatory Management. This position does not have direct reports; however, this individual has a wide span of control as the Association’s designated Privacy Officer.

BACKGROUND AND EXPERIENCE:

  • Minimum of 8-10 years of directly related experience in privacy, data protection, risk Possess a minimum of 8-10 years of progressive, hands-on experience in privacy, data protection, risk management, information security, or auditing, with a strong preference for candidates with a background in financial services environments.

  • Hold a Bachelor's degree with a major in finance, business, information systems, or a closely related field, or demonstrate equivalent work experience. A Juris Doctorate is preferred; however, not necessary.

  • Maintain formal, interdisciplinary risk alignment certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM); additional credentials such as Certified Information Privacy Officer (CIPP), Certified Information Privacy Technologist (CIPT), or Certified Information Privacy Manager (CIPM) are highly valued. Commitment to ongoing professional education and development is required.

  • Demonstrate a proven ability to operationalize complex privacy obligations under CPRA, CCPA, and other multistate data privacy regimes within large, matrixed organizations, effectively managing competing priorities and meeting critical deadlines both independently and as part of a collaborative team.

  • Possess deep expertise in privacy regulations, personal data processing, and the full data lifecycle, with the ability to apply this knowledge to real-world scenarios and ensure compliance across the organization.

SKILLS AND EXPECTATIONS:

  • Exhibit experience in fostering and embedding a risk-aware culture within fast-paced, rapidly evolving business environments, adapting strategies to meet organizational needs.

  • Demonstrate a strong track record of building and sustaining cross-functional partnerships, and communicating complex privacy and risk management concepts clearly and persuasively to senior leadership and executive stakeholders.

  • Bring prior experience working directly with regulatory agencies, participating in regulatory examinations, and supporting compliance-related inquiries (preferred).

  • Exhibit strategic thinking skills, with the authority and confidence to influence, oversee, and monitor the performance and continuous improvement of the Privacy Program.

  • Possess comprehensive knowledge of Enterprise Risk Management frameworks, including risk management processes, risk appetite statements, key risk indicators (both leading and lagging), and conducting robust risk assessments and reviews.

  • Demonstrate mastery of the English language, with exceptional skills in proofreading, editing, formatting, and spelling to ensure the highest quality of written communications.

  • Be highly proficient in utilizing software and information technology tools to collect, organize, manage, and disseminate information, with a demonstrated ability to leverage technology in innovative and complex situations.

  • Exhibit exceptional written and oral communication, facilitation, and presentation skills, with a history of effectively reporting to all levels of the organization, including the Board of Directors and Executive Team. Strong analytical, problem-solving, and stakeholder engagement abilities are essential.

  • Demonstrate a results-oriented approach, with the ability to analyze problems and deliver solutions efficiently, accurately, and thoughtfully under tight deadlines.

  • Present a professional demeanor and positive attitude, interacting effectively with colleagues at all levels, external auditors, and regulatory agencies, while consistently demonstrating integrity, discretion, and sound judgment.

  • Bring a forward-thinking, enterprise-wide perspective to proactively identify and address potential and emerging privacy and risk issues, aligning with organizational goals and regulatory expectations.

  • Exhibit unwavering integrity, high ethical standards, and a strong work ethic, maintaining confidentiality and exercising excellent judgment in all matters.

  • Willingness and ability to travel domestically up to 20% of the time to support business needs, team meetings, and regulatory engagements.

ESSENTIAL JOB REQUIREMENTS:

Must be able to perform basic office tasks and work in a typical office setting. The employee will be sitting for extended periods and accomplishing work at a desk and a computer for an extended period. Must have strong written and verbal communication skills to convey ideas and work with a team effectively. The ability to talk and hear, sit and use their hands and fingers, and reach in all directions is essential in the performance of the job. Some lifting and moving of items up to 25 pounds is required. Work during established business hours and may require occasional weekend and evening work. Travel required.

The company reserves the right to add, delete, change, or modify the job duties at any time.

FULL-TIME REMOTE: These roles and job functions can be done remotely, while maintaining our strong commitment to customer service and our business goals. Employees are welcome to come to an office to work if needed, and some travel for team meetings will be required.

PAY RANGE:

Minimum $110,339.37 - Max $198,610.88 Annual

This range is reflective of the national salary average for this position and will be adjusted using geographic variance for physical location of the hired candidate. American AgCredit may compensate outside of the salary range for bona fide reasons not related to membership in a protected class.

  • Reflected is the national base pay range and title offered for this job at the current level.

  • Compensation, title, and job level may be adjusted based on candidate qualifications including but not limited to achievements, skills, experience, or work location.

  • Salary offered, within the applicable range, is one component of the total rewards package offered to candidates.

#LI-REMOTE

All hiring is contingent on eligibility to work in the United States. We are unable to sponsor or transfer visas for applicants.

American AgCredit provides equal opportunity in employment to all employees and applicants. We celebrate diversity and do not discriminate on the basis of race, color, creed, religion, national origin, ancestry, alienage or citizenship status, age, sex, sexual orientation, gender identity, gender expression, marital status, genetic information, medical condition, physical or mental disability, pregnancy, childbirth or related medical condition, military service or veteran status, victims of domestic violence, or any other characteristics protected by applicable federal, state, or local laws. American AgCredit prohibits harassment of any individuals on any of the bases listed above.

If you need assistance or an accommodation due to a disability, you may contact us at jobs@agloan.com.