AVP - Head of U.S. Privacy

Position: AVP - Head of U.S. Privacy

Job Location: New York, NY

Department: Corporate Ethics and Compliance (CEC) delivers a compliance risk framework that enables the businesses and functions to comply with applicable internal and external rules and regulations and maintain risk levels within MetLife's risk appetite. CEC provides constructive challenge to the businesses and functions, partnering closely with them to implement strong processes and effective controls, as well as to foster and embed a culture of compliance.

Within CEC, the MetLife Corporate Privacy Office (MCPO) is a central oversight team responsible for the design, maintenance, and oversight of the global privacy compliance program for MetLife. Key deliverables include data incident management, ensuring region specific privacy requirements are fulfilled such as relating to HIPPA, California Consumer Privacy Act, and other applicable privacy related laws requirements.

The Role : This Assistant Vice President position reports directly to the Chief Privacy Officer. This role will have overall responsibility for MetLife privacy program for all business lines and functions operating in the U.S. This role will manage a team of 2-3 privacy compliance officers. Supporting the Chief Privacy Officer, this role will be responsible for managing the day to day operations of the MCPO, interpreting, implementing, and updating global compliance policies, with a specific focus on U.S. State-level privacy laws implementation. In addition, this position will be responsible for devising and implementing strategies to further the ongoing maturity of MetLife's global privacy compliance program; conducting and communicating enterprise-wide risk assessments; and leading global privacy training initiatives.

Key Responsibilities:

  • Active day-to-day involvement in execution and implementation of the MCPO operating model for the US Holding Companies, U.S. Group Benefits, Retirement and Income Solutions Businesses, Investments Businesses, and regional corporate functions, including involvement in handling privacy incidents, meeting HIPPA requirements, production and review of regional privacy metrics, monitoring of regulatory developments, monitoring and testing, developing and delivering training, and involvement in the vetting and oversight of third-parties throughout the U.S. region.
  • Partner with MetLife's U.S. and Investments business areas, corporate functions, and regional / country / business Compliance to ensure effective awareness and engagement on privacy risk.
  • Advise on and provide credible challenge to each U.S. regional business area and corporate function as to compliance with relevant privacy laws, regulations, and policies.
  • Hire, lead, develop and retain a regional team of privacy professionals.
    • Work closely with peers in CEC to ensure consistent processes and approaches are followed and synergies realized, breaking through silos, and encouraging a collegial, globally coordinated Privacy and Compliance program.
    • Stay abreast of changes in the U.S. regulatory environment and help analyze the business impact of privacy-related regulatory changes impacting the U.S. business and/or Investments.
    • Support Chief Privacy Officer in the review and update existing global privacy policies, procedures, and processes in line with regulatory requirements and expectations.
    • Develop and lead initiatives to advance the effectiveness and sophistication of the regional Privacy Compliance program in alignment with the Global Data Protection Policy and Standards.
    • Develop and execute annual training plans on but not limited to privacy regulations, risks, and processes.
    • Reporting and oversight of metrics and reporting to measure regional privacy risk, including key performance indicators.
    • Collaborate with IT Risk and Security and the Law Department on policies, practices, incident response and investigations affecting U.S. region.
    • In partnership with IT Risk and Security, co-own the regional privacy incident management response plan, which includes coordinating investigation into potential data breaches, and partnering with Legal Affairs to determine if incidents meet applicable regulatory reporting requirements.
    • Advise on compliance policy interpretation and work with business areas, corporate function partners, and regional / country / business Compliance to resolve significant breaches and violations of such policies, and external reporting when required.
    • Work collaboratively with other control functions, including third-party risk management, to ensure the efficient, effective, and risk-based vetting and oversight of vendors and other third-parties with access to personal information entrusted to MetLife.
    • Participate in and advise on privacy and data protection issues and regional strategic initiatives that involve aspects relating to privacy compliance and data protection requirements.
    • Serve as a privacy resource expert to the organization regarding privacy and data protection related issues including assessing and facilitating the response to escalations from the businesses and compliance officers, and advice on transfer or release of information.
    • Oversee and actively participate in execution of all elements of the CEC privacy program as it impacts the U.S. Businesses and Investments, including HIPPA compliance and CEC's risk-based monitoring and testing.
    • As and when required to act as a deputy to the Chief Privacy Officer.

