Privacy Program Lead
Job in
Vancouver, BC, Canada
Listing for:
fasken
Full Time
position
Listed on 2026-06-14
Job specializations:
-
IT/Tech
Data Security, Information Security, Cybersecurity
Job Description & How to Apply Below
About Fasken
As a premier law firm with over 900 lawyers worldwide, Fasken is where excellence meets expertise. We are dedicated to shaping the future our clients want, precisely when it matters most. For more information, visit.
Role Summary
Fasken’s Information Security Office is seeking a senior, hands-on Privacy Program Lead to operationalize and mature the firm’s global privacy program. This role is responsible for executing privacy impact assessments, transfer risk assessments, and data protection reviews, translating regulatory and client privacy requirements into practical, enforceable controls across multiple jurisdictions including Canada, the United Kingdom, European Union and South Africa. They will partner closely with Legal, Security, IT and business stakeholders to ensure compliance, and efficient data handling practices.
This role also supports responsible AI adoption by assessing privacy risks associated with AI systems and ensuring alignment with firm AI governance standard and regulatory expectations.
Reporting into the Information Security Governance function and working in close collaboration with the Chief Privacy Officer, this role serves as the firm’s operational privacy subject matter expert and primary driver of privacy program development and execution.
What You’ll Deliver in the First 12 Months
Conduct Privacy Impact Assessments (PIAs/DPIAs) and Transfer Risk Assessments (TRAs) for priority initiatives and vendor engagements with documented remediation tracking.Establish standardized privacy assessment methodologies aligned to PIPEDA, GDPR, POPIA and client contractual requirementsBuild and maintain Records of Processing Activities (RoPA) for high risk processing activities.Establish privacy review and risk assessment processes for AI and GenAI use cases, including data usage validation, model input/output safeguards and documentation standards.Reduce privacy review turnaround times though structured workflows and intake processes.Develop measurable privacy KPIs and reporting dashboards for leadership.Support client due diligence and outside counsel guidelines with clear, defensible privacy documentation.Strengthen cross functional collaboration between Legal, Security, IT and business teams to promote Privacy by Design adoption.Key Responsibilities
Privacy Program Execution
Lead operational delivery of the firm’s privacy program under the direction of the Chief Privacy Officer.Conduct DPIAs, PIAs, TRAs and privacy risk reviews for new technologies, vendors and business initiatives.Identity privacy risks and coordinate remediation with responsible teams.Maintain privacy risk registers and issue tracking.Develop and deliver firmwide Privacy Training.Regulatory and Framework Alignment
Translate regulatory obligations (including PIPEDA, GDPR, POPIA and applicable provincial and state laws) into actionable controls and guidance.Map privacy controls of ISO 27001, client audit expectations, and internal governance requirements.Monitor emerging regulatory developments and recommend program enhancements.AI and Emerging Technology Privacy Oversight
Conduct privacy risk assessments for AI and generative AI solutions.Evaluate data usage, training inputs, retention and output handling for privacy compliance.Partner with technology and governance teams to ensure AI systems align with privacy, confidentiality and client obligations.Support development of privacy guardrails and review standards for AI deployments.Data Lifecycle Governance
Support data classification, retention, minimization, and lawful use practices across systems and processes.Partner with IT and Security teams to validate that technical controls align with privacy requirements.Advise on cross border data transfers and third-party processing risk.Vendor & Third-Party Privacy Reviews
Conduct privacy risk assessments for third parties handling personal or confidential data.Evaluate contractual safeguards, transfer mechanisms, and processing obligations.Provide recommendations to Procurement, Legal, and Security teams.Incident Response Support
Participate as privacy SME in investigations involving potential personal data exposure.Assess regulatory and contractual notification obligations.Support post incident lessons learned and control improvements.Stakeholder Enablement
Provide practical privacy guidance to business leaders, attorneys, and operational teams.Deliver targeted awareness sessions promoting privacy-by-design practices.Support RFP responses, client questionnaires, and audit requests.Metrics & Reporting
Define and track program KPIs/KRIs such as: assessment turnaround time remediation closure rates risk severity trends third-party privacy postureProvide executive-level reporting and actionable insights.Qualifications
Must-Have
7–10+ years professional experience in privacy, risk, compliance, or information governance.Strong working knowledge of privacy laws and frameworks (PIPEDA, GDPR, POPIA, and international transfer…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
