Director, EAC Compliance Manager (Data Privacy)
Bank of America Corporation
Hong Kong

About Bank of America Merrill Lynch :

Our purpose as a firm is to make financial lives better, through the power of every connection. Across the world, we partner with leading corporate and institutional investors through our offices in more than 40 countries.

In the U.S alone, we serve almost all Fortune 500 companies and approximately 59 million consumers and small-business customers.

We provide a full suite of financial products and services, from banking and investments to asset and risk management. We cover a broad range of asset classes, making us a global leader in corporate and investment banking, sales and trading.

Connecting Asia Pacific to the World

Our Asia Pacific team is spread across 23 offices in 12 markets. We are focused on connecting Asia to the world and the world to Asia, using our global expertise to ensure success is shared between us, our clients and our communities.

Our regional footprint covers 12 currencies, more than a dozen languages and five time zones, placing us firmly among the region’s leading financial services companies.

Bank of America Merrill Lynch is committed to attracting, recruiting and retaining top diverse talent from across the globe.

Our diversity and inclusion mission is to actively promote an inclusive work environment where all employees have the opportunity to achieve personal success and contribute to the growth of our business.

Each of our global Employee Networks bring together employees, create dialogue and awareness in support of our Diversity and Inclusion mission.

Bank of America Merrill Lynch is an equal opportunities employer.

Position Description

The Enterprise Area of Coverage ( EAC ) Compliance Manager for Data Privacy is a subject matter expert responsible for contributing to the independent compliance and operational risk oversight of Front Line Unit ( FLU ) and Control Function ( CF ) performance and any related third party / vendor relationships by engaging with the risk officer teams for the FLUs / CFs to independently advise those leaders on effectively managing compliance and operational risk in the area of coverage for the Enterprise Privacy EAC for the Asia Pacific (APAC) region.

This role is responsible for providing APAC wide oversight of adherence to the Privacy and Cross Border Data Movement Enterprise Policy and specific privacy and cross border data movement related laws, rules, regulations, and regulatory guidance, such as the Data Protection Acts in Australia, China, Hong Kong, India, Japan, Malaysia, Philippines, Singapore, South Korea and Taiwan through the identification, escalation and timely mitigation of compliance and operational risks in alignment with the Compliance and Operational Risk Management Program and the Global Compliance Enterprise Policy ( GC Policy ).

Key Responsibilities

The EAC Compliance Manager is accountable for the requirements in the Global Compliance Policy, working through risk officers for the Front Line Units and Control Functions to execute those requirements including but not limited to the following activities :

  • Monitor regulatory environment for enterprise area of coverage and participate in industry forums to identify areas of focus and emerging risks and conduct benchmarking.
  • Create and maintain a regulatory inventory, communicate regulatory changes to and engage the FLU / CF in assessing impacts of regulatory changes for enterprise area of coverage.
  • Develop and maintain relevant policies to ensure they reflect Data Privacy regulatory requirements in APAC for enterprise area of coverage.
  • Advise and direct business leaders through the risk officers to ensure that regulatory requirements are addressed in their respective procedures and controls so that their day to day activities operate in a compliant manner.
  • The Candidate will provide leadership and support the development, implementation and ongoing management of Bank of America’s (Bank) Global Privacy Program activities in the Asia Pacific region.

    The candidate additionally will engage and collaborate with the Global Chief Privacy Officer and privacy professionals within the Enterprise Privacy team located across regions to assess complex global issues and identify appropriate enterprise business and operational solutions to address data privacy requirements and risk.

    Candidate will be responsible for enhancing the existing Compliance framework for these regulations and confirming that implementation efforts have taken into consideration the Bank’s Global Compliance Policy Requirements relating to policies, procedures, monitoring, testing and reporting.

  • Assist in the development and execution of a comprehensive compliance and operational risk Privacy coverage plan for the APAC region to independently assess the effectiveness of the front line unit and control function data privacy controls
  • Draft and distribute regular Risk Advisories in the APAC region to ensure that the Front Line Units and Control Functions are aware of new rules / regulations and policies / procedures relating to Data Privacy.
  • Participate in internal Working Groups and Industry Forums in support of the Global Privacy Program.
  • Assist in the preparation of required regulatory reporting related to Data Privacy, including but not limited to local data breach reporting obligations
  • Assist in efforts relating to management reporting, metrics, and other core elements of the Global Compliance Policy
  • Assist in responding to regulatory inquiries and exams
  • Participate in regional governance and management routines for Privacy EAC
  • Assess new products and initiatives, privacy impact assessments and promote privacy by design principles
  • Collaborate with the Global Program team and key stakeholders to develop and implement regional or business level data protection and privacy policies, standards and procedures, as required.
  • Ensure routine review and approvals through the Enterprise Privacy Office when required.

  • Provide subject matter expertise for development and implementation of role-based data protection and privacy training and coordinate module review with the Enterprise Privacy Office as necessary to confirm alignment of content and approach with the broader data protection and privacy training and awareness program.
  • Design and execute region or business level privacy assessments that results in program enhancement, mitigation and remediation activities as appropriate.
  • Key Requirements

  • Minimum 7 years of relevant experience in Compliance, Risk Management and or Legal Department with a particular focus on Data Privacy Compliance
  • BA / BS degree, JD / LLB preferred
  • Certification in privacy or data protection, such as IAPP's Certified Information Privacy Professional (CIPP) designations is desired
  • Experience supporting a data protection, privacy, security, legal or equivalent function directly or indirectly for a large, regulated and matrixed organization
  • Strong organizational skills and attention to detail
  • Previous experience in advisory support in connection with Data Privacy and Protection matters, including working with the Front Line Units, Control Functions and Business Line Compliance Officers, particularly in relations to Asia Pacific markets and issues
  • Proven ability to communicate professionally and work with all levels of management and across organizations and interact with regulators
  • Ability to work independently, drive for results and prioritize competing tasks in a deadline driven environment
  • Excellent written and verbal communication skills
  • Analytical and research skills
  • Financials Service compliance and regulatory knowledge and experience
  • Proficiency with Microsoft Office applications
  • A team player with high energy, a can do attitude and the ability to challenge others (when necessary)
  • Step 2
    通過點擊“繼續”,我允許neuvo同意處理我的數據並向我發送電子郵件提醒,詳見neuvo的 隱私政策 。我可以隨時撤回我的同意或退訂。