Job Title

About CIBC India: CIBC India is a technology and operations hub in Hyderabad, where you’ll be part of our highly engaged and global team, and play a central role in supporting our growth. Whether you’re driving innovation in digital banking or streamlining client onboarding, you’ll be part of a culture recognized for excellence and investment in people. At CIBC India, people and progress are at the center of what we do: you’ll develop skills, collaborate with industry leaders, and see your ideas realized in a culture that values progress and belonging. We provide cutting-edge resources, ongoing learning, and a supportive environment where people come first. If you’re ready to create meaningful change and build your future, CIBC India is where your ambition meets opportunity.STRATEGIC BUSINESS UNIT DESCRIPTION: Risk Management is led by the Senior Executive Vice-President and Chief Risk Officer and is accountable on matters relating to the independent oversight of the management of risks inherent to CIBC’s activities. These risks include but are not limited to ensuring that effective processes are in place for the identification, management, measurement, monitoring and control of operational, reputation and legal, strategic, market, credit, investment, liquidity and regulatory compliance risk, collectively “CIBC Risk”, incurred by CIBC’s retail and wholesale businesses, infrastructure and corporate governance groups. CGRA provides timely and proactive advice and independent oversight of CIBC’s compliance with applicable regulatory requirements. Together with the businesses, CGRA works to manage and mitigate regulatory risk.JOB PURPOSE: Reporting to the Executive Director and Data Protection Officer, this position functions as a Director for Privacy matters for CIBC businesses and employees in India.The overall purpose of the job as Director, Privacy Office is to: Oversee and maintain privacy program for India. Provide leadership and advice to employees and business stakeholders. Oversee the documenting and maintenance of Records of Processing Activity (ROPA), where required. Oversee and advise on risk assessments including PIA, DPIA, LIA and TIA. Support the business in achieving business goals in a manner consistent with sound risk management. Liaise with the Global Privacy Office, Legal and Procurement support negotiation of any agreements relating to the protection of information (both CIBC and client information) and personal data, provide oversight to external counsel (as required). Participate as a privacy representative on applicable regional and global governance committees. Contribute as a regional privacy leader to the committees and working groups of the Global Privacy Office. Support the Executive Director and Data Protection Officer.KEY ACCOUNTABILITIES: Privacy Officer responsibilities: Act as the Privacy Officer for CIBC and its’ subsidiaries in India. Provide privacy expertise and guidance and be responsible for regional privacy management in India including.CROSS-FUNCTIONAL RELATIONSHIPS: Informing and advising CIBC and its employees carrying out data processing of their obligations pursuant to applicable data protection regulation in India, including but not limited to: Fostering a data protection culture among employees. Incident management and maintaining related procedures (including advising on regulatory and data subject notification requirements. Access request management and maintaining related procedures (including monitoring of relevant mailboxes. Working with HR and the business to assess the application and, if required, onboarding of regulatory changes / developments in relation to privacy and protection of information. Maintaining regional policies and communicating policies to stakeholders. Monitoring compliance with applicable data protection regulations and CIBC policies in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of employees involved in processing operations, and the related audits. Conducting and advising on privacy impact assessments on new initiatives and revised programs involving the region and monitoring performance in accordance with applicable data protection regulation. Providing guidance on privacy requirements for any new business activities and helping to ensure proper implementation of those plans, consistent with legal and regulatory objectives. Advising on privacy related provisions in agreements, including commercial agreements, vendor contracts, and employment contract. Co-operating with data protection regulators in India and acting as the contact point for such regulators on issues relating to processing, including any consultation processes required by applicable data protection regulation. Maintaining any necessary registrations for CIBC and its subsidiaries with data protection regulators in India. Establishing and maintaining a database of all privacy related policies and procedures for compliance with data protection regulations in India including a framework of responsibilities. Lead and oversee Regulatory Compliance Management activities. Create, maintain and contribute to quarterly and annual privacy risk management reporting for the region and globally. Accountable for the timely escalation and resolution of privacy regulatory issues and deficiencies and ensure satisfactory resolution. As a member of the Global Privacy Office, contribute to program initiatives to support efficiencies. Attend all applicable regional and global governance committees and provide updates and any necessary escalations to senior management and the Board of Directors for regional subsidiaries. Support the Data Protection Officer on day to day advisory activities and maintenance of the regional privacy program including strategic and tactical privacy activities as required. Work with members of the Global Privacy Office. Frequent contact with business and regional management to identify and discuss business issues and needs and to provide consistent and time-sensitive advice. Regular contact with local counsel throughout the regions to ensure clear advice, manage costs and keep abreast of legal and regulatory reforms regionally.COMPLIANCE REQUIREMENTS / RESPONSIBILITIES: As an employee of CIBC, the incumbent must comply with all applicable CIBC and Line of Business policies, standards, guidelines and controls.AUTHORITIES / DECISION RIGHTS: JOB DIMENSIONS: The role reports to Head of CIBC India, ensuring the compliance with data protection laws and manages privacy risks across the region. This position also has a dotted line reporting relationship to the AVP Global Privacy & Enterprise Conduct & Culture Risk (CIBC Canada).KNOWLEDGE AND SKILLS: As a key contributor to the business unit, this job has the authority to recommend changes to business processes in order to enhance operational efficiency and effectiveness. Advanced knowledge of global privacy regulations, concepts, practices, procedures and principles (typically 10 plus years). Solid technical knowledge of Indian and APAC data protection laws and regulations is required. Strong knowledge of regulatory compliance and deep understanding of general marketplace practices, regulatory environment and client business practices in the financial industry. Knowledge of data protection laws in Asia Pacific region preferred. IAPP credentials such as CIPP / A preferred. Experience communicating regulatory changes and developing and implementing policies, guidelines or procedures to meet regulatory obligations. Experience working within financial services institutions preferred. Problem solving skills sufficient to maximize the solutions available within a given regulatory context. Ability to effectively manage cost constraints and need for cost-effective solutions (e.g., cost control / reduction initiatives such as keeping privacy projects in-house; rigorous use of approved law firms with rebated fees). Advanced communication skills sufficient to effectively deliver the message within an appropriate legal framework, without sacrificing creativity or subtlety. Influential skills sufficient to shape the decision-making process in situations where there may be a natural resistance to the advice. Drive to work on a collaborate basis with the businesses and cross functional groups in order to manage privacy risk and find the right solutions for CIBC’s clients and employees.WORKING CONDITIONS: This role operates within a normal office environment.Privacy: By proceeding with the creation of a profile and submitting an application in response to this job posting, you acknowledge and agree that your personal data will be collected, used, retained and disclosed by CIBC India and its affiliates, as described in the Candidate Privacy Statement