Job description
Our division prevents, detects and mitigates compliance, regulatory and reputational risk across the firm and helps to strengthen the firm’s culture of compliance. Compliance accomplishes these through the firm’s enterprise-wide compliance risk management program. As an independent control function and part of the firm’s second line of defense, Compliance assesses the firm’s compliance, regulatory and reputational risk; monitors for compliance with new or amended laws, rules and regulations; designs and implements controls, policies, procedures and training; conducts independent testing; investigates, surveils and monitors for compliance risks and breaches; and leads the firm’s responses to regulatory examinations, audits and inquiries. You'll be part of a team with members from a wide range of academic and professional backgrounds, such as law, accounting, sales, and trading. We look for those who possess sound judgment, curiosity, and are able to adapt to a changing regulatory landscape.
At Goldman Sachs, our culture is one of teamwork, innovation and meritocracy. We often say our people are our greatest asset and we take pride in supporting each colleague both professionally and personally. From collaborative work spaces and ergonomic services to wellbeing and resilience offerings, we offer our Compliance professionals the flexibility and support they need to reach their goals in and outside of the office.
The successful candidate, who will work from Goldman Sachs’ London office, will provide data protection and privacy advisory support to a range of Goldman Sachs businesses within the EMEA region, including Marcus UK, Private Wealth Management, Global Markets Division and Goldman Sachs Asset Management. The candidate will also play a key role in collaborating with colleagues to further build out the firm’s privacy program to address the evolving regulatory landscape, enhance divisional collaboration and increase cross functional engagement.
Global Privacy Office has team members in New York, Chicago, Dallas, Warsaw and London. Global Privacy Office works with other privacy and data protection stakeholders at Goldman Sachs, including the Legal, Engineering and Technology Risk teams, Risk, Operations and the business teams that develop and manage financial products and services.
YOUR IMPACT
As a member of Global Privacy Office in London, your responsibilities will include:
- Providing privacy advisory guidance to business, engineers, operations, compliance and other stakeholders to enable the delivery and development of privacy compliant business initiatives
- Reviewing and assessing products, features and business activities against privacy requirements and standards
- Incorporating privacy-by-design and privacy-by-default into business, products, new features and technology
- Developing privacy design requirements and conducting oversight of the implementation of such requirements
- Reviewing and assessing third party vendors, partnerships and the proposed data integrations from a privacy perspective.
- Providing guidance associated with the implementation of new privacy and data protection laws or regulations
- Supporting the development and implementation of privacy governance frameworks with key stakeholders in Operations, Compliance, Engineering, Legal and Risk
- Implementing and overseeing the effectiveness of privacy controls, privacy enhancing technologies, and privacy risk mitigates
- Drafting, editing and reviewing responses to data subject requests and data protection-related queries
- Drafting and reviewing privacy-related disclosures, including fair processing notices and cookie disclosures, for financial products
- Supporting the creation of, and reviewing data processing records and compliance assessments, including data protection impact assessments
- Drafting, reviewing, and revising existing data privacy policies, procedures and best practice documents
- Developing and delivering privacy and data protection training.
SKILLS EXPERIENCE WE'RE LOOKING FOR
- Experience with international privacy regulatory frameworks, particularly GDPR, PECR and other applicable laws and regulations and jurisdictional variations;
- Financial services experience is a plus
- Experience with developing and/or implementing governance frameworks for wide-scale use of cookies and similar tracking technologies
- Experience in a Data Protection Office, Privacy Risk, Privacy Compliance or Privacy Legal / Paralegal function
- Experience advising on direct marketing, ECRM and online behavioral and targeted advertising, including governance of these practices
- Experience of drafting responses to complaints from data subjects and handling nuanced data subject right requests.
- Experience performing formal and informal risk assessments for new and existing digital products and services from a privacy regulatory perspective
- Strong relationship management skills with ability to deepen relationships and build partnerships across the business, including in Operations, Compliance, Engineering, Legal and Risk
- Comfortable taking the initiative and working across multiple business lines and jurisdictions
- An understanding of digital and retail focused businesses, including new and developing businesses is also advantageous
- Certified Information Privacy Professional accreditation or similar accreditation preferred
- Experience with Microsoft PowerPoint and Excel
- Excellent, written and verbal communication skills; highly organized and sound organizational skills.