Senior Privacy Advisor

Reporting to the Director, Privacy Program, our General Counsel & Corporate Secretary’s Office is looking for a Senior Privacy Advisor who with direction from the Director, Privacy Program, provides daily support to Metrolinx’s privacy program through advice, technical expertise, guidance and training, to corporate programs and activities that protect privacy, including interpreting and developing the privacy program, its goals and practices related to, and in compliance with government legislation, regulatory requirements, and industry best practices.

The Senior Advisor will support initiatives in an agile capacity while applying privacy best practices and embedding privacy by design throughout the project lifecycle.

W hat will I be doing?

• Promote interpretation, and compliance with legislative requirements of the Freedom of Information and Protection of Privacy Act (FIPPA), and guidance from Ontario’s Information and Privacy Commissioner
• Promote the development of privacy best practices above and beyond FIPPA and related legislative requirements, including requirements of the private-sector Personal Information Protection and Electronic Documents Act (PIPEDA), guidance from the Federal Office of the Privacy Commissioner of Canada, and industry best practices
• Maintain current knowledge of the application of privacy legislation and regulations and industry changes, and anticipate the impact on privacy issues to organizational / corporate practices
• As privacy subject matter expert, provides support to Metrolinx departments and project team members to ensure compliance with Metrolinx privacy policies, legislative and contractual obligations, and support standard and methodologies and implementation of best practices on an on-going basis
• Model Metrolinx’s values and core competences, especially in dealings with external partners, and in the handling of personal and confidential information
• Under the leadership of the Director, Privacy Program, supports the privacy program governance framework including development and tracking of privacy Goals and the Privacy Steering Committee
• Implement strategic privacy projects, including policies, best practices, and risk mitigation strategies across our departments
• Monitor and conduct privacy research activities to identify and assess jurisdictional / private sector and industry best practices, risks and impacts related to program delivery, to inform and enhance the effectiveness of Metrolinx’s privacy policy, legal commitments, and program delivery
• Identify contentious issues, monitors changes to best practices and legal requirements, briefs staff and senior management, and implements revisions / mitigation strategies
• Identify and assess privacy risks and provide advisory and consultative support to risk owners to develop appropriate mitigation plans.

Conduct post-implementation analysis and reviews to ensure recommendations have been implemented

• Investigate privacy incidents to identify privacy breaches and support response plans through all phases of the incident response process, including privacy analysis, root cause analysis, development of mitigation strategies, and reviewing associated communications and reporting
• Lead investigations and responds to privacy inquiries, privacy complaints and breach incidents, and acts as the primary contact for Ontario’s Information and Privacy Commissioner;

logs follow-up activities and resolutions, and provides advice to staff and senior management

• Review, proposes, and coordinates appropriate action plans to address findings of privacy audits and monitoring, in collaboration with Internal Audit and departments
• Ensure assigned risks are added to the ERM and monitor to ensure compliance with risk mitigation plans and associated timelines
• Help plan privacy steering committee meetings and facilitate and maintain a network of essential privacy contacts throughout the organization

What skills & qualifications do I need?

• Completion of a degree in Business Administration, Information Management, Information Technology, Public Policy, or related field or a combination of education, training and experience deemed equivalent
• Demonstrated experience providing technical advice and guidance relating to information access and privacy with some public sector experience
• Knowledge of and ability to interpret and apply legislation and government regulations guiding privacy protection and access to information ( Freedom of Information and Protection of Privacy Act (FIPPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s Anti-Spam Legislation (CASL)
• Experience conducting privacy impact assessments for new programs, information systems, or services
• Experience preparing a range of written materials, documentation, reports, briefing notes, training materials; brief senior management and staff on a range of privacy issues / matters;

provide information / documentation to the IPC

• Strong interpersonal skills, with a sense of political acuity and the ability to present complex facts, information and explanations to different audiences including, matters brought before Ontario’s Information and Privacy Commissioner and senior management
• Collaboration and relationship management skills to : demonstrate aptitude for building trusted relationships and a reputation for sound judgement and pragmatism with internal clients and partners.
• Ability to work effectively and in partnership with colleagues, diverse teams (including legal counsel and information technology, internal audit, and risk professionals) and partners to build consensus and influence decisions;

foster a culture of information privacy awareness

Knowledge of data digitization, data mining, information flow and security concepts, to review and advise on the agreement of our technology / information management / security projects / plans to privacy practices and legislative compliance requirements

Closing Date : 03 / 17 / 2024, 09 : 59 PM(ET)