Program specialist Jobs in Calgary, AB

About Fasken

As a premier law firm with over 900 lawyers worldwide, Fasken is where excellence meets expertise. We are dedicated to shaping the future our clients want, precisely when it matters most. For more information, visit.

Role Summary

Fasken’s Information Security Office is seeking a senior, hands-on Privacy Program Lead to operationalize and mature the firm’s global privacy program. This role is responsible for executing privacy impact assessments, transfer risk assessments, and data protection reviews, translating regulatory and client privacy requirements into practical, enforceable controls across multiple jurisdictions including Canada, the United Kingdom, European Union and South Africa. They will partner closely with Legal, Security, IT and business stakeholders to ensure compliance, and efficient data handling practices. This role also supports responsible AI adoption by assessing privacy risks associated with AI systems and ensuring alignment with firm AI governance standard and regulatory expectations.

Reporting into the Information Security Governance function and working in close collaboration with the Chief Privacy Officer, this role serves as the firm’s operational privacy subject matter expert and primary driver of privacy program development and execution.

What You’ll Deliver in the First 12 Months

• Conduct Privacy Impact Assessments (PIAs/DPIAs) and Transfer Risk Assessments (TRAs) for priority initiatives and vendor engagements with documented remediation tracking.
• Establish standardized privacy assessment methodologies aligned to PIPEDA, GDPR, POPIA and client contractual requirements
• Build and maintain Records of Processing Activities (RoPA) for high risk processing activities.
• Establish privacy review and risk assessment processes for AI and GenAI use cases, including data usage validation, model input/output safeguards and documentation standards.
• Reduce privacy review turnaround times though structured workflows and intake processes.
• Develop measurable privacy KPIs and reporting dashboards for leadership.
• Support client due diligence and outside counsel guidelines with clear, defensible privacy documentation.
• Strengthen cross functional collaboration between Legal, Security, IT and business teams to promote Privacy by Design adoption.

Key Responsibilities

Privacy Program Execution

• Lead operational delivery of the firm’s privacy program under the direction of the Chief Privacy Officer.
• Conduct DPIAs, PIAs, TRAs and privacy risk reviews for new technologies, vendors and business initiatives.
• Identity privacy risks and coordinate remediation with responsible teams.
• Maintain privacy risk registers and issue tracking.
• Develop and deliver firmwide Privacy Training.

Regulatory and Framework Alignment

• Translate regulatory obligations (including PIPEDA, GDPR, POPIA and applicable provincial and state laws) into actionable controls and guidance.
• Map privacy controls of ISO 27001, client audit expectations, and internal governance requirements.
• Monitor emerging regulatory developments and recommend program enhancements.

AI and Emerging Technology Privacy Oversight

• Conduct privacy risk assessments for AI and generative AI solutions.
• Evaluate data usage, training inputs, retention and output handling for privacy compliance.
• Partner with technology and governance teams to ensure AI systems align with privacy, confidentiality and client obligations.
• Support development of privacy guardrails and review standards for AI deployments.

Data Lifecycle Governance

• Support data classification, retention, minimization, and lawful use practices across systems and processes.
• Partner with IT and Security teams to validate that technical controls align with privacy requirements.
• Advise on cross border data transfers and third-party processing risk.

Vendor & Third-Party Privacy Reviews

• Conduct privacy risk assessments for third parties handling personal or confidential data.
• Evaluate contractual safeguards, transfer mechanisms, and processing obligations.
• Provide recommendations to Procurement, Legal, and Security teams.

Incident Response Support

• Participate as privacy SME in investigations involving potential personal data exposure.
• Assess regulatory and contractual notification obligations.
• Support post incident lessons learned and control improvements.

Stakeholder Enablement

• Provide practical privacy guidance to business leaders, attorneys, and operational teams.
• Deliver targeted awareness sessions promoting privacy-by-design practices.
• Support RFP responses, client questionnaires, and audit requests.

Metrics & Reporting

• Define and track program KPIs/KRIs such as: assessment turnaround time remediation closure rates risk severity trends third-party privacy posture
• Provide executive-level reporting and actionable insights.

Qualifications

Must-Have

• 7–10+ years professional experience in privacy, risk, compliance, or information governance.
• Strong working knowledge of privacy laws and frameworks (PIPEDA, GDPR, POPIA, and international transfer requirements).
• Demonstrated experience conducting privacy impact and risk assessments.
• Ability to translate legal and regulatory requirements into operational controls.
• Experience working cross functionally with Legal, Security, IT, and business stakeholders.
• Excellent written and verbal communication skills suitable for regulators, clients, and senior leadership.

Nice to Have

• Experience supporting multi-jurisdictional privacy programs.
• Background in professional services, legal, financial, or other regulated industries.
• Familiarity with ISO 27001, ISO 42001 or comparable governance frameworks.
• Experience supporting client audits or regulatory inquiries.
• Relevant certifications such as: CIPP/C, CIPP/E, CIPM CDPSE ISO 27001/42001 Lead Implementer/Auditor

Working Model

• Highly collaborative role with regular interaction across Legal, Security, IT, Procurement, and practice leadership.
• Direct visibility to senior leadership and measurable impact on client trust, regulatory readiness, and risk posture.
• Opportunity to shape privacy by design practices as new technologies and AI capabilities are adopted across the firm

Pay Range

$95,000 to $124,000 per annum. Pay range to be commensurate with experience.

Vacancy

This role is being posted to fill a current vacancy.