Senior Counsel – Privacy – Data & Cybersecurity

Senior Counsel – Privacy – Data & Cybersecurity

Requirements

• Law degree from an accredited law school and qualified to practice law in Canada
• At least 8 years of relevant experience as a lawyer working at a major law firm or in-house (privacy, technology, cybersecurity and incident response, and general commercial practice)
• In-depth knowledge of federal and provincial privacy legislation, and familiarity with cybersecurity risk management, integrity and security, and incident reporting requirements applicable to financial institutions and banks, strongly recommended
• Advanced communication (written and verbal), negotiation, conflict resolution, legal research and analytical skills
• Ability to simplify, problem solve, multitask and work effectively against deadlines
• Strong teamwork and client relationship management skills

Responsibilities

• Monitoring and tracking current and emerging privacy and cybersecurity laws and regulations, and translate legal terms into business requirements, guidance and advice
• Providing privacy and data-related legal advice to lines of business, and data, technology, cybersecurity and privacy teams, in respect of new initiatives and corporate arrangements
• Providing legal advice on areas relevant to data protection and cybersecurity risk management, including to draft or review terms and conditions related to cybersecurity risk management initiatives, enterprise technology and information security standards, policies, procedures and playbooks
• Providing legal advice to cybersecurity and privacy teams, including during investigations to ensure that they are conducted and documented appropriately to minimize risks, protect personal and other confidential information, and fulfill legal obligations arising from incidents
• Providing privacy legal advice on matters or initiatives involving artificial intelligence, biometrics, and tools or arrangements to prevent or detect fraud or financial crime
• Advising on a wide range of privacy, data and information security matters, including customer escalations and access requests, data breaches, data retention and information-sharing arrangements
• Providing legal advice to lines of business, incident management and investigation units to address potential legal, regulatory, economic and reputational risk(s) to the bank, arising from operational incidents, including to identify and liaise with additional internal stakeholders or subject matter experts, as appropriate
• Remaining current on evolving regulatory requirements and expectations, as well as Canadian case law, in connection with a range of privacy, data use and innovation, cybersecurity risk management and incident management topics
• Oversight of external counsel and other third-party vendors when necessary
• Other duties, as assigned

Preferred Qualifications

• Experience in the banking and financial services sector, an asset
• Versatile and flexible, with ability to navigate uncertainty
• Operates with creativity and innovation; seeks different perspectives and new ideas