Join the Global Community of Scotiabankers to help customers become better off.
Purpose of Job:
Contributes to the overall success of the Enterprise Privacy Office by safeguarding the information assets of the Bank from the consequences of non-compliance with privacy legislation, ineffective management of our liability on customer and employee personal information, regulatory sanction or damage to reputation.
To be a Privacy Compliance leader by establishing subject matter expertise in IT and Operational privacy controls and practices, identifying sources of best and leading industry IT and Operation privacy and risk-mitigation practices; establishing process to identify and assess risks in the Bank’s personal information repositories; assessing risk-mitigation practices to privacy exposures in the outsourced technology operation, by developing standards and control guidance, providing consulting and advisory services across the lines of business, and by building relationships with key IT service providers and business partners at the Bank.
Key Job Accoutabilities:
- Privacy impact Assessment Process
- Administering the Privacy Impact Assessment process, which involves assessing the privacy impact of all new technologies, services, processes and vendor relationships that involve the collection, use, disclosure and processing of customer and employee personal information. This includes building process for new as well as legacy projects and risk assessing these projects.
- Researching and supporting the establishment of core competency in international data-transfer legislation and practice, trans- and cross border data transfers, and identifying changes in international legislation; assessing operational impacts of the same, and advising IT&S on the trends in future control requirements.
- Business Unit Privacy Self-Assessments
- Supporting and administering the self-assessment exercise by: support the business in assessing privacy risks and controls, completing the Global Operational Risk annual report and following up where necessary to ensure action plans are complete. We will also contribute compliance-related content to the report.
- Technology Change Management
- Supporting the Privacy Office’s projections and safeguards over sensitive Bank personal information by assessing the impact of innovations in support of digital technology, including social media, tracking and profiling, and data analytics. Assessing the impact of changes in cloud and third party vendor management, new delivery channels such as mobile, and
- Implementing assessment mechanisms over third party and international data centers as a result of outsourced or cloud-enabled projects, including the analysis of Service Auditors reports and similar audit and third party attestations.
- Analytics and Reporting
- Manage and assist with management reporting regarding scope and coverage of the privacy program. Provide metrics and develop analytics based on breaches, risk present, controls and remediation procedures implemented enterprise-wide.
There will be additional duties and projects assigned that will support team leadership priorities as part of the Enterprise Privacy Office’s commitment to strong performance orientation.
The incumbent must be or become:
- Knowledgeable about the organization of Scotiabank, in particular, the risk management, control, administrative and operational structure, policies and procedures, and generally understand the business activities, products and services conducted/provided within or by various business units;
- Knowledgeable as to the uses of technology in online marketing, including the tracking of consumer behaviors online and best practices to present internet users with privacy notices and consumer choices;
- Familiar with information privacy concepts, financial services technology, systems and processes;
- Experienced at using technology to support compliance programs;
- Innovative and a self-starter with good research, project management and documentation skills;
- Skilled in communicating both verbally and in writing with all levels including branch staff, operational and senior management, regulators and customers;
- Sensitive to the diverse cultural make-up of the Bank’s customer and employee population;
- Able to solicit and keep the good will and cooperation of a wide range of individuals, including operational and senior management, while providing advice, guidance and strategic influencing on complex privacy compliance issues; and
- Proficient at written and verbal communications, in particular, the development of succinct and useful reporting on compliance issues for an Executive Management audience.
- Able to produce high quality dashboard reporting.
The incumbent must have:
- Good understanding about global privacy and data protection regulations, enforcement trends and best-practices;
- Sound judgment and a strong practical approach to considering courses of action;
- The flexibility to balance multiple accountabilities with competing priorities;
- The ability to work independently and to tight deadlines, and to quickly adapt to the unforeseen; and changes in priorities and initiatives.