Cipp E Jobs (NOW HIRING)

Role Summary

The Senior Risk Analyst - Privacy &ThirdPartyRisk is aSecond Line of Defense (2LoD)role and a member of theGlobal Privacy Office (GPO)andThirdPartyRisk Management (TPRM)function. The role provides independent risk oversight, effective challenge, and assurance over first-line activities andoutsourced TPRM services,operatingwithminimal supervisionand a high degree of professional judgment.

This position is expected to independently manage complex risk assessments, lead oversight activities,identifyemerging risk themes, and deliver clear, actionable insights to senior stakeholders and governance committees.

Responsibilities

Privacy Risk- Global Privacy Office:

• Independently provide 2LoD oversight of privacy risks arising from first-line business activitiesand serveas a subject matter resource on privacy risk matters.
• Lead review andchallengeofPrivacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), and privacy risk assessments.
• Evaluate the design and operating effectiveness of privacy controls and recommend enhancements aligned with regulatory expectations and risk appetite.
• Independently review privacy incidents, including root cause analyses and remediation plans.
• Provide technicalexpertiseandsupportthe implementation of privacy and data protection processes, controls, and procedures based on enterprise-wide guidance issued by the Global Privacy Office.
• Support the process of Privacy and Security by Design reviews, in particular, wherethey relate to the development and deployment of new technologies.This includes reviewing technical implementation details and design documentation for new systems andfeatures, andproviding guidance on improving privacy features in
• those systems.
• Collaborate with technology and security teams to embed privacy controls into the architecture of products and services, including providing advice and best practices to protect and mitigate privacy risks.
• Identifyopportunities to enhance the Global Privacy Office's technical capabilities, develop,testand work with technology teams to deploy such capabilities.
• Support the maintenance of the firm's required privacy compliance documentation (e.g., Records of Processing Activities, Transfer Impact Assessments, procedures, guides, training, SharePoint sites).
• Support the execution of the privacy compliance monitoring program.

Third-Party Risk Management:

• Perform quality assurance and effective challenge of third-party risk outputs produced by external service providers and first-line stakeholders.
• Monitor adherence to SLAs, KPIs, and contractual obligations of outsourced TPRM providers and escalate deficiencies asappropriate.
• Identifysystemic control gaps, concentration risk, and emerging third-party risk trends across the vendor population.
• Support thirdparty cyber and information security risk review activities.
• Contribute to the ongoing development of fourth-party risk governance and oversight practices.
• Identifyopportunities to enhanceTRPM's technical capabilities, develop,testand work with technology teams to deploy such capabilities.
• Support the maintenance of the firm's requiredTPRMcompliance documentation (e.g.,Policy, Supplier Management Standards, questionnaire templates, frameworks, training, Share Point sites).

Risk Governance, Reporting & Analytics:

• Independently develop and deliver executive-level risk reporting, dashboards, and management information.
• Assistwith monitoring and reporting emerging AI and technology risks across privacy andthird partyrisk, contributing to oversight of controls, assessments, and reporting.
• Leverage AI-enabled tools and advanced analytics toidentifytrends, emerging risks, and control weaknesses.
• Lead preparation for regulatory examinations, internal audits, and management assurance activities related to privacy and third-party risk oversight.
• Maintainaccurate, complete documentation in GRC, privacy, and TPRM systems and ensure audit-ready artifacts.

Qualifications

Required:

• Bachelor's degree in Risk Management, Information Systems, Finance, Business, Law, ora relatedfield.
• 5+ years of experience insecond-line risk management, privacy risk, or third-party risk oversight, preferably within financial services or asset management(or other industry subject to equivalent regulatory scrutiny).
• Demonstrated ability tooperateindependently with minimal guidance in a 2LoD environment.
• In-depth knowledge of global privacy regulations andoutsourced TPRM operating models.
• Required Certifications (at least one):
• Certified Information Privacy Professional (CIPP/US, CIPP/E)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Third Party Risk Professional (CTPP)

Preferred:

• Experience leading or independently managing 2LoD privacy or TPRM oversight activities.
• Asset management or broader financial services experience.
• Additionalcertifications:
• CIPM or CIPT
• ISO 27001 Lead Implementer or Auditor
• Familiarity with SEC, FINRA, and global regulatory expectations.

Tools & Technology (Preferred)

• Advanced experience with GRC, privacy, and TPRM platforms (e.g., Archer, ServiceNow, OneTrust,IBM OpenPages).
• Strongproficiencywith reporting and analytics tools (e.g., Power BI, advanced Excel).
• Practical experience using AI-enabled risk, compliance, or data analytics tools to enhance oversight and reporting(e.g., Microsoft Co-Pilot, ChatGPT Enterprise).
• Ability to automate reporting and improve risk visibility.

Key Competencies

• Strong independent judgment and risk-based decision-making.
• Ability to provide credible, effectivechallengeat senior levels.
• Excellent written and verbal communication skills.
• Strong issue management, quality assurance, and governance discipline.
• Comfortoperatingautonomously in a global, regulated environment.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to one day per week from home.