Privacy and Data Protection Manager
Company Description
Square builds common business tools in unconventional ways so more people can start, run, and grow their businesses. When Square started, it was difficult and expensive (or just plain impossible) for some businesses to take credit cards. Square made credit card payments possible for all by turning a mobile phone into a credit card reader. Since then Square has been building an entire business toolkit of both hardware and software products including Square Capital, Square Terminal, Square Payroll, and more. We're working to find new and better ways to help businesses succeed on their own terms-and we're looking for people like you to help shape tomorrow at Square.
About Square Financial Services
Our purpose of economic empowerment guides everything we do at Square. With that purpose in mind, we launched Square Financial Services (SFS), an Industrial Loan Company (ILC) chartered Bank in 2021, to offer small business loans and FDIC-insured deposit products. Within this team, you'll be at the forefront of creating a bank that allows customers to thrive. We can't wait to see what we can build together.
Job Description
The SFS security team directs and manages the overall cybersecurity and information security programs for the independent banking subsidiary of Block, Inc. We collaborate with teams across the Bank and Block in pursuit of industry-leading controls to manage and mitigate security and technology risks. We are looking for a driven and innovative Privacy and Data Protection Manager to support our program as the bank continues to grow and take on privacy concerns, security challenges and compliance obligations.
You will advance our team's mission as you develop a deep understanding of our products, technologies, data protection controls, and work with cross-functional teams to measure and evolve our privacy, security and compliance posture.
You will:
- Manage a privacy and data protection program, including control description documentation, maturity assessments, and improvement roadmaps.
- Manage cross-functional privacy, security, and compliance evaluation projects, including planning, prioritization, execution, dependency management, and risk analysis.
- Participate in technical design discussions, evaluate privacy and security properties of systems and services, drive risk decisions, and influence technical architecture to support our regulatory obligations, business goals, and customer expectations.
- Collaborate on privacy and data protection assessments driven by security and privacy regulations
- Iterate and improve privacy and data protection documentation including policies, standards, and runbooks.
- Identify and solve data protection challenges that span multiple teams or areas of ownership.
- Partner with cross-functional teams to find creative ways to improve our privacy and data protection programs while working to manage and mitigate risk.
- Support SFS and Block teams by sharing your experience and expertise in pursuit of industry-leading privacy and data protection management.
Qualifications
You have:
- 5+ years of experience with privacy- and/or security-related regulatory compliance for financial services or equivalent.
- Relevant certifications (e.g. CISA, CISM, CIPP, CISSP) or equivalent demonstrable expertise.
- Experience with privacy- and security-related program management or GRC program management
- Familiarity with the Gramm-Leach-Bliley Act (GLBA) and related regulations
- Familiarity with a broad range of enterprise security controls including, but not limited to, asset management, identity/access control, vulnerability management, and zero trust architecture.
Qualifications
You have:
- 5+ years of experience with privacy- and/or security-related regulatory compliance for financial services or equivalent.
- Relevant certifications (e.g. CISA, CISM, CIPP, CISSP) or equivalent demonstrable expertise.
- Experience with privacy- and security-related program management or GRC program management
- Familiarity with the Gramm-Leach-Bliley Act (GLBA) and related regulations
- Familiarity with a broad range of enterprise security controls including, but not limited to, asset management, identity/access control, vulnerability management, and zero trust architecture.