Lead the Risk and Compliance Function: Provide direction, structure, and oversight to ensure effective execution of all compliance and risk initiatives.
Identify, Assess, and Mitigate Risks: Partner with teams to proactively identify, assess, and address operational, IT, and data privacy risks.
Collaborate Cross-Functionally: Work with developers, customer support, and team leads to close gaps and implement effective risk mitigation strategies.
Build and Improve Compliance Frameworks: Develop, maintain, and continuously enhance frameworks, processes, and procedures aligned with evolving standards and regulations (PIPEDA, COPPA, GDPR).
Strengthen Software Security: Lead and support software updates to improve security controls and maintain regulatory compliance.
Lead Audits and Assessments: Coordinate third-party audits and conduct internal assessments, including SOC 2 and PCI DSS.
Manage Security Incidents: Oversee incident response, including investigation, reporting, communication, and remediation.
Report and Communicate: Prepare and present clear compliance reports and documentation for internal and external stakeholders.
Deliver Training and Awareness: Promote a strong culture of data security through training and team enablement.
Lead and Develop the Team: Mentor team members, support their growth, and build accountability within the function.
Engage with Clients and Vendors: Act as a key point of contact to meet security and compliance requirements.

6+ years of experience in privacy, data security, compliance, and risk management.
Postgraduate education in cybersecurity or a related field.
Strong understanding of Canadian privacy laws and regulations.
Experience in providing training and developing policy documents related to privacy and compliance.
Project management experience; PMP certification is a strong asset but not required.
Bonus points if you have a CIPP/C, CIPM, or other relevant privacy/security certifications

Risk and Compliance Team Lead

Key skills