The Privacy and Access Council of Canada

Canada's voice for privacy and access

Manager, Data Protection — Coast Capital Savings — Surrey BC

by

 

Purpose

The Manager, Data Protection plays an important 2nd Line of Defence role in protecting Coast Capital (including its subsidiaries) against significant regulatory, legal and reputational risks arising from collection, use, disclosure, retention and destruction of data, including personal information. The incumbent is responsible for supporting and executing enterprise level practices in alignment with regulatory requirements and best practices to ensure Coast Capital remains in compliance with all Canadian laws/regulations (Federal, Provincial and Local) pertaining to data protection, including privacy legislation, CASL and data retention requirements. In alignment with Coast Capital’s risk appetite, the incumbent manages the implementation of Coast Capital’s Regulatory Compliance Management Framework (RCMF), as it pertains to data protection, in a manner that supports corporate objectives/goals, and protects the assets, employees, members and reputation of Coast Capital.

Corporate Responsibility

At CCS, one of our goals is to be recognized as one of Canada’s leading companies. We strive to have a positive economic, environmental and social impact, providing responsible leadership in the marketplace, the workplace and in the communities where we live and work. We operate in a regulated environment whereby public trust is paramount. As a company and as employees, we will conduct ourselves with the highest standards of integrity and professionalism without exception, at all times.

INDIVIDUAL/KEY CONTRIBUTIONS/RESPONSIBILITIES

Industry Awareness.

  • Maintain a high awareness of industry standards as well as global trends to effectively manage regulatory risks; plus work collaboratively with the applicable risk owner(s) to ensure Coast Capital’s practices are in alignment with these standards
  • Represent Coast Capital in industry associations on matters relating to data protection as appropriate

Leadership.

  • Enhance the competencies and skills of data protection function staff through coaching, mentoring and supporting professional development
  • Enhance the competencies and skills of the first line of defence staff on data protection issues through coaching, mentoring and providing guidance
  • Promote an effective team culture whereby there is a commitment towards engagement and high performance built upon our values, mission and purpose
  • Proactively identify emerging regulatory risks and work collaboratively with senior leaders to support them in developing/implementing controls to adequately manage these risks
  • Proactively build and maintain positive relationships with leaders across the enterprise to support them in meeting their regulatory compliance responsibilities
  • Provide subject matter expertise to senior leaders/business lines to manage regulatory risks
  • Work collaboratively with other Group Risk Management leaders to support their objectives.

Program Management

  • Promote and support the implementation of the RCMF, as it relates to data protection
  • Engage with business units to determine key regulatory risks and controls to manage these risks
  • Identify, assess, validate, log and track until resolution regulatory compliance gaps/risks; plus provide guidance to business units to remedy them
  • Ensure a regulatory risk register is maintained with up to date information relating to regulatory requirements applicable to Coast Capital; plus ensure the requirements are mapped to internal risk owners
  • Develop, implement and maintain awareness and training activities in collaboration with internal stakeholders relating to data protection
  • Perform a second line of defence role by developing, implementing and maintaining regulatory compliance management practices within the data protection function
  • Review data protection policy/procedures for the organization to ensure they are effective, efficient and address data protection risks.
  • Work collaboratively with business units to ensure regulatory risks are assessed by the risk owner(s) for new business activities, operational changes, and new corporate initiatives; provide the appropriate level of challenge, oversight and guidance to ensure compliance
  • Conduct continuous monitoring of material processes against defined performance tolerances, and provide oversight of the first line of defence responses to breaches of tolerances
  • Conduct continuous monitoring of Coast Capital’s operating environment and the inherent regulatory risks to identify and effectively respond to changes in the inherent risks, providing guidance to business units for each separate risk identified
  • Monitor, and as appropriate challenge, the assessment of appropriateness and effectiveness of risk management for identified regulatory risks
  • Support the maintenance of an RCM tool to ensure that Coast Capital is aware of current, new or changing applicable regulatory requirements so that it may respond appropriately to meet the requirements
  • Implement, operationalize and maintain the regulatory risk change management process to support the RCMF; including maintaining procedures to ensure the appropriate regulatory risk owners are provided with current and accurate information needed to identify, assess, communicate, manage and mitigate regulatory risk (e.g. for new or changing regulatory requirements)
  • Provide guidance and support to regulatory risk owners with the implementation of controls to manage regulatory compliance risk
  • Provide guidance and support to regulatory risk owners relating to their documented governance frameworks, policies, procedures, and standards to manage regulatory risk
  • Provide guidance and support to the regulatory risk owners with mapping of regulatory risks to key processes and controls
  • Provide guidance and support to regulatory risk owners relating to risk assessments to be performed by the first line of defence
  • Provide guidance and support to projects that have an impact on data protection, including through privacy impact assessments
  • Manage requests from external stakeholders in relation to regulatory compliance risk, including external auditors and regulators, as required, coordinating responses from subject matter experts as appropriate
  • Track and report on incidents, risks, patterns, trends and themes related to regulatory risk to the Director, Regulatory Compliance Management
  • Identify and escalate material regulatory risk issues to the Director, Regulatory Compliance Management and others, as appropriate, in a timely manner to enable their effective management of the issues

