• Head of Privacy, Compliance

    Job Locations
    US-CA-San Francisco
  • Overview

    First Republic Bank (FRB) is an ultra-high-touch bank that provides extraordinary client service. We believe that one-on-one interactions build lasting relationships. We move quickly to serve our clients’ needs so that their financial transactions are handled with ease and efficiency. Client trust and security are paramount in our line of business. Ultimately, our goal is unsurpassed client satisfaction which will lead to personal referrals – our number one source of new business.  We recognize that our competitive advantage starts with our people and our culture. At First Republic, we work hard and move quickly as a very coordinated team. If you are looking for an opportunity to grow and contribute in a fun, fast-paced environment, First Republic is the place for you. We have exceptional people focused on providing extraordinary service.


    Enterprise Compliance, part of the Office of the General Counsel and in collaboration with our business units, administers a company-wide regulatory-oversight and compliance-management program. This program oversees regulatory compliance-related matters for all of FRB’s banking and private wealth management activities.


    The Head of Privacy Compliance works independently or with other team members to oversee and implement FRB’s federal and state privacy-compliance program. As such, s/he is responsible for the company’s Privacy Program including but not limited to daily operations of the program, development, implementation, and maintenance of policies and procedures, monitoring of program compliance, investigation and tracking of incidents and breaches; and otherwise overseeing FRB adherence to both federal and state consumer-privacy laws and rights.  In this role, the Head of Privacy Compliance works closely with numerous FRB businesses, including Information Services, Information Security, Enterprise Data & Client Insights (EDCI), Marketing, and Vendor Management as well as our executive leaders.  The Head of Privacy compliance is also responsible for administration and management of related enterprise-wide compliance requirements, including CAN-SPAM, the Fair Credit Reporting Act (FCRA), the Americans with Disabilities Act (ADA) and the Telephone Consumer Protection Act (TCPA).


    This role reports to the Senior Vice President, Enterprise Chief Compliance Officer.


    • Provides guidance and assists in the identification of compliance risks, implementation, and maintenance of organizational privacy compliance processes and procedures in coordination with information security and legal counsel.
    • Works with senior management and the compliance team in administering an organization-wide privacy compliance program.
    • Performs periodic privacy risk assessments and conducts related ongoing compliance monitoring activities.
    • Works with internal and external counsel (legal), enterprise risk management, third party vendor management, technology and the business units to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials which are reflecting the current organization and legal requirements.
    • Oversees, directs, updates, delivers, or ensures delivery of initial and recurrent privacy training and orientation to all employees, contractors, and other appropriate third parties.
    • Participates in the development, implementation, and ongoing compliance monitoring of third-party providers to ensure all privacy concerns, requirements, and responsibilities are addressed.
    • Works with legal, information security, information services and the business units to ensure tracking of access to protected confidential financial information, customer information sharing in accordance with privacy notice disclosures, investigation of compromise incidents, evaluation to determine incident notification requirements under applicable laws, drafting of any such required notice.
    • Contributes to review, analysis and response to complaints concerning the organization’s privacy policies, procedures and processes in coordination with legal counsel.
    • Reviews system-related information security plans throughout the organization to ensure alignment between security and privacy practices, in coordination with technology risk and legal counsel.
    • Maintains current knowledge of applicable federal and state privacy laws (and international laws like GDPR), and monitors advancements in information privacy technologies to support organizational adaptation and compliance.
    • Partners with legal and information security to assess the impact of changes to regulations, and oversee the implementation of regulatory changes.
    • Serves as primary privacy compliance contact and coordinates the privacy compliance function for assigned line of business through the development and monitoring of compliance programs within the larger compliance framework.
    • Identifies and analyzes privacy events, breaches and issues to determine root causes and resolve.


    • Minimum Bachelor's degree and 5+ years of relevant experience in privacy regulation and compliance functions. CIPP/US certification preferred.
    • Prior compliance privacy officer experience preferred.
    • Experience within a financial institution or technology company preferred, both would be ideal.
    • Expert knowledge of Gramm-Leach-Bliley Act (GLBA), Right to Financial Privacy, California Privacy rules and Civil Code Data Breach notification, Fair Credit Reporting Act (FCRA) Identity Theft Red Flags, and other privacy and information security related laws; knowledge of GDPR preferred.
    • Team player, able to influence, collaborate, negotiate and solve problems with business partners and expert teams across the organizational lines.
    • Strong analytical and critical thinking skills, with strong attention to detail and accuracy.
    • Desire and ability to quickly learn about the activities and specificities of our unique business model, advanced technology capabilities, and evolving regulatory environment.
    • Self-starter, willing to take ownership and drive initiatives to resolution while reporting appropriately on progress made and escalating when difficulties are encountered.
    • Comfortable with balancing multiple and competing priorities.
    • Excellent writing and presentation skills.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed