Manager, Privacy

About The Position

Requirements

• Post-secondary degree in a related field or equivalent experience.
• Demonstrated knowledge of Canadian privacy law (provincial and national) and anti-spam law supported by minimum 6 years of data governance or management related experience at a senior level
• Extensive knowledge of Canadian federal and provincial privacy laws, CASL requirements, and international privacy and data protection frameworks.
• Significant hands-on experience conducting PIAs, VRAs, TIAs, and privacy compliance assessments independently.
• Strong understanding of records management, record retention obligations, and records of processing activities.
• Exceptional analytical, investigative, and problem-solving skills with strong attention to detail.
• Ability to exercise sound judgment and make independent decisions in a fast-paced, high-risk environment.
• Strong technical aptitude with the ability to quickly learn and adapt to new technologies, systems, and privacy tools.
• Understanding of systems architecture, data flows, operational processes, and customer data ecosystems.
• Experience managing privacy incidents, breach response processes, and regulatory reporting obligations.
• Excellent verbal and written communication skills, including the ability to communicate complex privacy concepts to diverse stakeholders.
• Proven ability to manage sensitive and confidential matters with discretion and professionalism.
• Experience supporting luxury retail or high-touch customer service environments and interacting with high-net-worth clientele.
• Experience liaising with regulators, government agencies, and law enforcement authorities.
• Strong organizational and project management skills with the ability to manage multiple priorities simultaneously.

Nice To Haves

• Ability to conduct research in multiple languages

Responsibilities

• Support the Chief Privacy Officer in the development, implementation, and ongoing management of Holt Renfrew’s privacy and anti-spam compliance programs.
• Provide mentorship and direct manager towards Specialist, Privacy.
• Provide strategic privacy guidance across the organization and oversee the work of a Privacy Specialist.
• Lead and operationalize Privacy by Design principles across business initiatives, systems, and processes.
• Conduct and oversee Privacy Impact Assessments (PIAs), Vendor Risk Assessments (VRAs), and Transfer Impact Assessments (TIAs).
• Maintain and oversee records of processing activities, record retention requirements, and privacy compliance documentation.
• Advise business stakeholders on the collection, use, disclosure, retention, and safeguarding of personal information and customer profiles.
• Identify, assess, and mitigate privacy, regulatory, operational, and reputational risks.
• Lead privacy incident response activities, including investigation, risk assessment, breach notification, and regulatory communications.
• Support vendor onboarding and ongoing third-party risk management activities related to privacy and data protection.
• Liaise with government agencies, regulators, and law enforcement authorities regarding privacy-related inquiries and requests.
• Provide privacy guidance and support within customer service environments, including matters involving high-net-worth and luxury clientele.
• Conduct legal and regulatory research on Canadian and international privacy laws and emerging privacy trends, including research in multiple languages where required.
• Develop and deliver privacy-related policies, procedures, guidance materials, and training initiatives.
• Collaborate cross-functionally with Legal, IT, Security, Marketing, HR, and business teams to ensure privacy compliance and risk management alignment.

Benefits

• competitive total compensation
• generous employee discount
• pension
• health & dental benefits
• tuition assistance
• continuous learning and development