Senior Manager, Compliance & Privacy

ComplianceFull TimeToronto, ONHybrid

Apply Now

Senior Manager, Compliance & Privacy

Full time | Mid-Level | Reports to the Interim Chief Compliance Officer

Hybrid role (2 days in-office requirement).

 

Position Summary

WealthONE is seeking an experienced Senior Manager, Compliance & Privacy to own and mature the Bank’s Privacy Compliance Program. This senior role is responsible for all aspects of privacy compliance, from regulatory monitoring and Privacy Impact Assessments to breach management and OPC liaison, with a strong and specific emphasis on Privacy by Design (PbD) as a strategic and operational discipline embedded across the Bank’s products, services, and technology initiatives. The successful candidate will be the Bank’s subject matter expert on Canadian privacy law, a trusted advisor to business lines, and a champion of privacy-by-design culture across the organization.

 

KEY RESPONSIBILITIES

1.    Privacy Program Management

  • Own, manage, and mature the Bank’s end-to-end Privacy Compliance Program, ensuring full alignment with PIPEDA’s 10 Fair Information Principles, the Privacy Act, Bill C-27, and applicable provincial privacy legislation.
  • Maintain and update the Privacy Program documentation to reflect legislative changes and OPC guidance.
  • Develop and maintain a comprehensive privacy regulatory requirements library covering all applicable federal and provincial privacy obligations.
  • Prepare and present quarterly and annual privacy compliance reports to the Interim Chief Compliance Officer and senior management.
  • Monitor OPC findings, guidance documents, and enforcement decisions for applicability to the Bank’s operations and update the program accordingly.

2.    Privacy by Design (PbD) – Program Leadership

  • Champion Privacy by Design as a core organizational value.
  • Embed privacy requirements into the Bank’s project governance and product development lifecycle.
  • Lead privacy architecture reviews for all new digital banking platforms, mobile applications, core banking system changes, cloud migrations, and third-party technology integrations.
  • Apply PbD principles to the Bank’s open banking / CBDA implementation.
  • Lead the Bank’s data minimization and purpose limitation program.
  • Design and implement privacy-by-default settings for all consumer-facing digital products and services.
  • Establish and maintain a Personal Information Inventory (data map) for the Bank.
  • Oversee the Bank’s Records Retention and Destruction Program as it relates to personal information.

3.    Privacy Impact Assessments (PIAs)

  • Lead and conduct PIAs for all new products, services, technologies, and business processes involving personal information.
  • Identify privacy risks and provide practical, risk-based PbD recommendations.
  • Maintain a PIA registry and track implementation of all PIA recommendations to closure.
  • Assess the privacy management, data portability, and third-party data sharing.

4.    Privacy Breach Management

  • Lead the Bank's privacy breach response program — including breach identification, containment, risk assessment, and mandatory breach notification under PIPEDA and the CPPA.
  • Assess whether a breach constitutes a 'real risk of significant harm' requiring OPC notification and individual notification — coordinating responses within regulatory timelines.
  • Maintain the breach register and conduct post-breach root cause analyses.
  • Liaise with IT Security, Operations, and Legal during privacy breach response.

5.    Consent Management & Individual Rights

  • Oversee the Bank's consent management framework — ensuring all personal information is collected, used, and disclosed with valid, meaningful, documented consent under PIPEDA.
  • Manage individual access requests, correction requests, and privacy complaints — ensuring timely and compliant responses.
  • Design and oversee consumer consent mechanisms for open banking / CDBA data sharing — ensuring consent is granular, revocable, and fully auditable.
  • Ensure opt-in consent mechanisms (not opt-out) are used for all non-essential data collection — consistent with PbD Principle 2.

6.    OPC Regulatory Liaison & Compliance

  • Serve as the Bank's primary point of contact with the Office of the Privacy Commissioner of Canada (OPC) for all privacy regulatory interactions — complaints, investigations, audits, and voluntary consultations.
  • Coordinate the Bank's response to OPC complaints and prepare formal submissions in coordination with Legal.
  • Prepare for and support OPC audits and examinations — maintaining all required records in a readily retrievable format.
  • Monitor OPC Commissioner's findings, guidance, and CPPA transition guidance for applicability to the Bank.

7.    Third-Party & Vendor Privacy Management

  • Oversee the Bank's vendor privacy risk management program — reviewing and negotiating privacy and data processing provisions in all vendor contracts.
  • Conduct vendor privacy assessments using a risk-based approach.
  • Apply PbD principles to vendor selection and onboarding.
  • Ensure personal information transferred to third parties — including cloud providers and open banking accredited entities — is protected to PIPEDA-equivalent standards.

8.    Privacy, Training, Awareness & Culture

  • Design, deliver, and maintain an annual privacy training program for all Bank employees — covering PIPEDA obligations, privacy policies, breach reporting, and PbD principles.
  • Create PbD awareness resources — guidelines, quick reference cards, checklists — to help staff embed privacy at the design stage.
  • Foster a culture in which privacy is seen as a value and a competitive advantage, not a compliance burden.

9.    RCM Program Integration

  • Ensure privacy compliance — including PbD controls — is fully integrated into the Bank's Regulatory Compliance Management (RCM) program with defined controls, monitoring metrics, and testing protocols.
  • Conduct and support internal control testing of privacy controls as part of the annual RCM testing program.
  • Identify privacy compliance deficiencies and manage remediation through to closure.
  • Prepare privacy compliance metrics and KPIs for management reporting and board-level governance reporting.

 

QUALIFICATIONS & EXPERIENCE

Required:

  • Minimum 7 years of progressive compliance, privacy, or legal experience in a federally regulated financial institution
  • Deep, hands-on knowledge of PIPEDA — including Fair Information Principles, breach notification, consent requirements, and individual access rights
  • Demonstrated experience implementing Privacy by Design — applying PbD principles in product development, technology projects, or digital transformation initiatives
  • Experience conducting Privacy Impact Assessments and managing privacy breach response including OPC notifications
  • Knowledge of Bill C-27 and its anticipated impact on federally regulated FIs
  • Familiarity with provincial privacy legislation — Quebec Law 25, BC PIPA, Alberta PIPA
  • University degree in law, business, compliance, information management, or a related field
  • Strong written and verbal communication skills — ability to advise senior management and write clear, plain-language privacy policies, PIAs, and assessments

Preferred:

  • Professional privacy designation — CIPP/C, CIPM, or CIPT (IAPP)
  • Formal training or certification in Privacy by Design (e.g., IAPP PbD certification, Ann Cavoukian PbD practitioner training)
  • Experience with CDBA / open banking privacy obligations — consent management and data portability
  • Experience managing OPC investigations, complaints, or audits
  • Familiarity with GDPR and cross-border data transfer requirements
  • Experience with privacy technology tools — consent management platforms or data mapping tools
  • Knowledge of CASL and its intersection with privacy

 

What You Need to Know

At WealthONE, our people are our greatest asset. You’ll become part of a diverse and growing team that acknowledges everyone’s unique talents to do what’s right for the client, and to do it well.  As part of our team, you will:

  • Thrive: Benefit from an open and approachable culture that provides the flexibility and support you need to integrate your life at work and at home.
  • Connect: Work in a place that fosters creativity and collaboration.
  • Develop: Apply your skills and grow your career in a young, fast-growing environment.
  • Prosper: Share in our collective success with a competitive salary, incentive pay, and excellent health benefits program.

 

WealthONE is an equal opportunity employer committed to creating an inclusive environment where all team members and clients feel like they belong.

To learn more, please visit us at Wealth One Bank of Canada - About Us

Apply NowSee all open positions