Consultant

Description:

The Administration Division comprises Legal, Corporate Secretary, the Ombudsman and Privacy and Corporate Development departments. Collectively, this division is responsible for the provision of legal advice across CIBC, provides leadership on governance practices, privacy and reputational risk, and is also a key participant in creating long-term value and directing the development and execution of CIBC’s strategy and strategic planning processes.

Administration is responsible for:

providing legal support to assist CIBC in meeting its goals and effectively managing legal outcomes, by providing independent legal advice, as well as related transactional, regulatory and litigation support, to business management across all lines of CIBC’s business globally. CIBC Legal has a four part mandate:
Advocacy – Representing the institutional interests of CIBC in commercial negotiations, litigation and regulatory proceedings;
Informing Business Decisions - Providing timely, judgment-based legal advice that facilitates informed, risk-based decision-making by business management;
Governance - Supporting CIBC’s corporate governance, risk management and internal control framework; and
 Efficiency - Assisting business management in optimizing legal costs; and
managing (i) CIBC’s privacy-related risks and supporting the protection of the privacy and confidentiality of all CIBC client and employee information; and (ii) CIBC’s whistleblower function. In coordination with the global Privacy Office, the mandate of the Privacy Counsel/Consultant is to:
 Manage CIBC’s privacy-related risks and supports the protection of the privacy and confidentiality of all CIBC client and employee information.
 Conduct reviews of proposed or new privacy legislation changes where CIBC operates, including risks assessing new regulations and ensuring compliance with the Bank’s Regulatory Compliance Management of privacy regulations.
 Participate in the ongoing review of monitoring and oversight mechanisms to ensure privacy compliance to Confidentiality and Privacy. You will participate in reviewing CIBC’s privacy program and revising processes to build a strong privacy program. You will gather, organize and interpret data/information to formulate appropriate conclusions and prepare communications and reports for senior members of the organization.
 Management and oversight of the whistleblower policy, procedures and, where appropriate, whistleblower complaints.

JOB PURPOSE 

This position functions as Counsel/Consultant for Privacy matters for all CIBC Capital Markets businesses in Europe and the Asia Pacific Region and Data Protection Officer for CIBC Capital Markets business in jurisdictions where such role is required, such as the United Kingdom, Luxembourg and Singapore.

The overall purpose of the job is to act as Data Protection Officer in each European and Asia Pacific jurisdiction. In particular:

Oversee maintain and maintain European and APAC privacy programmes.
Provide leadership and advice to business stakeholders.
Oversee the documenting and maintenance of Records of Processing Activity (ROPA)
Oversee and advise on risk assessments including DPIA, LIA and TIA.
Support the business in achieving business goals in a manner consistent with sound risk management. Liaise with the Privacy Office, Legal and Procurement support negotiation of any agreements relating to the protection of information (both CIBC and client information) and personal data, provide oversight to external counsel (as required), and
Participate as a privacy representative on applicable regional and global governance committees.
Contribute as a regional privacy leader to the committees and working groups of the global Privacy Office.

Key Accountabilities

Privacy and Data Protection Officer responsibilities

Act as Data Protection Officer for CIBC and its’ subsidiaries in Europe and the Asia Pacific Region, including being registered officially as the Data Protection Officer in required jurisdictions in Europe and the Asia Pacific Region such as the United Kingdom, Luxembourg and Singapore. 
 Provide privacy expertise and guidance and be responsible for regional privacy management in Europe and the Asia Pacific Region, including:
informing and advising CIBC and its employees carrying out data processing of their obligations pursuant to applicable data protection regulation in Europe and the Asia Pacific Region, including but not limited to;
fostering a data protection culture among employees;
incident management and maintaining related procedures (including advising on regulatory and data subject notification requirements);
access request management and maintaining related procedures (including monitoring of relevant mailboxes);
working with HR and the business to assess the application and, if required, onboarding of regulatory changes/developments in relation to privacy and protection of information; and
maintaining regional policies and communicating policies to stakeholders;
monitoring compliance with applicable data protection regulation and CIBC policies in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of employees involved in processing operations, and the related audits;
conducting and advising on privacy impact assessments on new initiatives and revised programs involving the region and monitoring performance in accordance with applicable data protection regulation;
providing guidance on privacy requirements for any new business activities and helping to ensure proper implementation of those plans, consistent with legal and regulatory objectives;
advising on privacy related provisions in agreements, including commercial agreements, vendor contracts, and employment contracts;
co-operating with data protection regulators in Europe and Asia Pacific Region and acting as the contact point for such regulators on issues relating to processing, including any consultation processes required by applicable data protection regulation;
maintaining any necessary registrations for CIBC and its subsidiaries with data protection regulators in Europe and the Asia Pacific Region; and
establishing and maintaining a database of all privacy related policies and procedures for compliance with data protection regulations in Europe and Asia Pacific Region including a framework of responsibilities;
Attend all applicable regional and global governance committees and provide updates and any necessary escalations to senior management and the Board of Directors for regional subsidiaries.