COMP  - Manager,  Privacy & Data Protection

COMP - Manager,  Privacy & Data Protection

About Haventree Bank

Headquartered in Toronto, Ontario, Haventree Bank (Haventree) is a mission driven alternative mortgage lender. The name Haventree is representative of the bank’s mission to help its customers find a place of refuge and to lay down new roots for the future. Haventree exists to be a catalyst of financial security and upward mobility for Canadians who are underserved by the traditional financial system.

Position Summary:

Reporting to the Chief Compliance Officer & CAMLO, the Manager, Privacy & Records Management, is responsible for the Privacy Risk Management program to ensure adherence to Haventree Bank’s (“the Bank”) policies and procedures and compliance with regulations. In addition, they are responsible for the effective implementation and governance of the Bank’s record management program.

Major Duties & Responsibilities:

• Develops, leads, and executes the enterprise Privacy Risk Management Program and components, supporting the Chief Privacy Officer’s mandate.
• Develops, assesses, plans and implements the Bank’s Records Management Program (including File Plan and Record Disposition Schedule) across all business units (with support of IT and key stakeholders.)
• Conducts audits to ensure the Privacy Risk Program and any accompanying policies, practices etc. are being followed by business units and takes appropriate actions to ensure any identified gaps are mitigated, including revisions to personal information intake forms, access permission, data masking, etc.
• Assesses the privacy posture of the Bank’s third-party service providers, ensures contractual clauses are in place as required under relevant regulations, and makes recommendations regarding complementary internal data handling processes.
• Assesses the privacy laws and their enforcement in jurisdictions in which the bank’s information is kept.
• Conducts Privacy Impact Assessments (PIAs) for internal initiatives involving personal information, makes recommendations to follow privacy by design principles and takes appropriate remedial actions if any gaps are identified.
• Conducts assessments of reported privacy incidents to determine if there is Real Risk of Significant Harm to an individual(s) and prepares relevant reporting to regulators and affected individuals, where necessary.
• Prepares timely response to individual access, information, and disposition requests.
• Supports the Chief Privacy Officer by proactively monitoring legislation, regulatory and best practice developments and trends.
• Prepares monthly and quarterly reports to Senior Management and the Board of Directors on the status of the Bank’s adherence to Privacy and Record Management practices.
• Acts as a Privacy and Records Management champion in collaboration with IT and other business units to support new solutions, initiatives, and enhancements.
• Accountable for governance and oversight of the record retention and records management risks faced by the bank including management of records with third party vendors.
• Ensures consistency across the Bank including: file lifecycle, metadata, taxonomy, policies, procedures, training materials etc.
• Prepares and delivers periodic Privacy training to all staff and the Board of Directors.

Qualifications & Experience:

Degrees, Diplomas & Certifications:

• The position requires a bachelor’s degree ideally with an emphasis on Privacy, Records Management, and Information Governance.

Years and Range of Experience Required to Perform the Job:

• The position requires 5 years’ experience working in Privacy and administrating Corporate Records Management Programs within a Banking environment.
• Comprehensive knowledge of applicable legislation and solid understanding of information protection and confidentiality within a Schedule 1 Bank.
• Demonstrates ability to manage, plan, implement, organize and problem solve in a complex dynamic environment.
• Knowledge of Canadian federal and provincial privacy laws.
• Excellent written and verbal communication skills, and ability to develop and implement solutions to complex issues.