Senior Manager, Data Privacy Risk Management
RBC
Privacy Risk Specialist
Aviso Wealth
full-time
Posted on:
Location Type: Hybrid
Location: Toronto • 🇨🇦 Canada
Visit company websiteSalary
💰 CA$115,000 - CA$135,000 per year
Job Level
Mid-LevelSenior
Tech Stack
Cloud
About the role
- Serve as the central point of contact for all privacy-related projects, vendor engagements, new system integrations, and AI-related inquiries
- Lead the development and implementation of Aviso’s privacy management framework, including tools, policies, processes, and training
- Promote a culture of privacy awareness and provide expert guidance across the organization
- Conduct complex and technical Privacy Impact Assessments (PIAs), Transfer Impact Assessments (TIAs), AI Assessments, and Privacy Compliance Audits, while also performing privacy risk and vendor assessments
- Create and maintain processes for TIAs and ensure alignment with cross-jurisdictional data processing requirements
- Monitor and interpret emerging privacy legislation and AI governance standards to ensure proactive compliance
- Collaborate with internal stakeholders to maintain records of processing activities and ensure data lifecycle compliance
- Evaluate vulnerabilities identified through PIAs, TIAs or AI Assessments and lead the implementation of corrective actions
- Communicate emerging privacy risks and manage consistency of practices across business units
- Conduct systematic audits to identify areas for improvement and non-compliance
- Develop and track KPIs/KRIs related to privacy assessments and program performance
- Present regular reports and insights to executives and governance committees when applicable
- Maintain logs of outstanding remediation plans and ensure timely updates from initiative owners
- Work closely with business units, IT, legal, and external regulators to uphold privacy governance
- Provide privacy consultation and support during system development, procurement, and modernization initiatives
- Ensure timely identification and resolution of privacy risks without impacting project timelines
- Participate in the Product Operating Model and provide subject matter expertise on privacy controls during the design and implementation of pilot programs
Requirements
- Privacy Impact Assessment Expertise: Minimum 3 -5 years of experience conducting PIAs for medium to high complexity projects, including both cloud-based and on-premise environments
- Operational Privacy Experience: At least 5 years of hands-on operational privacy experience in a corporate or financial industry setting
- Privacy Requirements Drafting: 5+ years of experience drafting and reviewing privacy requirements for data sharing agreements
- Legislative Knowledge: Deep understanding and practical implementation of Canadian privacy legislation, including PIPEDA, provincial laws (e.g., BC/AB PIPA, Quebec’s Law 25), CASL, FISA 702, EO 12333, OECD Privacy Principles, and other emerging privacy and AI regulations
- Technical PIA Execution: Proven experience performing PIAs and TIAs on complex IT applications across cloud and on-premise infrastructures
- Information Security Acumen: Strong grasp of technical and information security concepts relevant to privacy risk assessment
- Reporting & Issue Management: Skilled in preparing and communicating PIA findings to business units, tracking outstanding issues, and coordinating with project teams for resolution
- Privacy Control Optimization: Ability to provide actionable recommendations to enhance privacy controls across business lines
- Investigations & Audits: Experience conducting privacy investigations, compliance reviews, and audits where applicable
- Policy Development & Implementation: Demonstrated success in initiating, developing, and implementing privacy policies, procedures, and practices using solid project management skills
- Collaboration & Influence: Ability to build trust, foster professional relationships, and contribute to an inclusive and high-performance culture
- Regulatory Engagement: Experience working with regulatory bodies and navigating regulatory matters
- Cross-Functional Coordination: Capable of managing workstreams that span multiple departments
- Self-Starter Mindset: Innovative thinker with strong analytical, research, documentation, and project management skills
- Nice-to-Haves
- Educational Background: Degree in law, information technology, business, or a related field
- Certifications: IAPP certifications such as CIPP/C, CIPP/M, or AIGP
- IT/Data Governance Experience: Familiarity with IT systems or data governance practices
- Industry Experience: Background in the financial services or securities industry
- Language Skills: Fluent communication skills in English are required and bilingual skills in French are an asset
Benefits
- Competitive compensation package that rewards and recognizes individual contributions
- Excellent health, dental and insurance benefits to meet the diverse needs of our employees
- Generous vacation time, fitness benefit, parental leave top-up options
- Matching contributions to our retirement program
- Commitment to the continuous improvement of our staff through learning & development and an education assistance program
- Regular social events to foster teamwork
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Privacy Impact AssessmentTransfer Impact AssessmentAI AssessmentPrivacy Compliance AuditPrivacy Requirements DraftingTechnical PIA ExecutionInformation SecurityPolicy DevelopmentProject ManagementData Lifecycle Compliance
Soft skills
CollaborationInfluenceAnalytical SkillsCommunicationTrust BuildingProblem SolvingSelf-Starter MindsetResearch SkillsDocumentation SkillsCross-Functional Coordination
Certifications
CIPP/CCIPP/MAIGP
