Senior Analyst, Privacy & Compliance

at  Foresters Financial Services Inc

Career Opportunity
Role Title
Senior Analyst, Privacy & Compliance
Purpose of role
Reporting directly to the Assistant Vice-President, Privacy & Compliance at Foresters Financial, the Senior Analyst, Privacy & Compliance, is responsible for supporting, evolving, and maintaining robust North American Privacy, Cybersecurity and AI Regulatory Compliance Programs, including some synergies with Foresters UK business.
The Senior Analyst joins a small, dynamic Compliance team responsible for oversight, guidance, advice, and effective challenge to meet Foresters’ obligations with respect to management of regulatory compliance risks. The role will also support the broader Compliance team’s goals. Foresters supports a hybrid work environment.
Job Description

Key Responsibilities

• Work with AVP, Privacy & Compliance, the Compliance team, and relevant business units to operate effective compliance programs aligned with applicable laws, industry standards and regulatory expectations. This may include but is not limited to the following:
• Investigate and manage privacy related issues, breaches, or incidents, such as drafting and submitting timely regulatory reporting and individual notices when required, as well as recommend and ensure the implementation of corrective action plans, while maintaining regulatory records.
• Conduct privacy impact assessments with relevant business and operations teams, draft policies and provide compliance support to business initiatives while assessing privacy risks.
• Gather information and handle data subject requests, such as access, correction and deletion requests as they come in.
• Provide compliance support to cybersecurity incident management, such as timely management of regulatory reporting and individual notices when required for cybersecurity incident, review the incident management response plan and cybersecurity policies, and maintain regulatory records.
• Provide compliance support to AI & Model risk governance, including for potential AI uses cases at Foresters.
• Actively monitor and assess applicable regulatory developments, trends, and best practices that may impact or benefit Foresters’ business, to support the Program and the Regulatory Compliance Management (RCM) Framework.
• Generate and compile effective reporting, distilling analytics to identify privacy and RCM risk issues and support risk-based testing and monitoring.
• Execute vendor privacy due diligence reviews including potentially analyzing SOC2 or SIG Lite type reports, as well as retention policies and other vendor information through the Foresters third-party risk management framework.
• Support the development and operation of a Compliance monitoring and testing program, issues management program, and reporting for each, under the RCM Framework.
• Conduct testing of business and compliance controls, including development and execution of a test plan and applicable reporting.
• Ensure that compliance issues are appropriately logged, and remediated, ensuring the analysis, key themes, and/or root causes are identified, and impact is assessed.
• Support that relevant compliance policies, standards and procedures are developed, documented, and maintained.
• Represent Foresters and participate in various industry groups and /or committees.
• As needed, update regulatory charts, templates, playbooks, and processes.

Key Qualifications

• Minimum of 5+ years of directly related work experience in Privacy Compliance, ideally at a Canadian or US financial institution.
• Understanding of privacy compliance risk management impacting Canadian and US financial services organizations, ideally including life insurance.
• Sound and balanced professional judgment to identify and escalate issues, assess risks and controls, and develop recommendations.
• Background or experience in vendor privacy due diligence an asset.
• Strong critical thinking and analytical skills with a focus on problem solving and continuous improvement.
• Attention to detail and focus on realistic action steps and timelines.
• Experience distilling complex and often ambiguous legal concepts into effective operational solutions.
• Collaboration and communications skills (oral, written, presentation), ability to build relationships, engage and influence others. Must be comfortable communicating with individuals at all levels of the organization.
• Post-secondary degree (or equivalent work experience).
• Bilingual proficiency in English and French is desirable.
• Professional privacy certifications or designations (eg. CIPP or equivalent), is an asset.
• Requires analytical and problem-solving skills to support the interpretation of complex regulatory and/or legal concepts, including supporting the team in diagnosing challenges and issues and developing action plans and innovative business solutions.

• Work with AVP, Privacy & Compliance, the Compliance team, and relevant business units to operate effective compliance programs aligned with applicable laws, industry standards and regulatory expectations. This may include but is not limited to the following:
• Investigate and manage privacy related issues, breaches, or incidents, such as drafting and submitting timely regulatory reporting and individual notices when required, as well as recommend and ensure the implementation of corrective action plans, while maintaining regulatory records.
• Conduct privacy impact assessments with relevant business and operations teams, draft policies and provide compliance support to business initiatives while assessing privacy risks.
• Gather information and handle data subject requests, such as access, correction and deletion requests as they come in.
• Provide compliance support to cybersecurity incident management, such as timely management of regulatory reporting and individual notices when required for cybersecurity incident, review the incident management response plan and cybersecurity policies, and maintain regulatory records.
• Provide compliance support to AI & Model risk governance, including for potential AI uses cases at Foresters.
• Actively monitor and assess applicable regulatory developments, trends, and best practices that may impact or benefit Foresters’ business, to support the Program and the Regulatory Compliance Management (RCM) Framework.
• Generate and compile effective reporting, distilling analytics to identify privacy and RCM risk issues and support risk-based testing and monitoring.
• Execute vendor privacy due diligence reviews including potentially analyzing SOC2 or SIG Lite type reports, as well as retention policies and other vendor information through the Foresters third-party risk management framework.
• Support the development and operation of a Compliance monitoring and testing program, issues management program, and reporting for each, under the RCM Framework.
• Conduct testing of business and compliance controls, including development and execution of a test plan and applicable reporting.
• Ensure that compliance issues are appropriately logged, and remediated, ensuring the analysis, key themes, and/or root causes are identified, and impact is assessed.
• Support that relevant compliance policies, standards and procedures are developed, documented, and maintained.
• Represent Foresters and participate in various industry groups and /or committees.
• As needed, update regulatory charts, templates, playbooks, and processes