Avp, Privacy and Compliance

Career Opportunity

Role Title

AVP, Privacy and Compliance

Purpose of role

Reporting directly to the VP Compliance, the AVP, Privacy & Compliance is responsible for leading, evolving and maintaining a robust enterprise-wide privacy program that ensures Foresters adheres to sound and effective privacy and data management practices and complies with the many legal and regulatory obligations applicable to the collection, use, disclosure and retention of personal data. The AVP, Privacy & Compliance is also responsible for oversight, management and/or execution on day-to-day privacy risk management activities, including drafting privacy policies and related privacy documentation, incident /breach management, training, privacy impact assessments, compliance reviews and reporting.

**Job Description**:
Key Responsibilities
- Oversee a team of privacy compliance professionals to evolve and maintain a comprehensive enterprise-wide privacy program for a business operating in Canada, US, and the UK, that defines, develops and implements privacy-related policies, compliance frameworks, processes, risk assessments, training, and ongoing compliance monitoring for the business.
- Champion privacy efforts at Foresters across business lines and strategic initiatives.
- Advise business lines of privacy risks for new / changing initiatives and develop strategies with the business lines to manage those risks, including conducting privacy impact assessments.
- Work with IT and Information Security teams to ensure that security practices are consistent with privacy and compliance requirements.
- Stay abreast of applicable (Canada, US, UK) privacy laws, regulations, trends, best practices, and accreditation standards.
- Monitor advancements in information privacy technologies and data usage by insurers and sales organizations to ensure organizational awareness and potential innovation and compliance.
- Lead and support privacy reporting to various stakeholders and leadership levels, including the board of directors.
- Develop strategy and oversee the delivery of privacy training and communications to ensure employees are well-informed on key privacy issues.
- Serve as the external point of contact with privacy regulators with regard to potential privacy breaches and/or privacy related complaints.
- Develop and maintain processes to identify and address evolving privacy and data protection risks inherent in Foresters operations and in the development of new products/services.
- Support the oversight and development of team members.
- Initiate, facilitate and promote activities to foster information privacy awareness.
- Work with legal counsel, management and internal stakeholders to ensure Foresters has and maintains appropriate privacy consents, authorizations, notices and materials reflecting current organizational and legal practices and requirements.
- Contribute to the development and maintenance of a comprehensive incident response plan and ensure emerging privacy incidents / breaches are appropriately assessed and managed to resolution.
- Support other Compliance team initiatives as required
- Represent Foresters and participate in various industry groups and /or committees.

Key Qualifications
- Minimum of 5+ years of directly related work experience in privacy, data protection/ data governance
- Law degree
- Experience in a compliance or risk management role in insurance, technology and/or regulated industries is an asset
- CIPP/C, CIPM or similar designation is an asset
- Well versed with private sector Canadian federal and provincial privacy laws and solid working knowledge of UK and US privacy laws and privacy trends. Knowledge of UK Data Protection Act, as well as US state and federal privacy laws impacting life insurers is an asset
- Strong leadership skills, including the ability to manage and develop a small team
- The ability to think strategically while developing practical approaches to privacy.
- Familiarity with privacy issues in relation to digital /technology (e.g., mobile, cloud, data lakes, analytics, etc.)
- Knowledge of information technology / information security concepts and processes that impact the protection of personal information is an asset
- Ability to distill complex and often ambiguous legal concepts into effective operational solutions
- Excellent collaboration and communications skills (oral, written, presentation), ability to build relationships, engage and influence others. Must be comfortable communicating with individuals at all levels of the organization, including senior management and the Board.
- Practices sound judgement; a high level of integrity and trust.
- Strong leadership and analytical and problem-solving skills to precisely interpret complex regulatory and/or legal concepts, diagnose challenges and issues and develop action plans and innovative business solutions.
- Ability to gather information on complex issues and situations, systematically analyze and develop into a