Privacy and Compliance Analyst

About The Position

Requirements

• 5+ years of experience in privacy, data security, compliance, and risk management.
• Postgraduate education in cybersecurity or a related field.
• Strong understanding of Canadian privacy laws and regulations.
• Experience in providing training and developing policy documents related to privacy and compliance.
• Project management experience; PMP certification is a strong asset but not required.
• Proactive and confident in engaging with stakeholders across various levels
• Strong interpersonal skills with the ability to build and maintain cross-team relationships
• Excel at evaluating, assessing, and troubleshooting complex issues
• Thrive in dynamic environments with the ability to multitask and manage competing priorities
• Extroverted and energized by collaborative work settings
• Demonstrate a proactive approach to problem-solving and continuous improvement
• Have strong proficiency in Microsoft 365, with an interest in IT and technology (IT background is an asset).

Nice To Haves

• IT background is an asset.
• PMP certification is a strong asset but not required.
• Bonus points if you have a CIPP/C, CIPM, or other relevant privacy/security certifications

Responsibilities

• Execute Risk & Compliance Initiatives: Manage and deliver privacy, security, and compliance projects, ensuring alignment with organizational goals and timelines.
• Identify and Mitigate Risks: Proactively assess operational, IT, and data privacy risks, partnering with cross-functional teams to implement effective mitigation strategies.
• Build and Improve Frameworks: Develop, maintain, and enhance compliance frameworks, policies, and procedures aligned with evolving regulations (PIPEDA, COPPA, GDPR) and industry standards.
• Support Audits and Assessments: Coordinate third-party audits (e.g., SOC 2, PCI DSS) and conduct internal assessments to ensure ongoing compliance.
• Strengthen Security Practices: Support software security improvements and contribute to initiatives that enhance controls and reduce risk exposure.
• Manage Security Incidents: Lead or support incident response activities, including investigation, documentation, communication, and remediation.
• Review and Resolve R&C Requests: Triage and respond to compliance-related tickets and inquiries, providing timely guidance and solutions to internal teams.
• Research and Apply Regulatory Standards: Stay current on privacy laws and industry requirements, translating them into practical policies and operational processes.
• Communicate and Report: Prepare clear, accurate compliance documentation and reports for internal stakeholders, clients, and auditors.
• Engage with Stakeholders: Liaise with clients, vendors, auditors, and internal teams to address compliance requirements and support ongoing initiatives.
• Deliver Training and Awareness: Support training efforts and help foster a culture of data security and compliance across the organization.

Benefits

• Employee Stock Ownership Plan (ESOP)
• Full medical, dental, and vision coverage
• Life insurance and disability insurance
• Health spending account
• Flexible working hours
• On-the-job training and growth opportunities
• Free on-site parking