Job
Description
The Director for the Data Transfer Office at Citi plays a crucial leadership role in supporting the implementation of the enterprise data transfer and data use compliance framework. Reporting to the Head of Transfer Office within IMPaCT, this position entails developing and executing efficient processes to manage end-to-end clearance activities in alignment with data privacy, bank secrecy, data localization, and outsourcing regulations across 95 countries. The role requires a unique combination of expertise in technology, risk, and financial services controls, encompassing AI integration, governance, and embedding controls within digital workflows. As the Director, you will lead high-performing teams, facilitate cross-functional coordination, and collaborate closely with country compliance, legal, business, and technology leaders. Your responsibilities are pivotal in enhancing Citi's global data transfer framework, ensuring its effective implementation, and governance. Your key responsibilities will include leading and overseeing the cross-border data transfer lifecycle to ensure compliance with privacy, data outsourcing, localization, and sovereignty requirements. You will design and enhance regulatory processes, integrating legal and control stipulations into simplified, reusable, and scalable workflows. Conducting process maturity assessments and defining future-state execution models aligned with enterprise data policy will be essential. Acting as a strategic partner to senior stakeholders in risk, compliance, technology, and business, you will be responsible for embedding data transfer governance. As an escalation point for complex or high-risk data transfer cases necessitating legal interpretation or alignment with senior stakeholders, you will provide critical expertise. Additionally, you will build and guide a high-performing team of governance professionals, fostering a culture of accountability, innovation, and responsible data and AI utilization. Driving end-to-end simplification, redesigning complex approval and documentation paths while upholding risk integrity will be part of your role. You will lead large-scale transformation initiatives, leveraging automation, AI, and analytics to enhance operational efficiency and control transparency. Specifically focusing on the intersection of generative AI and data protection frameworks, you will implement practical tools and case studies for responsible data use in AI processes. By incorporating global regulatory perspectives and strategies in the context of AI data processing and responsible data use, you will contribute to maintaining the Data Transfer Register's accuracy, completeness, and audit traceability. Collaborating with product and UX partners, you will implement intuitive, automation-friendly workflows to support policy adherence. Creating and delivering clear, scalable process guidance including playbooks, templates, and training materials to facilitate global adoption will also be part of your responsibilities. Representing the function in audits, challenge forums, and regulatory reviews, you will defend execution rigor and drive continuous enhancement. By partnering with stakeholders and business leaders, you will influence action and desired strategic outcomes. Developing and implementing a dynamic people strategy that empowers employees, drives organizational agility, and aligns with business objectives in a rapidly evolving environment will be crucial. The ideal candidate for this role possesses over 15 years of experience in privacy, data outsourcing, cross-border transfer governance, and regulatory compliance within large global institutions. They demonstrate a proven ability to lead simplification programs at scale, transform legacy processes into agile, compliant workflows, and drive strategic change across complex, matrixed environments. Strong product management credentials, expertise in program delivery, stakeholder management, and data-driven decision-making are essential. The candidate should have a deep understanding of global privacy laws, data residency requirements, and third-party data transfer frameworks. Proficiency in navigating the intersection of generative AI and data protection, along with the ability to develop strategies within global regulatory landscapes, is required. A bachelor's or university degree, potentially supplemented by a master's degree and managerial experience, is expected. The ideal candidate is envisioned as a strategic simplifier and technical executor with domain expertise in privacy and data outsourcing, capable of transforming regulatory operations at scale. They should possess a consulting mindset, excel in complex global environments, and deliver with urgency and precision. Proficiency in influencing senior stakeholders, simplifying complexity, and operationalizing strategy into streamlined solutions is key to success in this role. This job description provides an overview of the primary responsibilities, and other job-related duties may be assigned as required.,
