MetLife

EMEA Director Privacy and Data Protection. 

Job Location:   MetLife Europe location 

(UK/Ireland/France/Spain/Portugal/Poland/Romania/Italy/Czech Republic/Hungary)

Department: 

Compliance Risk Management (CRM) delivers a compliance risk framework that enables the businesses and functions to comply with applicable internal and external rules and regulations and maintain risk levels within MetLife’s risk appetite. CRM provides constructive challenge to the businesses and functions, partnering closely with them to implement strong processes and effective controls, as well as to foster and embed a culture of compliance. 

Within CRM, the Privacy Compliance Group (PCG) is a central oversight team responsible for the design, maintenance, and oversight of the Global Privacy and Data Protection Policy and Standard including Global Privacy Program for MetLife. 

Role Value Proposition:  

This position reports directly to the EMEA Head of Privacy.  Supporting the EMEA Head of Privacy, you will be responsible for promoting a data protection culture across the business and be responsible for helping to manage the day-to-day operations of PCG interpreting, implementing, and updating global compliance policies, with a specific focus on EMEA region country privacy laws. In addition, this position will be responsible for devising and implementing strategies to further the ongoing maturity of MetLife’s global and EMEA region privacy compliance program; conducting and communicating risk assessments; Personal Data Incident management and leading privacy training initiatives.

Key Responsibilities:

·       Active day-to-day involvement in execution and implementation of the PCG operating model for the EMEA countries, and regional corporate functions, including involvement in handling privacy incidents, meeting local notification requirements, production and review of regional privacy metrics, monitoring of regulatory developments, monitoring and testing, developing and delivering training, and involvement in the vetting of third parties throughout the region. 

·       Deputise and discharge duties and the EU Data Protection Officer.

·       Lead in technology and change projects on the integration of new or update in privacy and data protection requirements (e.g new regulations or emerging technologies such as AI)  

·       Actively manage privacy risk assessments including being point of escalation using OneTrust system of record.

·       Leading as required and maintaining cross-functional working groups to coordinate privacy efforts, including current projects and initiatives and regulatory awareness

·       Partner with corporate functions, business units and Regional/Country Compliance Officers to ensure effective awareness and engagement on privacy risk.

·       Advise and support Country Compliance Officers on providing credible challenge to each country business area and corporate function as to compliance with relevant privacy laws, regulations, and policies. 

·       Work closely with peers in CRM to ensure consistent processes and approaches are followed and synergies realized, breaking through silos, and encouraging a collegial, globally coordinated implementation of Privacy Program.

·       Stay abreast of changes in the regional regulatory environment and help analyze the business impact of privacy-related regulatory changes impacting the relevant businesses.

·       Support EMEA Privacy Head in the review and update existing global privacy policies, procedures, and processes in line with regulatory requirements and expectations.

·       Develop and lead initiatives to advance the effectiveness and sophistication of the regional Privacy Program creating alignment with the Global Privacy and Data Protection Policy and Standards including Global Privacy Program.

·       Develop and execute annual training plans on but not limited to privacy regulations, risks, and processes.

·       Reporting and oversight of metrics and reporting to measure regional privacy risk.

·       In partnership with Information Security, co-own the regional privacy incident management response plan, which includes coordinating investigation into potential data breaches, and partnering with Legal Affairs to determine if incidents meet applicable regulatory reporting requirements.

·       Advise on compliance policy interpretation and work with business areas, corporate function partners, and regional / country / business Compliance to resolve significant breaches and violations of such policies, and external reporting when required.

·       Work collaboratively with other control functions, including third-party risk management, to ensure the efficient, effective, and risk-based vetting and oversight of vendors and other third-parties with access to personal information entrusted to MetLife.

·       Participate in and advise on privacy and data protection issues and regional strategic initiatives that involve aspects relating to privacy compliance and data protection requirements.

·       Oversee and actively participate in execution of all elements of the PCG Privacy Program as it impacts the region including risk-based monitoring and testing.

Candidate Qualifications, Essential Business Experience, Competencies, and Technical Skills:

·       8+ years of risk management or compliance experience in a relevant business (financial services/insurance), including relevant privacy experience / expertise and a demonstrated risk, governance, and ownership mindset.

·       Excellent ability to manage privacy risk assessments including appropriate review and challenge. 

·       In-depth knowledge and proven expertise with analyzing and applying privacy laws, regulations and corporate policy and procedures for compliance with data privacy laws and regulations.

·       Information Security knowledge on the workings of firewalls, patching, encryption, anonymization, masking, secure sharing of personal data, able to understand Penetration Test results etc.

·       Excellent knowledge about supply chain risk and privacy risks related to vendor management.

·       Regulatory notification assessments and individual impact assessments in the event of a cyber incident providing subject matter expertise to the Global Resilience team including participation in cyber incident simulations.

·       Proven ability to assess privacy risks and develop and execute controls / processes, as well as ability to eliminate unnecessary and inefficient processes and activities – expert in handling privacy risk assessments.

·       Experience handling data breaches and having an ability to mobilize, lead and prioritize quickly in the face of a potentially significant data breach.

·       Building and maintaining strong relationships with other functional leads, including Legal Affairs, Risk Management, Operations, and Internal Audit to create a supportive and seamless compliance and ethical control culture and an appropriate risk environment.

·       Championing a high-performance environment and implementing a people strategy that attracts, retains, develops, embraces diversity, and motivates teams by fostering an inclusive work environment, communicating vision/values/business strategy, and managing succession and development planning for the team.

·       Ability to lead CRM in strengthening the privacy risk management program by being forward looking, embracing and leading change, collaborating on compliance best practices, and methodically working to fortify privacy compliance coverage of Corporate Functions.

·       Excellent interpersonal skills required to develop partnerships and relationships throughout the organization; experience interfacing with senior leaders and the business to provide guidance with respect to privacy matters while accomplishing business objectives.

·       Excellent written and verbal communication skills, including the ability to prepare and deliver presentations and communicate with senior and executive management.

Preferred qualifications:

• Experience maintaining Privacy compliance programs for a multi-national organization strongly preferred.
• Practitioners Certificate in Data Protection/CIPP or equivalent certification.
• Recognized Compliance Certification or Qualification.

Travel

Must be flexible to travel internationally.

Number of Openings

1

MetLife Success Principles 

·       Experiment with Confidence – Courageously learn and test new ideas without fear of failure

·       Act with Urgency – Demonstrate speed to action with agility and determination 

·       Seek Diverse Perspectives – Source ideas and feedback to expand thinking and make informed decisions

·       Seize Opportunity – Drive responsible growth and identify areas for continuous improvement

·       Champion Inclusion – Foster an environment where everyone is valued, heard, and can speak up

·       Create Alignment – Partner with others across the organization with candor and transparency

·       Take Responsibility – Be accountable and act in pursuit of the right outcomes

·       Enable Solutions – Anticipate and address obstacles while managing risk

·     Deliver What Matters – Execute meaningful priorities and follow through on commitments