HR EMEA Records and Data Privacy Grp Manager, Senior Vice President (C14)

London, United Kingdom
21 Jan 2023
26 Jan 2023
Job Function
Industry Sector
Finance - General
Employment Type
Full Time
This is a First Line of Defense role within the HR EMEA Data Protection team, whereby the candidate will
  • Define the Human Resources Workforce Data Protection Strategy which will include management and oversight of the use of personal data by each HR business and functional unit Globally with substantive emphasis in EMEA due to its highly regulated Data Privacy Regulations such as GDPR.
  • Defines and standardized process and standards across Human Resources Ensures a co-ordinated approach in compliance with relevant regulations, policies, standards, best industry practices and
  • Leads and proactively creates a collaborative environment to maintain compliance and help drive business growth.
Roles and Responsibilities
  • Ensure adherence to jurisdictional, Legal, or Regulatory requirements for all Human Resources record types, as provided by Citi's Legal/Compliance guidance, while enabling business and technology innovation
  • Evaluate emerging new Data and Privacy legalisation and assess impact to existing Human Resources procedures and frameworks
  • Ensure that in the event of organizational change the records continue to have clearly identified ownership
  • Using a risk-based approach define a HR workforce data global governance structure including cataloguing inventory of relevant records subject to retention and legal hold obligations, outcomes management reporting, metrics, key Risk indicators (KRI) and an escalation process.
  • Partnering with compliance, risk, legal and data protection officer colleagues, and Business Unit Heads, assess privacy and records related risk(s), to implement corrective action plans.
  • Help define clear records and applicable privacy ownership roles, accountabilities, and responsibilities (RACI) Globally within HR businesses and their supporting organisations
  • Develop executive level communications and privacy and records disposition compliance reporting to help business units manage their regulatory obligations relative to their business area
  • Develop strong working relationship with the Data Privacy Office and other legal, compliance and risk groups responsible for advising and reviewing the compliance with relevant laws, regulations, and regulatory expectations
  • Be a versatile team player, display leadership qualities, and be able to manage multiple privacy related projects and corrective actions plans simultaneously
  • Keep abreast of emerging technologies and how advancements could support the HR workforce data team strategic direction
  • Be vigilant and keep focus on the eternal risk landscape, including review of Global Regulator fines and focus areas, taking lessons learned for Citi where possible
  • Act as a privacy matters escalation point of contact when required, including in the review and management of a privacy breach to ensure effective monitoring to resolution path
  • Support and active engagement in internal audits to ensure privacy compliance procedures are followed
  • Create and monitor a robust international data transfer oversight procedure
  • Support and monitor adoption of enterprise privacy standards and controls
  • Monitor processes to ensure they are designed with privacy in mind
  • Educate and guide teams on adoption of privacy best practices, including support development of privacy training series
  • Has the ability to operate with a limited level of direct supervision; and can exercise independence of judgement and autonomy
  • Works as a partner closely with the Head of Risk and Control and Data Privacy Officer for EMEA, provides insight, oversight, guidance, and advice on key areas of focus, strategy and priorities for the region.
  • 7+ years of experience managing risks and privacy (GDPR) related projects, including development of global standards, policies and procedures, cookies compliance, development of privacy notices and standardisation of records of processing
  • 7+ years of project management, business analysis and problem-solving skills is desirable
  • Deep knowledge of privacy laws (GDPR, ePrivacy Directive, Schrems II, etc.) is highly preferred
  • Knowledgeable of privacy and data protection principles and best practices, relevant policies, procedures, and standards required within the European HR industry required
  • Relevant exposure to the creation of record of data processing (ROPA) and Privacy Notices, conducting risk assessments (both Privacy Impact Assessment (PIA) and Data Transfer Assessments (DTA) in diverse operational environments
  • Experience with developing records governance structures, procedures, and relevant records retention processes for individual rights requests
  • Assure formal training and necessary resources support monitoring and reporting of frameworks compliance and effectiveness
  • Previous experience in developing and implementation of a strategic metrics program
  • Experience working in a distributed, multi-location, multiple disciplined global team
  • Experience working and overseeing records and privacy related matters with vendors
  • Strong analytical skills, collaboration and problem-solving skills is required
  • Proven thought leadership skills with the ability to translate ideas into relevant and value-added solutions
  • Demonstrated ability to lead change
  • Ability to influence without authority and communicate effectively across all levels of the organization
  • Excellent verbal and written communication skills
  • Ability to present a compelling case to influence others where appropriate
  • High degree of initiative and personal accountability, self-starter and highly motivated
  • Project management and coordination skills with proven ability to meet deadlines, prioritize assignments and manage multiple projects simultaneously
  • Well-organized, self-confident, and good at maintaining strong relationships at all levels of the organization
  • Attention to detail is a must.
  • Bachelor's/University degree in related field or equivalent experience
  • Masters Degree is a plus in related areas of expertise.
  • Professional qualifications with up-to-date licensing requirements and/or membership with accredited professional bodies required, e.g. IAPP.
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Job Family Group:
Technology -------------------------------------------------
Job Family:
Data Governance ------------------------------------------------------
Time Type:
Full time ------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .

View the " EEO is the Law " poster. View the EEO is the Law Supplement .
View the EEO Policy Statement .
View the Pay Transparency Posting
  • You need to sign in to save