Compliance Manager - Third Party Management

Do you want to work on complex and pressing challenges—the kind that bring together curious, ambitious, and determined leaders who strive to become better every day?

If this sounds like you, you’ve come to the right place.

Compliance Manager - Third Party Management

Your Impact

In this role, you will be primarily responsible for our third-party privacy management program and will work closely with the Director of Compliance – Privacy, Cybersecurity, Procurement and Legal, to improve, update, and maintain an integrated and efficient approach to third-party reviews from a privacy compliance perspective. You will provide regular updates and seek input from Director of Compliance - Privacy on milestones, challenges, and decisions to ensure strategic alignment with Ethics & Compliance priorities. You will also work closely with other Privacy Compliance team members and may manage other team members.

Key responsibilities include:

• Policy and Procedure Management: Review and maintain firm policies or procedures to reflect updated processes and requirements needed to manage compliance risks.
• Framework and Operating Model Development: Drive and shape our firm’s approach, framework, and operating model for identifying and managing global regulatory obligations for third parties in a systematic, repeatable, and efficient manner.
• Enhancement Plans: Create enhancement plans for third-party management, including defining awareness and education campaigns, developing controls and monitoring approaches, and designing and maintaining escalation and issue management processes.
• Compliance Reporting: You will work closely with the Director of Compliance, Privacy to prepare and deliver key reports on privacy matters, related risks, and potential remediation plans for our firm’s leadership.
• Due Diligence Execution: Execute and mature third-party due diligence privacy risk categorizations, reviews, and re-reviews, and fulfilment processes in line with applicable laws and regulations.
• Vendor Management: Work directly with third parties and vendors to review their privacy compliance requirements, develop approaches to mitigate risk where necessary in close alignment with Director of Compliance Privacy, and ensure completion of any outstanding tasks.
• Contract Management: Work with Legal to maintain updated third-party privacy requirements in our standard contracts and agreements in accordance with the risk level.
• Training Development: Develop and deliver training on third-party privacy compliance to the firm and to third parties.
• Control Monitoring: Review and update third-party management controls and monitor adherence to those, working with Risk or Internal Audit as needed.
• Regular Reporting: Provide regular weekly or monthly reports and updates to firm leadership, engineering & construction program oversight committees, and engineering & construction leadership on the status of initiatives in response to regulatory obligations.
• Problem Solving: Proactively solve problems to resolve roadblocks or escalate items to the Director of Compliance - Privacy.
• Primary Contact: Serve as the primary contact for specific third-party privacy compliance program-related questions and queries from internal and external stakeholders.
• Independent Management: Manage matters independently and proactively inform and seek input from the Director Compliance – Privacy or other E&C leaders on complex work and enterprise-wide initiatives.
• Partnership Development: Develop close working partnerships with our broader Legal and Risk functions to understand our legal obligations for specific laws and requirements pertaining to privacy management-related issues.
• Strategy Initiatives: Participate in firm privacy compliance strategy initiatives, develop and execute KPIs.
• Support Other Matters: Support other privacy compliance-related matters as needed.

As a member of the Regulatory Compliance team and Ethics and Compliance (E&C) function, you will be expected to be a contributor and thought partner within the function, in addition to managing key organizational, operational, or strategic initiatives, as relevant. You will be required to engage in regionally focused initiatives, such as infusing our integrity agenda, under the direction and coordination of our regional E&C leaders, the purpose of which is to raise awareness of and further our firm’s E&C program, and other agreed-upon supporting activities in your region or location. Collaboration is a key aspect of this role. You will collaborate with a cross-functional stakeholder group (e.g., Legal, Risk) across our firm in a timely and efficient manner. Finally, you will play a critical role in sustaining and evolving our E&C program and upholding our commitment to integrity and lawful practices.

Your Growth

You will be part of McKinsey’s Ethics and Compliance (E&C) function and will be based in one of our core hubs in Europe. The E&C function’s mission is to manage risks to our firm, our clients, and our people, while also enabling our firm’s client impact and innovation. The E&C function is a globally integrated team within the second line of defense of our firm. McKinsey has an E&C program that is structured in a way that ensures that it is well designed, empowered to function effectively, and works in practice. Our E&C program includes a clear message that misconduct is not tolerated as well as policies, procedures, training, monitoring and consequence management to ensure the program is well-integrated into our firm’s operations and workforce. This opportunity works in the Privacy Compliance team, which is responsible to maintain and manage McKinsey’s Data Privacy Management Program together with the Privacy Legal team. You will report to the Director of Compliance – Privacy.

Your qualifications and skills

• Bachelor's degree required, advanced degree(s) and/or applicable professional certifications (e.g., Juris Doctor or CPA) preferred
• 5+ years of experience as a data privacy professional with knowledge and understanding of current and emerging global privacy laws and regulations, preferably in a corporate or technological environment
• Relevant Privacy certifications such as CIPP, CIPM, CIPT is a plus
• 3+ years’ professional experience in a corporate strategy, management consulting or similar role with high degree of project management skills
• Experience or strong interest in relevant global laws and regulations and an ability to quickly learn local legal differences in various countries of McKinsey operations
• An entrepreneurial mindset to progress on ambiguous problems and see them through to resolution
• Outstanding written and oral communication skills in English, with the ability to adapt messaging for different audiences and craft cohesive storylines and communications
• Influences and engages with all types of audiences to cultivate trust-based, peer-counselor relationships
• Builds trust-based relationships with leaders within and outside of the team; collaborates generously with others and is sought after as a key thought partner
• Drives outcomes on cross-functional and complex topics and possesses exceptional organizational and project management skills
• Exhibits highest levels of discretion and judgment in safeguarding confidential materials
• Fosters a collaborative, respectful, and inclusive environment for all colleagues
• Displays passion for people development and experience leading global, multi-disciplinary teams
• Experience working with OneTrust or Auditboard is a plus

FOR U.S. APPLICANTS: McKinsey & Company is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by applicable law.

FOR NON-U.S. APPLICANTS: McKinsey & Company is an Equal Opportunity employer.