You're using an older version of Internet Explorer that is no longer supported. Please update your browser.
Make A Future

Manager of Risk, Internal Audit and Privacy Compliance

Kamloops, BC
Full Time
A month ago

The Manager of Risk, Internal Audit and Privacy Compliance is responsible to the Secretary-Treasurer for the Stewardship of the Risk, Internal Audit and Privacy Compliance related issues and directly to the Board of Education for specific Internal Audit projects.


Nature and Scope:


The Manager of Risk Management, Internal Audit and Privacy Compliance is responsible for overseeing the District’s risk management, internal audit, and privacy compliance programs.  The role provides independent, objective assurance and consulting internal audit services designed to add value and improve the organization’s operations.  It is positioned to help the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal control and privacy compliance processes.

In addition, the position is responsible for facilitating the implementation of a risk management framework for the organization.  The position works with Senior Management and key stakeholders to implement the risk management program designed to identify, measure, mitigate, monitor, and report the key risks that may impact the organization’s ability to achieve its strategic objectives.

Typical Responsibilities – Risk Management:

  • Development and maintenance of the Enterprise Risk Management framework and risk register for the District
  • Advisor to all SD73 departments and schools on risk related issues, including:
    • Recommending and implementing mitigation strategies, preventative measures to minimize costs and lower the District’s risk and liability tolerance
    • Assisting departments in development of policies and processes related to enterprise risk
    • Development of Memorandums of Understanding (MOU) or Facility Use Agreements and risk forms with all departments and review waivers from outside organizations.
    • Presentations on SPP and Risk Management to various SD73 departments and school departments
    • Review SPP daily incident reports for any high-risk incidents that could lead to claims against the District.
    • Review insurance and indemnity language in contracts

Typical Responsibilities – Internal Audit:

  • Performance of audit activities in alignment with modern internal audit practices 
  • Establish appropriate internal auditing safeguards given the additional risk management facilitation responsibilities.
  • Assess whether adequate controls and practices are in place to safeguard the organizations assets and if the controls are lacking, develop the appropriate practices.
  • Evaluate whether adequate risk mitigation plans are in place for the organization’s key risks.
  • Provide advisory guidance in relation to the organization’s policies, procedures, governance, and internal control systems to contribute to the improvement of operations.

Typical Responsibilities – Freedom of Information (FOI):

  • Under the direction of the Associate Superintendent of Human Resources, manage SD73’s FOI requests, including receiving requests, collection and redaction of records, dealing with FOI applicants via mail, email and phone, consulting with legal counsel on requests and representing SD73 in the event of an OIPC investigation.
  • Creation of all privacy policies and procedures, establishment and ongoing assessment and revision of FOI program controls and ensuring compliance with up-to-date legislation and regulations
  • Design and implement employee workshops and presentations around FOI and Privacy and demonstrate leadership within SD73 in creating and maintaining the desired culture of privacy

Typical Responsibilities – Privacy:

  • Act as the District Privacy Manager, implementing a District wide privacy management program.
  • Manage privacy breaches when they occur and determine what action is required and     what changes to internal process are needed to prevent the breach from occurring again
  • Development of Privacy Breach Policy and Guidelines and Coordinate Privacy Breach presentations
  • Advise and manage Privacy Impact Assessments (PIA’S) for new projects within the District as well as maintain and update existing PIA’s.

Typical Responsibilities – Legal and Insurance:

  • Work with the Secretary-Treasurer and Associate Superintendent of Human Resources to manage and coordinate with outside legal and human resource issues for the District.
  • Manage civil claims against the SD73, including liaising with claimants and assisting legal and adjusters with litigation brought against the SD73.
  • Manage miscellaneous legal issues when SD73 staff are subpoenaed to court, including liaising with staff and external legal counsel.
  • Work with the Secretary-Treasurer in the placement of all property and liability insurance for the District (education center, optional property, fleet, garage policy, student accident, athletics association)
  • Review contract and tender documents, providing advice to various SD73 departments on insurance provision and indemnity wordings and coordination of certificates of insurance for school trips and school rentals
  • Manage the settlement of all SD73 property claims under and over $10,000 with schools, business units and SPP, this also includes individual staff property and vehicle claims.
  • Oversee process improvements in the areas of insurance, claims and risk management at the school and district level.


Qualifications, Abilities, Knowledge and Skills:

  • Professional Accounting Designation, CPA in good standing.
  • Possession of or working towards a Certified Internal Auditor, CIA, credential Possession of or working towards a Certified Risk Management Professional (RIMS-CRMP) credential.
  • Possession of or working towards a Certified Information Privacy Professional (CIPP)credential.
  • Risk management experience, including knowledge of risk management governance and controls.
  • Expert knowledge of audit procedures as well as evaluating, analyzing and testing internal control systems.
  • Demonstrate understanding and application of Canadian information privacy laws, principles and practices.
  • Demonstrate a proven ability to independently manage numerous projects simultaneously at various stages of development.
  • Outstanding written and oral communication skills and the ability to communicate at all levels of the organization.


Please apply at by May 7th, 2021.