Senior Manager, Compliance & Privacy
Full time | Mid-Level | Reports to the Interim Chief Compliance Officer
Hybrid role (2 days in-office requirement).
Position SummaryWealthONE is seeking an experienced Senior Manager, Compliance & Privacy to own and mature the Bank’s Privacy Compliance Program. This senior role is responsible for all aspects of privacy compliance, from regulatory monitoring and Privacy Impact Assessments to breach management and OPC liaison, with a strong and specific emphasis on Privacy by Design (PbD) as a strategic and operational discipline embedded across the Bank’s products, services, and technology initiatives. The successful candidate will be the Bank’s subject matter expert on Canadian privacy law, a trusted advisor to business lines, and a champion of privacy-by-design culture across the organization.
KEY RESPONSIBILITIES1. Privacy Program Management- Own, manage, and mature the Bank’s end-to-end Privacy Compliance Program, ensuring full alignment with PIPEDA’s 10 Fair Information Principles, the Privacy Act, Bill C-27, and applicable provincial privacy legislation.
- Maintain and update the Privacy Program documentation to reflect legislative changes and OPC guidance.
- Develop and maintain a comprehensive privacy regulatory requirements library covering all applicable federal and provincial privacy obligations.
- Prepare and present quarterly and annual privacy compliance reports to the Interim Chief Compliance Officer and senior management.
- Monitor OPC findings, guidance documents, and enforcement decisions for applicability to the Bank’s operations and update the program accordingly.
2. Privacy by Design (PbD) – Program Leadership- Champion Privacy by Design as a core organizational value.
- Embed privacy requirements into the Bank’s project governance and product development lifecycle.
- Lead privacy architecture reviews for all new digital banking platforms, mobile applications, core banking system changes, cloud migrations, and third-party technology integrations.
- Apply PbD principles to the Bank’s open banking / CBDA implementation.
- Lead the Bank’s data minimization and purpose limitation program.
- Design and implement privacy-by-default settings for all consumer-facing digital products and services.
- Establish and maintain a Personal Information Inventory (data map) for the Bank.
- Oversee the Bank’s Records Retention and Destruction Program as it relates to personal information.
3. Privacy Impact Assessments (PIAs)- Lead and conduct PIAs for all new products, services, technologies, and business processes involving personal information.
- Identify privacy risks and provide practical, risk-based PbD recommendations.
- Maintain a PIA registry and track implementation of all PIA recommendations to closure.
- Assess the privacy management, data portability, and third-party data sharing.
4. Privacy Breach Management- Lead the Bank's privacy breach response program — including breach identification, containment, risk assessment, and mandatory breach notification under PIPEDA and the CPPA.
- Assess whether a breach constitutes a 'real risk of significant harm' requiring OPC notification and individual notification — coordinating responses within regulatory timelines.
- Maintain the breach register and conduct post-breach root cause analyses.
- Liaise with IT Security, Operations, and Legal during privacy breach response.
5. Consent Management & Individual Rights- Oversee the Bank's consent management framework — ensuring all personal information is collected, used, and disclosed with valid, meaningful, documented consent under PIPEDA.
- Manage individual access requests, correction requests, and privacy complaints — ensuring timely and compliant responses.
- Design and oversee consumer consent mechanisms for open banking / CDBA data sharing — ensuring consent is granular, revocable, and fully auditable.
- Ensure opt-in consent mechanisms (not opt-out) are used for all non-essential data collection — consistent with PbD Principle 2.
6. OPC Regulatory Liaison & Compliance- Serve as the Bank's primary point of contact with the Office of the Privacy Commissioner of Canada (OPC) for all privacy regulatory interactions — complaints, investigations, audits, and voluntary consultations.
- Coordinate the Bank's response to OPC complaints and prepare formal submissions in coordination with Legal.
- Prepare for and support OPC audits and examinations — maintaining all required records in a readily retrievable format.
- Monitor OPC Commissioner's findings, guidance, and CPPA transition guidance for applicability to the Bank.
7. Third-Party & Vendor Privacy Management- Oversee the Bank's vendor privacy risk management program — reviewing and negotiating privacy and data processing provisions in all vendor contracts.
- Conduct vendor privacy assessments using a risk-based approach.
- Apply PbD principles to vendor selection and onboarding.
- Ensure personal in