Director, Privacy Risk & Compliance

Privacy Risk Management Program

• Lead the ongoing development, implementation, and enhancement of the Bank’s enterprise-wide Privacy Risk Management Program.
• Support the Chief Privacy Officer in developing privacy strategies aligned with the Bank’s risk appetite and regulatory expectations.
• Oversee the Bank’s privacy risk assessment framework, including PIAs (Privacy Impact Assessments), risk reviews, and mitigation strategies.
• Drive the integration of privacy by design principles into product development, technology initiatives, and data governance practices.

Regulatory Compliance Management (RCM) for Privacy

• Serve as 2nd LOD overseeing the Bank’s compliance with privacy laws, regulations and key guidance documents.
• Oversee identification, documentation, and communication, of privacy-related regulatory requirement and controls.
• Ensure appropriate controls, processes, and testing are in place to meet compliance expectations under OSFI’s RCM Guideline E-13 and other applicable requirements.
• Monitor and report on the effectiveness of privacy controls and escalate deficiencies to senior leadership and governance committees.
• Own and champion the Bank’s Enterprise Privacy Policy, working cross-functionally to ensure a robust and compliant position on Privacy compliance.

Leadership & Advisory

• Act as a trusted advisor to senior executives, legal, risk, and business leaders on privacy risks, trends, and emerging regulations.
• Lead a team of privacy professionals; mentor, coach, and develop staff to support the privacy compliance agenda.
• Represent the Bank in industry forums and regulatory discussions related to privacy and data protection.

Monitoring & Incident Management

• Oversee privacy incident response, breach investigation, and regulatory reporting protocols.
• Conduct root cause analysis and recommend enhancements to prevent recurrence of privacy breaches.

Training & Awareness

• Develop and implement a privacy training and awareness strategy tailored to diverse employee groups and risk levels.
• Promote a culture of privacy and ethical data handling throughout the organization.

People Leadership & Team Management

• Lead, mentor, and develop a team of compliance professionals, ensuring high standards of performance, engagement, and professional growth.
• Set clear goals, provide regular feedback, and conduct performance and talent development reviews.
• Foster a team culture built on collaboration, integrity, inclusion, and continuous improvement.
• Identify and address resourcing needs, including succession planning and upskilling to support evolving compliance requirements.
• Encourage innovation in compliance methodologies, use of data, and technology-enabled solutions.

Let's About Talk You!

• University degree in Law, Business, Risk Management, or a related field; CIPP/C, CIPM, or equivalent privacy certification is strongly preferred.
• 7-10 years of progressive experience in privacy, compliance, or risk management roles, preferably within financial services or regulated sectors.
• Proven experience designing and operationalizing privacy risk management programs in complex environments.
• Deep knowledge of Canadian privacy laws (PIPEDA, CPPA, provincial equivalents), and a strong understanding of global privacy frameworks (e.g., GDPR, CCPA) is a plus.
• Familiarity with OSFI guidelines, especially E-13 (RCM) and E-21 (Operational Resilience), is an asset.
• Strategic mindset with ability to translate legal/regulatory requirements into operational solutions.
• Strong analytical, communication, and stakeholder engagement skills.
• Demonstrated leadership and team management capabilities.
• High level of integrity, discretion, and professionalism.