Privacy and Records Manager -Canada & US

About The Position

Requirements

• Bachelor’s degree (law, business, information management, public policy, privacy/data governance or related)
• 4 -7 years in a regulated or industrial environment
• Has actually been in charge of all or part of a privacy program
• Experience supporting or managing: Privacy impact assessments (PIAs/DPIAs), Data inventories or data mapping exercises, Incident/breach tracking and documentation
• Has dealt with regulators
• Has had exposure to more than dimply Ontario regulatory framework
• Fluent in English (written and oral)
• Excellent written communication skills (policies, summaries, clear business guidance)
• Strong verbal communication skills, with the ability to explain privacy and records requirements in plain language to non-legal audiences
• Ability to work effectively with cross-functional stakeholders (IT, HR, operations, business teams)
• Comfortable following up and driving accountability across teams
• Able to balance collaboration with firm but respectful pushback
• Strong interpersonal skills and professional judgment
• Strong organizational and coordination skills
• Ability to manage multiple workstreams and competing priorities
• Experience tracking tasks, deliverables, and deadlines across stakeholders
• Detail-oriented with strong follow-through
• Practical, solutions-oriented mindset
• Ability to work with imperfect or incomplete information
• Knows when to act independently vs. escalate
• Sound judgment in handling sensitive or confidential information
• Proactive and self-directed
• Comfortable operating in a fast-paced, multi-jurisdictional environment
• Strong sense of ownership and accountability
• Comfortable organizing self, will be working in a less structured environment
• Strong proficiency in Microsoft 365 (especially Excel, Word, Outlook, Teams, SharePoint)
• Ability to track and manage information using spreadsheets or simple tools
• Ability to organize and maintain documentation in shared environments
• Comfortable learning new internal systems (e.g., DMS, privacy tools) without heavy technical support
• This role requires a balance of collaboration and coordination, including tracking deliverables and ensuring follow-through across multiple stakeholders.
• This person must have the ability to drive execution across others without direct authority.
• This role will not have any direct reports.

Nice To Haves

• Preferred but not mandatory professional certifications: CIPP/C (Canada) and/or CIPP/US (US), CIPM
• Policy drafting & roll-out, behavior change management & training a plus
• Exposure to records management / information governance, including: Retention schedules, Document classification and cleanup initiatives, Working with business units on classification
• French fluency is an asset
• Familiarity with basic project management approaches (formal or informal)

Responsibilities

• Develop and assist with implementation of new and updated forms, policies, and procedures; review and advise on required updates to policies and procedures as laws and regulations change; ensure there is alignment between policies with respect to privacy matters, both at a Company level and as between the Company and the Global level policies.
• Collaborate with our VCNA business and corporate groups (and global parent in Brazil) to identify and address privacy - related issues, including policies and procedures, that require improvement.
• Assist both external and internal parties in completing forms resulting from our privacy policies and procedures (including with respect to individuals who want correction or deletion of their data); respond to all PII-related requests.
• Serve as the internal subject matter expert on privacy law in all of our jurisdictions.
• Perform compliance monitoring related activities (e.g. personal data audits and record retention audits).
• Chief Privacy Officer duties under the Quebec Privacy Act.
• Act generally as a liaison with all VCNA departments, including IT, on privacy matters and on projects with any PII or other sensitive data facet.
• In cooperation with the Breach Coordinator and VCNA Response Team, be part of the response/participating in/coordinating VCNA’s response to any data breach.
• Work with different teams as necessary to improve record management from a privacy perspective.
• Work with IT to tighten controls around PII in VCNA systems (this may include, for example, recommending application of controls to existing repositories of PII, deletion of PII unnecessary for VCNA business purposes, moving PII out of insecure or uncontrolled repositories, or tightening access controls to PII).
• Responsible for evaluating Company projects against a threshold analysis to determine whether a PIA should be conducted; conducting all necessary PIAs; working with the project delivery team to ensure appropriate mitigations instituted.
• Participation in the team responsible for VCNA’s document management strategy and structure as the team institutes a new document management structure for the Company.
• Provide advice relating to VCNA’s collection, use, organization, accessibility, modification, storage, security, transfer, retrieval, receiving, maintenance, anonymization, de-identification, deletion, disclosure and management of data and work with employees to increase compliance.
• Responsibility for records management lifecycles, including overseeing the application of existing records management timelines to VCNA electronic systems and paper records and, where appropriate, vendor systems.
• Drive the agenda organization-wide of moving forward with a structured, defined approach to record management.
• Provide general training for VCNA and targeted training for groups with specific needs or challenges on policies relating to Privacy and Records, including Privacy Policies, Data Breach Response and related obligations and on data management best practices.
• Proactive interfacing with VCNA departments and employees to improve compliance.
• Planning & benchmarking - setting annual plans for each area (privacy & record management), with a longer-term plan in mind. This should take into account benchmarking and maturity comparisons with the industry.

Benefits

• Training, professional development
• Tuition reimbursement/assistance
• Competitive wages, vacation and holiday time
• Medical, dental, vision, disability and life insurance
• RRSP and DC (CAN) and 401K (U.S.)
• Lifeworks Employee Assistance Program (EAP): confidential support for you and your family (CAN)
• Educational scholarship program for dependents of regular salaried employees.
• Fertility drug coverage
• Paid Maternity Leave Top Up
• Hybrid work model for certain positions