Technology Infrastructure

Manage and/or provide oversight of technology which supports regulatory risk management, including as appropriate, data management for individual risks identified

CORE COMPETENCIES

These are the 4 Core Competencies that all Coast Capital employees are asked to progressively demonstrate starting with the first word (knowledgeable, curious, engaged, open-minded, listen) from the moment our time with Coast starts. If we all demonstrate these competencies, we will uphold our brand, core values, business and leadership models, mission, vision and we will maintain our competitive advantage.

Accountable. We are accountable for achievement of our Individual Performance Goals and/or Success Measures. We demonstrate our accountability by the following behaviors: we are knowledgeable, responsible, reliable, accurate and we deliver.

Avid Learner/Embraces Change. We are a learning organization with a passion for innovation. We engage in learning, mentorship and personal development opportunities. We are curious, we seek, acquire, apply and share knowledge. We embrace change by being open-minded, understanding, adaptive, committed and creative.

Effective Team Member/Inspiring Leader. We engage in spirited teamwork. As an effective team member, we lend a hand to a team member in need, motivate others with a positive attitude and share great ideas. We are engaged, contributing, respectful, supporting and questioning.

Helpful. “Helpful” is practically our middle name and we take it to the next level. We listen, we are responsive, we are resourceful, pro-active and action oriented

Decision Making. Performed within broad guidelines requiring considerable judgement and initiative to interpret policy in planning and implementing major projects and work assignments.

Planning.Complex planning of major projects and work that requires substantial co-ordination of programs, budgets and activities is required.

This position will play a key role in implementing the RCMF both within the RCM function and on an enterprise level; this work will involve significant planning and thought leadership for effective implementation.

Magnitude/Impact on the Organization. Results achieved are internally focused and affect an entire Department AND/OR are externally focused and affect all customers and stakeholders within the context of a Department’s programs and services.

Qualifications

Minimum Job-Related Experience

Minimum 10 Years of Job Related Experience

Experience with regulatory requirements pertaining to data protection is required; consideration will be given to individuals with other risk management or legal experience (e.g. enterprise/ operational risk management or legal experience). Experience relating to cybersecurity, data processing and information technology is preferred. Experience in working on enterprise level initiatives or projects is required. Experience in working with, providing direction to, and supporting other internal stakeholders up to senior management levels is required.

Minimum Formal Education

Bachelor’s Degree or a diploma requiring 3 – 4 years of full-time study.

Relevant professional certification is an asset

Minimum Technical Skills

  • Strong knowledge of MS Excel, Word, Outlook and PowerPoint
  • Strong understanding in developing policies, procedures and processes
  • Experienced or knowledgeable in using risk management concepts and controls (e.g. risk assessments, policies/procedures, reporting, etc.)
  • Strong workshop facilitation or teaching skills
  • Strong ability to gather data/information and create reports
  • Strong analytical and problem solving skills
  • Strong ability to identify emerging risks, conceptualize their impact, and initiate appropriate action to manage the risks
  • Strong knowledge in managing risks through the development, implementation and continuous improvement of risk management frameworks
  • Strong understanding of the operational processes and procedures used within a financial institution

Minimum Non-Technical Skills

  • Strong leadership and change management skills
  • Strong ability to develop people through coaching/mentoring to help drive performance
  • Strong oral and written communication skills; able to present information in a clear and concise manner at all levels of the organization
  • Strong team player
  • Strong ability to work independently
  • Highly motivated
  • Strong ability to prioritize initiatives and manage time and resources effectively
  • High ethical performance standards and professionalism
  • Strong ability to foster professional and respectful relationships at all levels, both internally and externally
  • Quick learner
  • Strong problem solving, negotiating and influencing skills
  • Strong decision making and judgment skills
  • Strong interpersonal skills

For more information and to apply contact Saroj Vasant, VP AMLATF and Compliance; saroj.vasant@coastcapitalsavings.com