Privacy Program Manager

What's in it for you as an employee of QFG?

Health & wellbeing resources and programs 
Paid vacation, personal, and sick days for work-life balance
Competitive compensation and benefits packages
Work-life balance in a hybrid environment with at least 3 days in office
Career growth and development opportunities
Opportunities to contribute to community causes
Work with diverse team members in an inclusive and collaborative environment

This job posting is for an existing vacancy.
 
We're looking for our next Privacy Program Manager. Could It Be You?
The Privacy Program Manager is a core operational role responsible for the daily execution of the enterprise Privacy Program.
 
Reporting to the Chief Privacy Officer, this role owns critical operational functions including incident management, regulatory response, and the end-to-end Privacy Impact Assessment process for using a Privacy by Design approach. Key deliverables include: ensuring overall compliance with Canadian privacy laws, driving program efficiency, and drafting formal executive-level and board reporting. This role is expected to act as an automation driver, actively seeking out and implementing AI and other emerging technologies to streamline core privacy practices, improve overall efficiency, and free up resources for high-value strategic work.
 
Need more details? Keep reading…
In this role, responsibilities include but are not limited to: 
Regulatory Compliance

Front-Line Management: Oversee and actively manage customer-facing privacy communication channels, including privacy inboxes for multiple affiliates
Regulatory Response: Lead the investigative process for formal privacy complaints, including gathering necessary data and drafting formal responses to customers and regulators.
Data Subject Rights (DSRs): Manage the end-to-end process for handling all customer-related requests, including Data Subject Access Requests (DSARs).

Executive Reporting

Strategic Reporting: Draft quarterly Board reports and executive summaries, detailing key privacy metrics, program status, emerging risks, and activities for review by senior leadership.
Risk Acceptance: Facilitate the formal risk acceptance process by drafting risk acceptance documentation for review and acceptance by senior leadership.

Incident Management 

Incident Leadership: Lead and manage internal privacy incidents from initial detection through resolution, including conducting Real Risk of Significant Harm (RROSH) assessments to determine regulatory reporting obligations.
External Notification: Draft formal regulator and impacted client notices following a privacy incident, as required.

Vendor Management

Third-Party Due Diligence: Review vendor responses to Third-Party Access Questionnaires to assess privacy risks and recommend mitigation strategies.

Program Governance

Policy Documentation: Draft, update, and maintain essential internal privacy policies, standards, and guidelines.
CASL Compliance: Provide guidance to Marketing teams regarding compliance with Canada's Anti-Spam Legislation (CASL), including reviewing and approving Commercial Electronic Messages (CEMs).

Risk Assessment

Privacy Impact Assessments (PIAs): Lead and execute end-to-end PIAs for all project sizes, including high-risk and complex initiatives.
Privacy by Design (PbD): Ensure the application of PbD principles by reviewing front-end UX/UI documentation for privacy compliance before implementation.
Business Advisory: Provide timely, ad-hoc general privacy guidance and support across all business units and dedicated guidance for key projects.

Training, Awareness, and Automation

Training Development: Design, develop, and implement comprehensive privacy training modules, including annual training, customer-facing training, human error incident training, and department-specific sessions.
Education: Manage and coordinate internal and client-facing privacy awareness initiatives.
Automation Initiatives: Drive process automation within the Privacy Office, using AI to streamline core privacy functions (e.g., PIAs, DSARs, intake).

So are YOU our next Privacy Program Manager? You are if you have…

Experience: Minimum of 3 years of experience in data privacy, compliance, or a related field (e.g., legal, information security).
Education: A bachelor's degree in Law, Information Technology, Business Administration, or a related discipline is generally expected.
Certifications: Professional certification from the International Association of Privacy Professionals (IAPP) is highly desirable, preferably Certified Information Privacy Manager (CIPM) and/or Certified Information Privacy Professional (CIPP/C).
Regulatory Knowledge: Working knowledge of Canadian privacy legislation (e.g., PIPEDA, CASL, and provincial equivalents) is required. Knowledge of international regulations (e.g., GDPR, CCPA) is an asset.
Technical Proficiency: Proven experience working with Privacy Management software to manage PIAs, DSARs, and incident response.
Strategic Communication: Excellent written and verbal communication skills, with a proven ability to synthesize and communicate complex technical privacy concepts clearly to diverse audiences, including executive leadership, technical teams, and customer-facing staff.
Problem-Solving & Leadership: Demonstrated ability to lead and manage complex privacy matters (e.g., PIAs, incident response) from initiation through completion.
Process Improvement: A proactive approach to driving operational efficiency and automation within the Privacy Program (e.g., implementing AI tools where appropriate, streamlining intake forms, improving PIA flow).
Advisory Skills: Ability to provide timely, accurate, and practical ad-hoc privacy advice and guidance to various business units across the organization.
Attention to Detail: Meticulous approach to reviewing contract documentation (e.g., DPAs), regulatory responses, and front-end user experience (UX) documentation for privacy adequacy.

Additional Information…

Please note: This role will be required to be in office 3 days a week

Compensation Information:

Base salary range: $100,000 - $110,000
The final compensation package will be commensurated with the successful candidate's experience, skills, and geographic location (Canada). It includes a comprehensive benefits plan and a competitive incentive (bonus) program for Full-Time Permanent roles.

Sounds like you? Click below to apply
#LI-LB1 
#LI-Hybrid

---