Legal Director, Privacy & Data Protection, Canada

  • Restaurant Brands International
  • Toronto, Ontario, Canada
  • Mar 16, 2023
Full time Lawyer (In House Counsel)

Job Description

About Restaurant Brands International

 

Restaurant Brands International Inc. is one of the world's largest quick service restaurant companies with more than $35 billion in annual system-wide sales and over 28,000 restaurants in more than 100 countries. RBI owns four of the world's most prominent and iconic quick service restaurant brands – TIM HORTONS®, BURGER KING®, POPEYES® and FIREHOUSE SUBS®. These independently operated brands have been serving their respective guests, franchisees and communities for decades. Through its Restaurant Brands for Good framework, RBI working towards its goal of improving sustainable outcomes related to its food, the planet, and people and communities.

 

Our Opportunity For You

 

RBI is one of the world’s largest quick service restaurant companies with over 27,000 restaurants in more than 120 countries. RBI owns three of the world’s most prominent and iconic quick service restaurant brands – Tim Hortons®, Burger King®, Firehouse Subs®, and Popeyes®.

 

80% of Canadians visit a Tim Hortons restaurant at least once per month. We’re the #1 mobile app in food and drink category and #2 largest loyalty program in Canada. Tim Hortons also currently supports more than 300,000 children on teams in hockey, soccer, ringette, lacrosse, softball and baseball leagues in Canada and the United States. Our guests’ experience is becoming increasingly digital, so we’re creating innovative products to deliver better consumer experiences.

 

RBI’s Global Privacy Program continues to mature in response to enhanced regulatory and enforcement risks, increased expectations around data ethics from society and key stakeholders, and innovative and evolving business models. We’re quickly growing the team and need a Legal Director, Privacy & Data Protection in our Toronto office. This role will be reporting to the Global VP, Privacy Officer at RBI. It will be responsible for leading RBI’s Global Privacy Program in Canada, and for driving RBI’s handling of legal and compliance issues related to privacy, security, and data protection matters in the country.

 

The candidate who fills this role will be an instrumental legal advisor and business partner to the cross-functional teams at RBI. The candidate will also have deep experience in collaborating with data protection supervisory authorities and have established relationships with one or more of these authorities in Canada.

 

Join us and help build the next generation of digital experiences for Canada’s most-loved brand!

 

Primary Responsibilities - What You’ll Do

 

  • Lead the development and implementation in Canada of RBI’s Global Privacy & Data Protection Program
  • Design, propose and implement privacy processes, protocols, and controls that are the foundation of a modern and proactive privacy function
  • Be the go-to person for all privacy matters and steer external counsel as needed
  • Oversee the legal and regulatory compliance for privacy, security, and data matters in Canada
  • Serve as the primary expert and resource on these matters for the teams on the ground. Provide legal advice and day-to-day support to legal colleagues and business stakeholders on privacy, security, and data related matters.
  • Document, prioritize, and communicate clear privacy requirements for product initiatives and releases
  • Educate and advise the business team on new data, privacy, and ethical uses, and provide strategies to address privacy and data governance considerations
  • Evaluate the impact of privacy laws, regulatory guidance, and enforcement actions
  • Lead responses to regulatory inquiries and investigations, incident/breach response, and intensified data subject requests
  • Draft, negotiate, structure, and advise on a variety of complex, multifaceted agreements involving partnerships, technology transactions, and data protection-related legal issues
  • Ensure our commercial relationships comply with applicable law and our internal privacy, security, and compliance policies
  • Provide strategic legal and business advice to facilitate and develop long-term relationships with clients and partners

 

What You’ll Bring

 

  • LL.B, JD or an equivalent and a member in good standing with a provincial or territorial law society
  • 10+ years of post-Bar admission experience, preferably a combination of law firm and in-house experience (experience advising tech and/or hospitality companies is preferred)
  • At least 10 years of relevant privacy, data protection, and compliance experience
  • Sophisticated, in-depth knowledge of global data privacy laws, including data privacy laws in Canada, the Canadian provinces, the U.S., and the EU.
  • Experience implementing privacy management programs
  • Broad understanding of changing priorities, trends, legislative and regulatory requirements and/or other internal and external emerging issues and their potential impacts on goals, priorities and activities within a privacy program and across the organization
  • Experience with incidents and data breaches
  • Experience with regulatory investigations
  • Strong background in technology transactions, commercial law, privacy, data protection
  • Skilled negotiator with deep transactional expertise
  • Experience working closely with clients and successfully managing client relationships
  • Demonstrated ability to issue spot and “connect the dots” across business units on data privacy, security, and compliance matters, and escalate accordingly

 

Skills

 

  • Comfortable working with a legal and business mindset simultaneously
  • Outstanding analytical and negotiation skills, with strong attention to detail
  • Sound business and legal judgement
  • Able to make smart decisions and balance risk, often in ambiguous situations and with imperfect information
  • Willing and eager to dive into new areas of law and unfamiliar issues
  • Solid project management skills
  • Able to manage own schedule, work efficiently, prioritize workflow, meet demanding deadlines, and manage multi-faceted projects in a fast-paced environment
  • Ability to understand key business issues while managing the day-to-day execution of key privacy program activities and supporting projects
  • Able to operate autonomously while contributing successfully to cross-functional teams
  • Excellent communication skills, with an ability to gain support and reach consensus from multiple stakeholders
  • Strong sense of ownership

 

Nice-to-haves

 

  • French/English bilingual capabilities
  • Privacy or cybersecurity credentials (CIPP/E, CIPP/US, ISACA…)
  • Business and work experience outside the legal context, including internationally

 

Restaurant Brands International and all of its affiliated companies (collectively, RBI) are equal opportunity and affirmative action employers that do not discriminate on the basis of race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or veteran status, or any other characteristic protected by local, state, provincial or federal laws, rules, or regulations. RBI's policy applies to all terms and conditions of employment. Accommodation is available for applicants with disabilities upon request.

 

50216753