|
Purpose
Contributes to the overall success of the Enterprise Privacy Office in globally ensuring specific individual goals, plans, and initiatives are executed / delivered in support of the team’s business strategies and objectives. Ensure all activities conducted are in compliance with governing regulations, internal policies and procedures.
Accountabilities
The incumbent will support Scotiabank’s privacy program and is accountable for: Assisting in the development and management of privacy policies and programs; providing training and awareness; and supporting business units in managing privacy complaints, inquiries, incidents and breaches. The incumbent will stay apprised of applicable federal and provincial privacy laws and monitor developments in privacy laws and regulations to promote the Bank’s adaptation and compliance.
Specific accountabilities include:
Incident & Breach Management
- Acting as the subject-matter expert supporting business lines to manage privacy incidents. This includes assessing severity, developing scripting and determining the root cause.
- Addressing daily privacy escalations and significant incidents which may require collaboration with the Privacy Breach Management Team.
- Maintaining accurate and complete records of privacy incidents and supporting documentation for legal and regulatory purposes.
- Collaborating closely with other Bank stakeholders such as IT security and the business to respond to, investigate, and resolve privacy incidents.
Complaint Management
- Acting as a resource and subject-matter expert for the Bank’s customer-facing business lines and/or Centres to effectively manage privacy related customer complaints, including evaluating whether there has been a breach of customer privacy, assessing severity, developing scripts, and assessing whether systemic issues may have arisen, etc.
- The incumbent will collaborate closely with the Escalated Customer Concerns Office (ECCO), Ask Operations, Customer Complaints Appeals Office (CCAO), Global Client Experience Centres (GECE), 1B Internal Controls Canadian Banking, 1B Internal Controls Wealth, Human Resources (HR), Employee Relations (ER), Fraud Management, Corporate Security among other units, to support complaint resolution.
Access to Information Requests
- Supports the 1B Internal Controls teams in the review and approval of Access to Information Requests, working collaboratively with relevant business units to ensure timely and compliant fulfillment in accordance with applicable privacy legislation and regulatory requirements.
Training and Awareness
- Assisting in the development and implementation of applicable internal and customer-facing privacy and related policies and guidelines.
- Developing privacy training materials and other communications to increase employee understanding of Scotiabank privacy policies, procedures and legal obligations.
- Delivering on-going privacy training and awareness to employees.
- Working with business unit compliance officers to help promote awareness of “best practices” on privacy issues.
Monitoring and Oversight
- Identifying privacy risks across business units and making recommendations, as well as communicating and following up on recommendations to stakeholders.
- Monitoring key privacy and data protection legislation, analyzing compliance requirements, and making recommendations as needed.
- Supporting the development of metrics and the related reporting to senior management and enterprise stakeholders.
- Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
- Actively pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
- Champions a high-performance environment and contributes to an inclusive work environment.
Education/Experience
- Certified Information Privacy Professional (CIPP), or Information Technology Certification is an asset
- Undergraduate University Degree (preferably in business or Information technology)
- 4+ years of experience in financial services, preferably with related work experience in Privacy or Compliance
- Highly knowledgeable about global privacy and information security regulations, enforcement trends and best practices
- Knowledge in risk management, privacy and compliance controls and customer dispute resolution strategies
- Analytical and high organized with strong multi-tasking, documentation, and record-keeping
- Familiar with information security concepts, and able to quickly understand and assess financial services technology, systems and processes.
- Skilled in analyzing information from data sets and identifying trends and patterns to help create risk mitigation plans to drive business decisions.
- Highly skilled in communicating both verbally and in writing to develop succinct and useful reporting on compliance issues for a management audience
- Proficient in using Microsoft office applications
- Able to solicit and keep the good will and cooperation of a wide range of individuals, including operational and senior management, while providing advice, guidance and strategic influencing on complex privacy compliance issues.
- French proficiency an asset
|