Help make a difference for Canadians. CMHC’s aspiration is that by 2030, everyone in Canada has a home that they can afford and that meets their needs. All of our programs and activities support this singular goal.
Join the Office of the Chief Risk Officer Team, where we enable each employee to embrace risks within established limits
You will manage the design, implementation, maintenance and oversight of the corporate-wide data governance and privacy risk management program, as well as for the development of a strategy and plan for the implementation of a strong and sustained privacy and data governance culture across the Corporation. You will provide strategic and authoritative advice related to data governance (including IT risk and control concepts) and privacy risk management and support the oversight of related risk management activities across the Corporation. This position play a key role in advising and influencing stakeholders responsible for risk management in the first line and supporting assertions of privacy compliance to the Privacy Officer and Senior Management, the Board and external authorities such as the Privacy Commissioner.Responsibilities:
• Lead the development of data governance and privacy risk management frameworks and advise/contribute substantially to the development of associated policies, guidelines, procedures and tools, and oversee their implementation.
• Influence strategic decision making related to the management of privacy and data governance risk through advice, subject matter expertise and reporting to Senior Management.
• Provide expert advice related to appropriate data governance and IT controls for the safeguarding of personal information at the enterprise level.
• Provide strategic guidance to establish the Corporation’s risk appetite as it relates to Information & Technology Risk and the management of privacy risk, including the establishment of an enterprise-wide appetite statement and the design of metrics for the quantification of risk exposure and tolerance range (i.e.cyber, data integrity, access controls, information security).
• Support the Corporation in the development of risk mitigation plans to ensure risk is aligned to appetite.
• Aggregate enterprise-wide results and report on privacy and data governance risk and mitigating activities.
• This position plays a key role in advising and influencing stakeholders responsible for risk management in the first line and supporting assertions of privacy compliance to the Privacy Officer and Senior Management, the Board and external authorities such as the Privacy Commissioner
• Oversees cross functional data governance risk management activities.
• Support Operational risk team in Risk and Control Self Assessment oversight related to privacyMinimum Qualifications:
• Undergraduate degree in a relevant field such as computer systems, information management, or business administration.
• Certified Information and Privacy Professional/Canada (CIPP/C) certification or equivalent industry recognized certifications are highly preferred.
• Professional Risk Management Certificate (e.g. CRM) is an asset.
• Minimum of 10 years of relevant work experience
Posting closing date: Note, the competition may remain active until filled