Lead, Data Privacy

Guild Mortgage Company, closing loans and opening doors since 1960. As a mortgage banking firm we are dedicated to serving the homeowner/buyer. Our goal is to provide affordable home financing for our customers, utilizing the best terms available while providing a level of professionalism and service unsurpassed in the lending industry.

Position Summary

The Data Privacy Lead plays a key role within the Technology Division, responsible for establishing, implementing, and maintaining the organization’s data privacy program. This role ensures that the collection, use, sharing, and protection of sensitive data complies with applicable privacy laws, regulatory requirements, and internal policies. Reporting to the SVP, IT Governance, this position partners closely with IT Governance, Information Security, Data Services, Legal, Compliance, IT and business stakeholders to operationalize privacy controls, manage privacy risks, and support regulatory readiness across the enterprise.

Compensation

This role is an exempt position with a targeted salary range of $109,000 to $156,000 annually.

Compensation at Guild is influenced by a wide array of factors including but not limited to local and federal minimum wage requirements, education, level of experience, and applicant’s geographical location.

Essential Functions

• Lead the development, implementation, and continuous improvement of the enterprise Data Privacy Program aligned with regulatory requirements and risk frameworks.
• Partner with Information Security to mature the Data Loss Prevention Program.
• Provide direction and monitor that privacy requirements are embedded into IT systems, processes, and business operations.
• Monitor and interpret evolving data privacy laws and regulations (e.g., GLBA, CCPA/CPRA, state privacy laws, FTC expectations).
• Translate regulatory requirements and company policies into actionable controls, procedures, and business requirements.
• Support regulatory exams, audits, and assessments related to data privacy.
• Maintain documentation and evidence to demonstrate compliance with privacy obligations.
• Develop and implement privacy policies, standards, and procedures governing data handling, classification, retention, and protection.
• Lead efforts to identify and maintain data inventories and data flow mappings across systems and third parties.
• Partner with Data Governance on data classification, data lineage and data lifecycle management.
• Classify data based on sensitivity and ensure appropriate controls are applied.
• Partner with IT and business teams to ensure accurate tracking of where data is stored, processed, and transmitted.
• Partner with Information Security to monitor and enhance data masking and encryption policies and enforcement.
• Lead efforts to conduct NIST Privacy Assessments.
• Partner with IT Governance and Vendor Management to ensure third parties meet privacy requirements throughout the vendor lifecycle.
• Support processes for handling data subject rights requests (e.g., access, deletion, correction). Partner with Compliance and IT teams to ensure timely and accurate responses.
• Collaborate with Information Security and Incident Management teams to: Assess privacy impact of security incidents, support breach notification processes, ensure regulatory reporting obligations are met.
• Assess privacy risks associated with AI, machine learning, and data-driven technologies.
• Partner with IT Governance and AI teams to align AI use with privacy regulations and ethical standards.
• Identify privacy risks and recommend mitigation strategies aligned with enterprise risk tolerance.
• Integrate privacy risk into the broader Enterprise Risk Management Program and Risk Register.
• Develop and maintain privacy metrics and KPIs/KRIs (e.g., assessment completion, data inventory coverage, incidents).
• Report on privacy risks, issues, and program maturity to leadership.
• Develop and deliver privacy awareness and training programs for employees and stakeholders.
• Promote a culture of data protection and responsible data handling across the organization.
• Provide guidance to business units on privacy best practices and compliance expectations.
• Evaluate and recommend data privacy tools and technologies to enhance data discovery, consent management, etc.

Qualifications

• Bachelors Degree directly related to the position or equivalent, preferred.
• Degree in Information Technology, Cybersecurity, Risk Management, Business, or related field.
• Minimum seven years experience in data privacy, risk management, compliance, or information security. Experience in financial services or regulated environments preferred.
• CIPP (US or equivalent), CIPM, CIPT, or similar privacy certifications (preferred).
• CISA, CRISC, or CISSP (preferred).
• Ability to organize and manage multiple priorities simultaneously.
• Ability to work well independently or within a team.
• Excellent interpersonal communication skills required.
• Experience in data privacy tooling (e.g., Purview, Varonis, Cyera) preferred.
• Strong understanding of data privacy principles and regulatory requirements.
• Ability to translate legal/regulatory language into technical and operational controls.
• Experience integrating privacy into technology and third-party risk processes.
• Ability to work cross-functionally and influence without direct authority.
• Excellent verbal and written communication skills required.
• Highly organized and detail-oriented; ability to work in a fast-paced, metrics-driven environment required.
• Proficiency in Microsoft Office Suite, Word, Excel, Wiki, collaborative cloud-based programs, and third-party software applications required.
• Commitment to company values.
• Customer Service - Proactive attention to each person.
• Integrity - Do and say what's right.
• Respect - Treat others with dignity.
• Collaboration - Listen and work together.
• Learning - Seek knowledge and strive for improvement.
• Excellence – Deliver the unexpected.

Supervision

Job Scope:  Plays a key role in area by generating insights and ideas on policies, processes, procedures, and efficiency; contributes ideas to strategic and operational plans to ensure alignment.

Complexity:  Problems encountered often cross areas of the organization and are often complex, broad in scope, and unprecedented with no clear solution; often works cross-functionally to solve problems and implemented changes.

Impact:  Decisions and actions have a direct impact on the strategic and operational outcomes of the area/unit; decisions and actions have a direct and significant impact on the organization as a whole.

Interaction/Supervision:  Acts as a mentor/guide to less experienced professional contributor staff in a similar role; works independently and only under general direction; guided by professional standards, desired outcomes, and project plan specifications.

Requirements

• Work is primarily sedentary; mobility in an office setting.
• Ability to operate standard office equipment and keyboards.
• Regularly required to accurately perceive, distinguish and interpret information received visually and through audio; e.g., words, numbers and other data broadcasted aloud/viewed on a screen, as well as print and other media.
• Travel 5-10%
• Learn new tasks, remember processes, maintain focus, complete tasks independently, and make timely decisions in the context of a workflow.
• This role requires effective adaptation to workplace stressors, including customer service complaints, security responsibilities, and competing priorities.
• Work is primarily performed during the business week, Monday - Friday.

Guild offers a pleasant work environment, competitive compensation and excellent benefits package; including medical, dental, vision, life insurance, AD&D, LTD and 401(k) with employer match.

Guild Mortgage Company is an Equal Opportunity Employer.

REQ#: LEADD018064