Key Relationships:

  • Reports to: Vice President, Chief Privacy Officer
  • Matrix Reporting Line: Senior Vice President and Chief Compliance Officer U.S. and Latin America
  • Direct reports/team: 2-3 Privacy Compliance Officers
  • Key Stakeholders: U.S. and Investments Line of Business Compliance officers; EU Data Protection Officer; IT Risk & Security; Law Department; Enterprise Data Governance Office; Information Lifecycle Management Office; Third Party Risk Management Office; 1st Line Management.

Candidate Qualifications, Essential Business Experience, Competencies, and Technical Skills:
  • 7+ years of risk management or compliance experience in a relevant business (financial services/insurance), including relevant privacy experience / expertise and a demonstrated risk, governance, and ownership mindset.
  • In-depth knowledge and proven expertise with analyzing and applying laws, regulations and corporate policy and procedures for compliance with data privacy laws and regulations, including, preferably, New York State Department of Financial Services Cyber Security Regulation, the California Consumer Privacy Act, and HIPPA.
  • Proven ability to assess privacy risks and develop and execute controls / processes, as well as ability to eliminate unnecessary and inefficient processes and activities.
  • Experience handling data breaches and having an ability to mobilize, lead and prioritize quickly in the face of a potentially significant data breach.
  • Building and maintaining strong relationships with other functional leads, including Legal Affairs, Risk Management, Operations, and Internal Audit to create a supportive and seamless compliance and ethical control culture and an appropriate risk environment.
  • Championing a high-performance environment and implementing a people strategy that attracts, retains, develops, embraces diversity, and motivates teams by fostering an inclusive work environment, communicating vision/values/business strategy, and managing succession and development planning for the team.
  • Being a leader for CEC to strengthen the privacy risk management program by being forward looking, embracing, and leading change, collaborating on compliance best practices, and methodically working to strengthen compliance coverage of the relevant businesses and functions.
  • Excellent interpersonal skills required to develop partnerships and relationships throughout the organization; experience interfacing with senior leaders and the business to provide guidance with respect to privacy matters while accomplishing business objectives.
  • Excellent written and verbal communication skills, including the ability to prepare and conduct presentations and communicate with senior and executive management.
  • Must be a dedicated, self-motivated individual with an ability to work independently and in a team environment.
  • High degree of professionalism, sound judgment and discretion.
  • Ability to think proactively and make recommendations and complex decisions, and to anticipate regulatory needs and expectations and plan for them.
  • Exceptional ability to manage confidential information in a professional manner.

Preferred Qualifications
  • Experience with maintaining Privacy compliance programs for a multi-national organization strongly preferred
  • JD degree from an accredited law school along with strong academic record
  • Privacy related qualifications such as IAPP certification

MetLife Success Principles
  • Experiment with Confidence - Courageously learn and test new ideas without fear of failure
  • Act with Urgency - Demonstrate speed to action with agility and determination
  • Seek Diverse Perspectives - Source ideas and feedback to expand thinking and make informed decisions
  • Seize Opportunity - Drive responsible growth and identify areas for continuous improvement
  • Champion Inclusion - Foster an environment where everyone is valued, heard, and can speak up
  • Create Alignment - Partner with others across the organization with candor and transparency
  • Take Responsibility - Be accountable and act in pursuit of the right outcomes
  • Enable Solutions - Anticipate and address obstacles while managing risk
  • Deliver What Matters - Execute meaningful priorities and follow through on commitments


MetLife, through its subsidiaries and affiliates, is one of the world's leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe, and the Middle East.

We are one of the largest institutional investors in the U.S. with $642.4 billion of total assets under management as of March 31, 2021. We are ranked #46 on the Fortune 500 list for 2021. In 2020, we were named to the Dow Jones Sustainability Index (DJSI) for the fifth year in a row. DJSI is a global index to track the leading sustainability-driven companies. We are proud to have been named to Fortune magazine's 2021 list of the "World's Most Admired Companies."

MetLife is committed to building a purpose-driven and inclusive culture that energizes our people. Our employees work every day to help build a more confident future for people around the world. Visit us at www.metlife.com to learn more about our brand, history, and values.

We want to make it simple for all interested and qualified candidates to apply for employment opportunities with MetLife. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to accommodations@metlife.com or call our Employee Relations Department at 1-877-843-3711.

MetLife is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at MetLife without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.

MetLife maintains a drug-free workplace.