Privacy Program Manager

Questrade Financial Group (QFG), through its companies - Questrade, Inc., Questrade Wealth Management Inc., Community Trust Company, Zolo, and Flexiti Financial Inc., provides securities and foreign currency investment, professionally managed investment portfolios, mortgages, real estate services, financial services and more. Questrade uses cutting-edge technologies to develop innovative products that give customers better, more affordable ways to take control of their money. 
 
We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of.
 
At QFG, we have a culture of innovation where technology serves people—both our team and our customers. We see AI as a collaborative and transformative enabler, and we are seeking forward-thinking individuals who can effectively integrate it into their daily work. The ideal candidate will be a catalyst for change, helping us use AI to create a more efficient and rewarding employee experience while also developing cutting-edge solutions that delight and serve our customers. Join us in shaping a future where AI empowers our team to do their best work and helps us deliver unparalleled customer experiences. 

This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, with a hybrid working environment you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at QFG.

What's in it for you as an employee of QFG?

• Health & wellbeing resources and programs 
• Paid vacation, personal, and sick days for work-life balance
• Competitive compensation and benefits packages
• Work-life balance in a hybrid environment with at least 3 days in office
• Career growth and development opportunities
• Opportunities to contribute to community causes
• Work with diverse team members in an inclusive and collaborative environment

We're looking for our next Privacy Program Manager. Could It Be You?

The Privacy Program Manager is a core operational role responsible for the daily execution of the enterprise Privacy Program.

Reporting to the Chief Privacy Officer, this role owns critical operational functions including incident management, regulatory response, and the end-to-end Privacy Impact Assessment process for using a Privacy by Design approach. Key deliverables include: ensuring overall compliance with Canadian privacy laws, driving program efficiency, and drafting formal executive-level and board reporting. This role is expected to act as an automation driver, actively seeking out and implementing AI and other emerging technologies to streamline core privacy practices, improve overall efficiency, and free up resources for high-value strategic work.

Need more details? Keep reading…

In this role, responsibilities include but are not limited to: 

Regulatory Compliance

• Front-Line Management: Oversee and actively manage customer-facing privacy communication channels, including privacy inboxes for multiple affiliates
• Regulatory Response: Lead the investigative process for formal privacy complaints, including gathering necessary data and drafting formal responses to customers and regulators.
• Data Subject Rights (DSRs): Manage the end-to-end process for handling all customer-related requests, including Data Subject Access Requests (DSARs).

Executive Reporting

• Strategic Reporting: Draft quarterly Board reports and executive summaries, detailing key privacy metrics, program status, emerging risks, and activities for review by senior leadership.
• Risk Acceptance: Facilitate the formal risk acceptance process by drafting risk acceptance documentation for review and acceptance by senior leadership.

Incident Management 

• Incident Leadership: Lead and manage internal privacy incidents from initial detection through resolution, including conducting Real Risk of Significant Harm (RROSH) assessments to determine regulatory reporting obligations.
• External Notification: Draft formal regulator and impacted client notices following a privacy incident, as required.

Vendor Management

• Third-Party Due Diligence: Review vendor responses to Third-Party Access Questionnaires to assess privacy risks and recommend mitigation strategies.

Program Governance

• Policy Documentation: Draft, update, and maintain essential internal privacy policies, standards, and guidelines.
• CASL Compliance: Provide guidance to Marketing teams regarding compliance with Canada's Anti-Spam Legislation (CASL), including reviewing and approving Commercial Electronic Messages (CEMs).

Risk Assessment

• Privacy Impact Assessments (PIAs): Lead and execute end-to-end PIAs for all project sizes, including high-risk and complex initiatives.
• Privacy by Design (PbD): Ensure the application of PbD principles by reviewing front-end UX/UI documentation for privacy compliance before implementation.
• Business Advisory: Provide timely, ad-hoc general privacy guidance and support across all business units and dedicated guidance for key projects.

Training, Awareness, and Automation

• Training Development: Design, develop, and implement comprehensive privacy training modules, including annual training, customer-facing training, human error incident training, and department-specific sessions.
• Education: Manage and coordinate internal and client-facing privacy awareness initiatives.
• Automation Initiatives: Drive process automation within the Privacy Office, using AI to streamline core privacy functions (e.g., PIAs, DSARs, intake).

So are YOU our next Privacy Program Manager? You are if you have…

• Experience: Minimum of 3 years of experience in data privacy, compliance, or a related field (e.g., legal, information security).
• Education: A bachelor's degree in Law, Information Technology, Business Administration, or a related discipline is generally expected.
• Certifications: Professional certification from the International Association of Privacy Professionals (IAPP) is highly desirable, preferably Certified Information Privacy Manager (CIPM) and/or Certified Information Privacy Professional (CIPP/C).
• Regulatory Knowledge: Working knowledge of Canadian privacy legislation (e.g., PIPEDA, CASL, and provincial equivalents) is required. Knowledge of international regulations (e.g., GDPR, CCPA) is an asset.
• Technical Proficiency: Proven experience working with Privacy Management software to manage PIAs, DSARs, and incident response.
• Strategic Communication: Excellent written and verbal communication skills, with a proven ability to synthesize and communicate complex technical privacy concepts clearly to diverse audiences, including executive leadership, technical teams, and customer-facing staff.
• Problem-Solving & Leadership: Demonstrated ability to lead and manage complex privacy matters (e.g., PIAs, incident response) from initiation through completion.
• Process Improvement: A proactive approach to driving operational efficiency and automation within the Privacy Program (e.g., implementing AI tools where appropriate, streamlining intake forms, improving PIA flow).
• Advisory Skills: Ability to provide timely, accurate, and practical ad-hoc privacy advice and guidance to various business units across the organization.
• Attention to Detail: Meticulous approach to reviewing contract documentation (e.g., DPAs), regulatory responses, and front-end user experience (UX) documentation for privacy adequacy.

Additional Information…

• Please note: This role will be required to be in office 3 days a week

Sounds like you? Click below to apply

#LI-LB1 

#LI-Hybrid

At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us. 

Questrade Financial Group of companies Applicant Tracking System utilizes artificial intelligence (AI) for application screening. The AI system operates on predetermined criteria, with final decisions subject to human review. 

Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.