Privacy Officer (Reporting to Head of Regulatory Compliance, HSBC Canada)
Graduate job Toronto (Toronto Division) Design / Civil engineering / Industrial engineering
Job description
Employment Type: Regular
Reporting to the Head of Regulatory Compliance, the Privacy Officer will lead the creation of a Privacy Program for Canada within the guidelines of the Global Standards AML regime. This role will oversee the Privacy Program and regulatory work for HBCA, including all ongoing activities related to the development, implementation, maintenance, adherence and imbedding of the Global policies and procedures covering the privacy of, and access to personal information, in line with federal and provincial privacy laws and industry best practices. The role will advise senior management regarding the requirements of privacy related laws and regulations and will assist in drafting and introducing relevant policies and procedures. This role will work to ensure appropriate investigation, resolution and reporting of policy breaches and will develop safeguards and controls to avoid future breaches. This role will also assist with the development and delivery of targeted training regarding privacy related laws, regulations and policies.
Impact on the Business
Is fully accountable for the Privacy Program.
Provides oversight, development guidance and directs the identification, administration and maintenance of organization information privacy process, policies and procedures.
Work closely with senior management, business areas, the Chief Compliance Officer (CCO) and General Counsel to establish an enterprise-wide approval, monitoring and reporting for the use and release of privacy data internally and externally.
Design, develop, implement and provide leadership for the creation and implementation of an entity wide Privacy Program.
Develop and oversee the implementation in collaboration with Legal, Compliance, Information Security Risk, Global
Businesses and Global Functions HOST and third party services, to ensure all privacy risks, requirements and responsibilities are addressed.
Develop organization-wide privacy process, policies, standards, and procedures.
Revise the Privacy Program as necessary to comply with changes in the law, regulations, professional ethics, and the company’s requirements and as necessary due to changes in the technical, systems and or business environment.
Ensure appropriate use and protection of personal information with strong privacy governance and management that is an effective means of mitigating privacy risks and ensuring that fair information principles are applied in business decisions and day to day operations. Ensure ongoing privacy training is provided to all employees.
Ensure activities, investigations and escalations adhere to the privacy regulations in Canada.
Act as the escalation point for general privacy complaints, providing confidential, neutral assistance to protect against unfair treatment and help resolve conflicts.
Develop guidance that will assist staff in responding to questions from customers about our Privacy Program, including information on how to contact the Privacy Officer internally and externally.
Undertake periodic reviews of policies and procedures and represent the bank with regulatory investigations, commissions and other bodies, as appropriate.
Undertake privacy impact assessments before new products, services or information systems are introduced or existing ones are significantly changed.
Customers / Stakeholders
Collaborate with Legal, Compliance, Information Security Risk, Human Resources, and the business units, global functions or HOST in handling any federal or provincial government investigations or regulatory examinations of the organization regarding privacy.
Serve as liaison to regulatory and accrediting bodies for matters relating to privacy.
Leadership & Teamwork
Recruit, select and develop resources as needed, providing them with the appropriate training, assignments and opportunities to assume greater responsibilities.
Promote effective management of privacy information across the organization through collaborative processes and effective and timely decision making.
Work strategically across the enterprise and system leveraging resources to meet overriding privacy goals and objectives working in concert with other support resources.
Develop external contacts among industry peer groups to determine/validate that HSBC Canada is following and instrumental in developing industry best practices.
Lead and develop an effective team through communication, performance management, development plans and reward/recognition practices. Cultivate an environment that supports diversity and reflects the HSBC brand.
Promote an environment that supports diversity and reflects the HSBC brand.
Operational Effectiveness & Control
Maintain current knowledge of applicable federal and provincial privacy laws and accreditation standards, and monitor advancements in information privacy technologies, to ensure organizational adaptation and compliance.
Oversee and conduct a technical and business privacy gap and risk analysis. Perform initial and periodic privacy and security risk assessments and conduct ongoing monitoring activities in coordination with the company’s Information Security Risk, Compliance, Operational Risk & Internal Control (ORIC) and Audit functions.
Establish the reporting and monitoring mechanism to track access to personal information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
Oversee all access to personal information.
Ensure compliance with privacy practices and communicate failures to comply with privacy policies, procedures and processes for all individuals in the organization’s workforce, extended workforce and for all business associates, in cooperation with Human Resources staff, Legal Counsel, Procurement or Compliance and Operational Risk & Internal Control (ORIC). Oversee and perform internal reviews of breaches and make recommendations to senior management for corrective action.
Serve as the enterprise privacy training official, oversee, develop, direct and ensure delivery of privacy training and orientation to all senior management, employees, professional staff, contractors, business partners/associates and other appropriate third parties.
Initiate and promote activities to foster privacy and security awareness and compliance within the organization in collaboration with key stake holders.
Collaborate closely with Information Security Risk and HOST counterparts to monitor the privacy environment to assure privacy data are secure and protected.
Assist, as an integral member of the design team, to build a secure systems environment.
Recruit, select and develop resources and contractors, as needed, providing them with the appropriate training, assignments and opportunities to assume greater responsibilities.
To implement the Group compliance policy locally by containing compliance risk in liaison with the Head of Group Compliance, Global Business Compliance Officer, Area Compliance Officer or Local Compliance Officer, ensuring adequate compliance resources and training, fostering a compliance culture and optimizing relations with regulators.
Ensure that all employees are aware of and effectively identify and manage applicable money laundering (ML), terrorist financing (TF), sanctions and reputational risks.
Complete other responsibilities, as assigned
Major Challenges
Maintain awareness of major regulatory changes affecting HSBC Canada (enterprise-wide) and work with all stakeholders to ensure compliance with applicable regulations.
Role Context
Serves as the Privacy Officer for HSBC in Canada. Providing design and development guidance and directing the identification, administration and maintenance of organization information privacy process, policies and procedures in coordination with Information Security Risk, Legal Counsel, Compliance, Audit, Risk/ORIC, Business Owners, and HOST.
To ensure that our Privacy Program continually adapts to changing needs and requirements through continuous self-improvement, effective and coordinated project management, and by pro-actively planning the utilization, deployment, sharing and leveraging of upgraded and/or new technologies, data, systems, methodology's and techniques.
Management of Risk
Shall be responsible for overseeing and ensuring that risk standards are in accordance with the Group Standards Manual (GSM) and appropriate Function Instructional Manuals (FIMs). Robust local risk policies Business Instruction Manuals (BIMs) to be in place and reviewed regularly for their ongoing adequacy.
Ensure employees apply compliance, operational risk controls in accordance with HSBC or regulatory standards and policies; and optimize relations with regulators by addressing any issues.
Promote an environment that supports diversity and reflects the HSBC brand.
Observation of Internal Controls
Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
To implement the Group compliance policy locally by containing compliance risk in liaison with the Global Head of Compliance, Global Compliance Officer, Regional Compliance Officer or Local Compliance Officer, ensuring adequate compliance resources and training, fostering a compliance culture and optimizing relations with regulators.
Desired profile
Certified Information Privacy Professional (CIPP) certification desired.
Multiple years of experience (8 – 10 years) in the various privacy disciplines (e.g., policy, compliance, incident response, personal information inventory, information security, training and awareness, etc.)
Experience with developing and implementing privacy programs.
Prior experience in developing and managing staff.
Knowledge of privacy laws and regulations.
Legal or Operational background in the financial services industry preferred.
Bachelor’s degree in business, related field or equivalent experience preferred.
Practical experience and familiarity with self-assessment models, operational risk and internal controls is preferred.
Highly developed managerial, communications, negotiations, analytical, organizational, project management and planning skills.