Morneau Shepell Ltd
Senior Privacy Analyst
Legal, Risk and Privacy Department
National – Canada
As part of the Legal, Risk and Privacy Department, reporting to and under the supervision of the corporate Privacy Officer, the Senior Privacy Analyst will be responsible for key elements and offerings of the Company’s global privacy compliance function.
The successful candidate will work closely with business stakeholders to enhance and operationalize the privacy compliance programs in support of the Company’s business strategies, objectives and growing global footprint. The successful candidate will also support company-wide communication, awareness and training plans helping to ensure that employees know and understand how to manage personal information and the privacy-related obligations and risks that affect their roles.
The Senior Privacy Analyst will lead with influence and a continuous improvement mindset and will provide advice across all business lines including senior management, information security, risk & compliance and legal to enhance the global privacy program. The Senior Privacy Analyst will also collaborate with the information security team to ensure alignment between the security and privacy compliance programs.
To be successful in this role the Senior Privacy Analyst will need to understand data management, data analytics and the impact of technology on privacy compliance, and provide solid advice and customer support.
- Work collaboratively with Legal, Risk and Privacy team to provide guidance and advice in a consulting role for privacy compliance within the organization and provide assistance to business teams and management on the interpretation of privacy laws, government and internal policies, and industry standards
- Provide advice and guidance on operational implementations and compliance with the Company’s privacy program, including responding to requests from clients and partners
- Work with various stakeholders to address privacy, data protection and compliance questions and concerns relating to the sales processes (e.g. RFP questions, audit checklists, and agreements).
- Enhance the Company privacy program that defines, develops, maintains and implements policies and processes to enable consistent, effective privacy-compliant practices that minimize risk, balance operational imperatives, and ensure the confidentiality of personal information (including health and financial information) across our global business processes
- Facilitate and promote activities to champion information privacy awareness within Morneau Shepell and develop and implement standard methodologies
- Maintain current knowledge of applicable Canadian, US, EU and international privacy laws
- Coordinate and lead privacy impact assessments and/or privacy audits for internal products and services
- Participate in vendor risk management processes including vendor privacy audits
- Participate in client privacy audits and Company privacy certification and compliance initiatives (e.g. SOC 2) while coaching /guiding stakeholders on internal controls and governance processes
- Consult on response to RFP questions and contract privacy requirements
- Provide guidance on maintaining appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements
- Maintain and monitor the process for receiving, documenting, tracking, investigating, and acting on all privacy related complaints and breaches in coordination with other similar functions and, when necessary, external legal counsel
- Monitor advancements in information privacy technologies to ensure organizational awareness, adaptation and compliance where applicable
- Bachelor’s degree in Business, Legal, Information Systems or related field
- Professional Privacy Certification (Certified Information Privacy Professional (CIPP) or equivalent)
- Five (5) to ten (10) years of relevant experience
- Expert knowledge of relevant privacy laws, regulations and standards in Canada, US and EU
- Experience providing advice on issues related to foreign legislation (including GDPR) and ability to interpret laws and legal advice
- Understanding of IT and data management systems to assess security systems in place to protect personal information
- Experience in executing privacy / compliance programs, risk management, analysis and operational improvement using the principals of change management and project management
- Demonstrated organization, facilitation, communication and presentation skills
- Demonstrated experience and skills in collaboration, teamwork, and problem solving
- Background / experience with privacy compliance internationally (particularly GDPR)
- Experience in healthcare or financial sectors
- Knowledge of information technology and data management systems, including the cloud services