COMP  - Manager,  Privacy & Records Management

Haventree Bank is a private Canadian Schedule 1 bank specializing in alternative mortgage programs and insured GIC deposits. We help hardworking Canadians from coast-to-coast achieve homeownership by offering flexible mortgage solutions. Our insured GIC deposits offer competitive rates and are available through a variety of wealth management platforms.

COMP - Manager,  Privacy & Records Management

About Haventree Bank

Headquartered in Toronto, Ontario, Haventree Bank (Haventree) is a mission driven alternative mortgage lender. The name Haventree is representative of the bank’s mission to help its customers find a place of refuge and to lay down new roots for the future. Haventree exists to be a catalyst of financial security and upward mobility for Canadians who are underserved by the traditional financial system.

Position Summary:

Reporting to the Chief Compliance Officer & CAMLO, the Manager, Privacy & Records Management, is responsible for the Privacy Risk Management program to ensure adherence to Haventree Bank’s (“the Bank”) policies and procedures and compliance with regulations. In addition, they are responsible for the effective implementation and governance of the Bank’s record management program.

Major Duties & Responsibilities:

• Develops, leads, and executes the enterprise Privacy Risk Management Program and components, supporting the Chief Privacy Officer’s mandate.
• Conducts audits to ensure the Privacy Risk Program and any accompanying policies, practices etc. are being followed by business units and takes appropriate actions to ensure any identified gaps are mitigated, including revisions to personal information intake forms, access permission, data masking, etc.
• Assesses the privacy posture of the Bank’s third-party service providers, ensures contractual clauses are in place as required under relevant regulations, and makes recommendations regarding complementary internal data handling processes.
• Assesses the privacy laws and their enforcement in jurisdictions in which the bank’s information is kept.
• Conducts Privacy Impact Assessments (PIAs) for internal initiatives involving personal information, makes recommendations to follow privacy by design principles and takes appropriate remedial actions if any gaps are identified.
• Conducts assessments of reported privacy incidents to determine if there is Real Risk of Significant Harm to an individual(s) and prepares relevant reporting to regulators and affected individuals, where necessary.
• Prepares timely response to individual access, information, and disposition requests.
• Develops, assesses, plans and implements the Bank’s Records Management Program (including File Plan and Record Disposition Schedule) across all business units (with support of IT and key stakeholders.)
• Supports the Chief Privacy Officer by proactively monitoring legislation, regulatory and best practice developments and trends.
• Prepares monthly and quarterly reports to Senior Management and the Board of Directors on the status of the Bank’s adherence to Privacy and Record Management practices.
• Acts as a Privacy and Records Management champion in collaboration with IT and other business units to support new solutions, initiatives, and enhancements.
• Accountable for governance and oversight of the record retention and records management risks faced by the bank including management of records with third party vendors.
• Ensures consistency across the Bank including: file lifecycle, metadata, taxonomy, policies, procedures, training materials etc.
• Prepares and delivers periodic Privacy training to all staff and the Board of Directors.

Qualifications & Experience:

Degrees, Diplomas & Certifications:

• The position requires a bachelor’s degree ideally with an emphasis on Privacy, Records Management, and Information Governance.

Years and Range of Experience Required to Perform the Job:

• The position requires 5 years’ experience working in Privacy and administrating Corporate Records Management Programs within a Banking environment.
• Comprehensive knowledge of applicable legislation and solid understanding of information protection and confidentiality within a Schedule 1 Bank.
• Demonstrates ability to manage, plan, implement, organize and problem solve in a complex dynamic environment.
• Knowledge of Canadian federal and provincial privacy laws.
• Excellent written and verbal communication skills, and ability to develop and implement solutions to complex issues.

While we thank everyone for their interest in Haventree Bank, please note that only candidates selected for an interview will be contacted. Haventree Bank is committed to providing accommodation when needed. If you require an accommodation, we will work with you to meet your needs.

1. As a job candidate, our recruitment process includes collecting personal information. Please click the link here to review our Privacy Policy. Privacy Statement | Haventree Bank

2. Stay in touch with us, if this position is not the right one for you – please click on this link for other roles at Careers | Haventree Bank or follow us on LinkedIn at www.linkedin.com/company/haventree-bank/.

3. Haventree Bank embraces equal opportunity, diversity, and inclusion. Please let us know if you require any accommodations during the recruitment and selection process.