SMD, TIAA Chief Privacy & Records Officer

Key Responsibilities and Duties

• Establishes and champions the enterprise privacy strategy, aligning it with organizational objectives, regulatory requirements, and evolving industry standards. This includes setting the long-term vision for privacy governance and translating that vision into actionable programs, policies, and operational frameworks that are scalable, sustainable, and risk-proportionate
• Maintains deep and current expertise in applicable domestic and international privacy laws and frameworks, including but not limited to GDPR, CCPA/CPRA, GLBA, HIPAA, and emerging state-level privacy regulations.
• Proactively monitors the regulatory landscape, assesses organizational impact, and leads the enterprise response to new or changing requirements in a timely and effective manner. Regulatory Change Management activities are performed in close partnership with Law & Policy (L&P).
• Builds and sustains a mature, risk-based privacy program encompassing Privacy Risk Assessment and Management, Compliance Monitoring and Testing, Data Inventory and Mapping, consent management, and Controls Framework development.
• Owns the enterprise framework for privacy-related vendor oversight, ensuring that third-party relationships involving personal data are subject to appropriate due diligence, contractual protections, and ongoing monitoring.
• Partners closely with L&P, Cybersecurity, Technology, Human Resources, Marketing, and Business Units to embed privacy principles into product development, vendor relationships, customer-facing operations, and enterprise transformation initiatives.
• Serves as a trusted advisor to senior leadership and the Board of Directors on all privacy-related matters, providing clear, actionable guidance that balances regulatory obligation with business enablement.
• Works closely with other Corporate teams and Business Units on operational aspects of the organization's response to privacy incidents and data breaches, coordinating with teams to ensure timely and effective containment, remediation, and regulatory engagement. Formal breach notification responsibilities remain with L&P.
• Drives enterprise-wide privacy literacy by developing and delivering training programs, communications, and resources that build a culture of privacy awareness and accountability at all levels of the organization. 
• Leads risk assessment processes for new technology investments, vendor relationships, and third-party/fourth-party technology dependencies, ensuring due diligence and ongoing oversight of critical technology suppliers and third-party providers.
• Works closely with the relevant team for regulatory engagement on privacy matters, supporting examinations, inquiries, and ongoing dialogue with relevant regulatory authorities. This activity is conducted in close partnership with L&P, which retains responsibility for regulatory interpretation and formal legal advice.
• Defines and oversees the enterprise records management strategy, advancing the program beyond its current focus on physical records toward a more comprehensive and integrated records governance framework. 
• CPRO develops, maintains, and enforces enterprise-wide records retention schedules, records management policies, and records lifecycle standards, ensuring these frameworks remain current with evolving legal and regulatory requirements across all relevant jurisdictions, including SEC, FINRA, and ERISA mandates.
• Supports the administration of the enterprise legal hold process in coordination with L&P, which retains primary responsibility for Legal Holds and Litigation Support. 
• Ensures that records management practices and systems are structured to facilitate timely identification, preservation, and production of records in response to litigation, regulatory investigations, and e-discovery requests.

Educational Requirements

• University (Degree) Preferred

Work Experience

• 10+ Years Required, 15+ Years preferred

Career Level
12PL

• 15+ years of progressive experience in privacy, data governance, records management, or a closely related legal or compliance field, with at least five years in a senior leadership role.

• A Juris Doctor or advanced degree in a relevant discipline is strongly preferred.

• Professional certifications in privacy are highly desirable, including CIPP/US, CIPP/E, CIPM, or CIPT from the International Association of Privacy Professionals (IAPP).

• Exceptional knowledge of domestic and international privacy law, strong executive communication and influencing skills, and the ability to lead through complexity and ambiguity in a highly regulated industry.

• Experience in financial services, law firms or the large consultancy / accounting firms is a significant advantage, as is a demonstrated track record of building and maturing enterprise-level programs with measurable outcomes.

• The ability to engage credibly with senior regulators, institutional clients, and Board-level audiences is essential.

• Strong interpersonal skills and the ability to interact effectively with people at all levels of the organization.

• Ability to think critically and strategically, finding creative and practical solutions to achieve objectives while managing complex risks.

• Excellent oral and written communication skills, including the ability to deliver effective presentations.

• Ability to adapt to and support change in dynamic risk environments.

• Demonstrated ability to work collaboratively with cross-functional groups and provide tactical support to senior management.

• A highly collaborative team player who can effectively manage and influence relationships that are widely dispersed both functionally and geographically.

Related Skills

Accountability, Collaboration, Consultative Communication, Critical Thinking, Executive Presence, Influence, Investigation, Relationship Management, Technology Systems

Anticipated Posting End Date:

2026-05-01

Base Pay Range: $220,000/yr - $308,000/yr

Actual base salary may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location.  In addition to base salary, the competitive compensation package may include, depending on the role, participation in an incentive program linked to performance (for example, annual discretionary incentive programs, non-annual sales incentive plans, or other non-annual incentive plans). 

_____________________________________________________________________________________________________

Company Overview

Every worker deserves a secure retirement. For more than 100 years, TIAA has delivered it for millions of people. Founded to help educators retire with dignity, today weʼre a market-leading retirement company fueled by world-class asset management. But weʼre not just another legacy financial services firm. Weʼre fighting harder than ever before for our clients and the many Americans who need us.

Our Culture of Impact

At TIAA, we're on a mission to build on our 100+ year legacy of delivering for our clients while evolving to meet tomorrow's challenges. We equip our associates with future-focused skills and AI tools that enable us to advance our mission. Together, we are fighting to ensure a more secure financial future for all and for generations to come. We are guided by our values: Champion Our People, Be Client Obsessed, Lead with Integrity, Own It, and Win As One. They influence every decision we make and how we work together to serve our clients every day. We thrive in a collaborative in-office environment where teams work across organizational boundaries with shared purpose, accelerating innovation and delivering meaningful results. Our workplace brings together TIAA and Nuveen's entrepreneurial spirit, where we work hard and work together to create lasting impact. Here, every associate can grow through meaningful learning experiences and development pathways—because when our people succeed, our impact on clients' lives grows stronger.

Benefits and Total Rewards

The organization is committed to making financial well-being possible for its clients, and is equally committed to the well-being of our associates. That’s why we offer a comprehensive Total Rewards package designed to make a positive difference in the lives of our associates and their loved ones. Our benefits include a superior retirement program and highly competitive health, wellness and work life offerings that can help you achieve and maintain your best possible physical, emotional and financial well-being. To learn more about your benefits, please review our Benefits Summary.

Equal Opportunity

We are an Equal Opportunity Employer. TIAA does not discriminate against any candidate or employee on the basis of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other legally protected status.

Our full EEO & Non-Discrimination statement is on our careers home page, and you can read more about your rights and view government notices here.

Accessibility Support

TIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities. 

If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team: 

Phone: (800) 842-2755

Email: accessibility.support@tiaa.org

Drug and Smoking Policy

TIAA maintains a drug-free and smoke/free workplace.

Privacy Notices

For Applicants of TIAA, Nuveen and Affiliates residing in US (other than California), click here.

For Applicants of TIAA, Nuveen and Affiliates residing in California, please click here.

For Applicants of TIAA Global Capabilities, click here.

For Applicants of Nuveen residing in Europe and APAC, please click here.