With $171.4 billion in assets as of December 31, 2015, the Ontario Teachers’ Pension Plan is the largest single-profession pension plan in Canada. An independent organization, it invests the pension fund’s assets and administers the pensions of 316,000 active and retired teachers in Ontario.
This Compliance Analyst role will support the implementation of the Compliance operating model and the advancement of the information security program maturity. The Compliance Analyst will assist with all the activities related to the development, implementation, maintenance and adherence to Teachers’ privacy policies and procedures, and administering certain aspects of OTPP’s data loss prevention program. The Compliance Analyst will assist with activities relating to the Code of Conduct compliance program, and will administer the regulatory change management process.
- Supports build out of the Privacy Compliance Program.
- Maintains privacy compliance databases for receiving, documenting, tracking and investigating privacy related complaints, incidents and inquiries.
- Conducts privacy related research as assigned.
- Facilitates and promotes initiatives to foster information privacy awareness within Teachers’ that support overall strategy.
- Facilitates ongoing privacy impact assessments and privacy risk analysis reviews.
- Supports the Director, Privacy Compliance in the development, refinement, documentation, implementation, monitoring, and testing of privacy compliance policies, procedures and controls.
- Liaises with stakeholders to ensure the integration of privacy controls into daily workflow. Periodically reviews workflow to validate controls.
- Evaluates third party service providers’ compliance with privacy controls and other contractual obligations.
- Supports Director, Privacy Compliance with privacy compliance projects as assigned.
Data Loss Prevention
- Performs daily data loss prevention monitoring.
- Identifies data loss prevention issues and presents timely recommendations to address such issues within tight timelines.
- Maintains data loss prevention databases for tracking data loss incidents.
- Prepares data loss prevention metrics on an ad hoc basis and for reporting to the Information Security Steering Committee.
- Coordinates all aspects of a data loss investigation (research, contact, escalation, follow-up, reporting), often on short notice.
- Provides accurate and timely responses to inquiries from the Information Security Operations team.
- Prepares and delivers data loss prevention training to various stakeholders.
- Supports the development, refinement, documentation, implementation, monitoring, and testing of data loss prevention policies, procedures and controls.
- Assists Director, Privacy Compliance with data loss prevention projects as assigned.
Code of Conduct
- Supports the Code of Conduct compliance program including onboarding and off-boarding related activities, tracking of training, and semi-annual certification process.
Regulatory Change Management
- Supports the administration of the regulatory change management process.
- Bachelor’s degree in Business Administration, or Accounting and Financial Management, or related field is required.
- CIPP/C designation is required or must be obtained within first 12 months.
- 5 years related work experience in a related organization such as a financial institution or pension plan is required.
- Experience working closely with all levels of management including senior leaders and executives.
- Knowledge and understanding of legislative and regulatory requirements relating to privacy and protection of personal information.
- Working knowledge of administering and operationalizing IT agreements and contracts.
- Good understanding of risk management frameworks and ability to assess, rank and recommend risks and controls.
- Demonstrated organization, facilitation, communication and presentation skills.
- Crisis management skills.
- Ability to work under minimal supervision with occasional ambiguous situations.
- Strong computer skills, including intermediate MS Excel, MS PowerPoint, MS Project and Visio.
- Advanced project management and organizational skills, including ability to create procedures documentation, such as standard operating procedures, process flow maps and RACIs.
- Working knowledge of ServiceNow (or other workflow management systems).
- Relevant experience in a control function (e.g.: compliance, risk, internal audit, risk management)
- Demonstrated above-average analytical, research and problem solving skills enhanced with excellent written and verbal communication skills.
- Effective and proven communicator with individuals at varying levels within an organization.
- Strong ability to influence stakeholders at all levels without clear authority.
- Proven self-starter operating with a strong sense of urgency, multi-tasking and meeting competing priorities and multiple deadlines without compromising quality.
Closing Date: December 28, 2016