Key Responsibilities
1. Data and Privacy Protection Program Leadership & Oversight
- Privacy Program Management: Design, implement, and oversee a robust enterprise-wide privacy program that governs the full life circle protections of Customer Personal Information.
- Policy Architecture: Maintain and enforce a comprehensive suite of Data Protection and Privacy Policies.
- Privacy by Design: Integrate "Privacy by Design" principles into the development of all new financial products and technological infrastructure.
- Data Compliance: Assist the company to assess and ensure its data compliance with the relevant laws, regulations and requirements from the relevant regulatory authorities.
- Audit Coordination: Facilitate independent technical assessments (e.g., SOC 2 or ISO 27701) and coordinate with external auditors to validate the effectiveness of our privacy and security controls.
- Incident Response: Lead the firm’s response to any potential privacy breaches or compliance deviations, ensuring timely reporting to the Board and relevant government authorities.
2. Regulatory Liaison & Reporting
- Regulatory authorities Liaison: Act as the designated point of contact for the regulatory authorities relevant for the business of the company.
- Compliance Report: Assist the company to prepare compliance reports to the regulatory authorities relevant for the business of the company.
- Other Duties commensurate with the role as may be assigned by the company.
Candidate Qualifications
1. Legal & Regulatory Requirements (Mandatory)
- Citizenship: Must be a Canadian Citizen.
- Residence: Must be ordinarily resident in Canada.
- Qualified to perform such a role in Canada according to Canadian laws and regulations.
2. Professional Certifications (Minimum one required)
- Privacy Focus: PACC (AAPP/CAPP/MAPP) or IAPP (CIPP).
- Security Focus: CISSP (ISC2) or equivalent cybersecurity designation.
3. Experience & Skills
- Leadership Experience: Substantial experience in a senior compliance or privacy officer role within the Canadian financial services, banking, or FinTech sectors.
- Privacy Expertise: In-depth knowledge of PIPEDA, CASL, and provincial privacy laws.
- Professional Stature: Must possess the authority and experience necessary to independently manage regulatory relationships and internal investigations.
