Northleaf Capital Partners is offering the opportunity to join a leading and growing private markets manager. You will be a key member of the Technology, Data and Digital Transformation (TDT) team at Northleaf. The mandate of the TDT team is to enable efficiency, scale, and innovation for our business to deliver exceptional services to our investors and better inform decisions throughout the investment lifecycle.
TDT is a growing team with a high-performance and supportive culture. As the firm continues to grow, there is ample room for professional growth in the team. The successful candidate will gain direct insight into the workings of a global private markets investment firm.
The successful candidate will possess 10+ years of experience including 5-7 years of relevant experience in information privacy and security, ideally in a financial or professional services firm, demonstrating strong analysis, technical, and communications skills. This role will be responsible for a range of activities including:
Privacy Program Development and Refinement
- Design and implement a comprehensive privacy governance framework aligned with regulations (e.g., GDPR, PIPEDA, APPs, GLBA) to manage personal/sensitive data ethically and lawfully.
- Develop policies, procedures, and controls for data collection, storage, processing, and breach response, ensuring alignment with organizational goals and legal requirements.
- Conduct privacy and confidentiality impact review/assessments to identify risks and establish mitigation strategies, collaborating with business units and corporate risk oversight team.
Operational Oversight and Incident Management
- Define and manage information access hierarchy leveraging tools and AI capabilities to ensure a secure environment.
- Monitor data flows and implement systems (e.g., data mapping tools, consent management platforms) to ensure secure handling of sensitive information.
- Working with solution vendors, lead the implementation privacy and cybersecurity tools, processes, to protect data and infrastructure assets.
- Lead incident response efforts for data or cyber breaches, including coordination with external and internal stakeholders in investigations, forensic analysis, and post-incident reporting to minimize operational and reputational damage.
- Conduct in conjunction with vendors, vulnerability assessments, penetration tests, and audits to identify and mitigate risks across networks, systems, and applications.
Collaboration and Continuous Improvement
- Foster awareness and skill development in data protection best practices, threat detection, analysis, and response.
- Train and collaborate with cross-functional teams to integrate security controls into corporate projects and foster a culture of accountability for privacy.
- Advise executive leadership on privacy risks, regulatory changes, emerging threats, and strategic investments in cybersecurity infrastructure.
- Ensure adherence to global regulations (e.g., GDPR, CCPA) and industry standards through proactive monitoring and documentation.
- Evaluate and recommend new security technologies to enhance detection accuracy and operational efficiency.
- Develop and enforce security policies, baselines, and incident response plans aligned with frameworks such as NIST.
- Refine policies, plans, and lead security awareness training programs to promote a culture of accountability across departments.
Education & Certifications
- Bachelor’s degree in Cybersecurity, Information Technology, Law, or related field; master’s degree/MBA an asset.
- Certifications such as CISSP/CISM CIPP/CIPM, CISM, CISA, or CEH.
Qualifications
- 5+ years in privacy management, cybersecurity, or governance roles, with proven success in building programs from scratch.
- At least 3 years in threat intelligence, incident response, or SOC environments.
- Experience in policy development, vendor management, and audit compliance, including methods for segregating information access and managing of different access levels.
- Familiarity and experience in working with and/or applying privacy laws (GDPR, CCPA, PIPEDA), security frameworks (NIST, ISO), attack methodologies (APT, DDoS, malware analysis), network protocols, and cloud security architectures.
- Hands-on experience with privacy-enhancing technologies and cyber security solutions (e.g., encryption, anonymization tools) and risk assessment methodologies.
- Proficiency in data governance frameworks, incident response planning, and security controls (e.g., access management, encryption).
- Practical hands-on experience with privacy tools and security tooling such as Microsoft Defender, Purview, Azure AD, Darktrace, KnowBe4, and Field Effect.
- Strong analytical and quantitative skills
- Excellent verbal and written communication skills with the ability to articulate and present points of view and ideas effectively.
- Strong work ethics with high level of professional integrity and ability to engender trust.
- Ability to dissect complex threats and prioritize actions under pressure, balancing compliance, security needs, and business objectives.
- Skilled at building consensus and trust across business units and influencing stakeholders without direct authority.
Location Toronto, Canada.
Contact Interested candidates are asked to apply on Northleaf Careers. Only those selected to be interviewed will be contacted.
Northleaf Capital Partners is committed to providing an inclusive and accessible candidate experience. Should you require accommodations during the selection process, please do not hesitate to let us know and suitable arrangements will be made.
About Northleaf Capital Partners
Northleaf is a global private markets investment firm focused on mid-market companies and assets. With more than US$28 billion in capital commitments raised to date, Northleaf has an established, long-term track record as an investor in private equity, private credit and infrastructure globally.
Northleaf’s 275-person team, located in Toronto, Chicago, London, Los Angeles, Melbourne, Menlo Park, Montreal, New York, Seoul and Tokyo, is focused exclusively on sourcing, evaluating and managing private markets investments. Northleaf manages closed and open-ended funds across a range of global private markets strategies and a series of separately managed accounts with customized investment strategies tailored to meet the specific needs of leading institutional investors and family offices. As part of its ambitious growth strategy, Northleaf is also developing specific private markets products and investment solutions for insurance and wealth management clients.
