Senior Privacy Impact Assessment Specialist

• Required to lead or support the development of a privacy impact assessment that evaluates whether new technologies, information systems, or proposed programs or policies meet legal and policy privacy requirements, determine and mitigate risks, and address clients' concerns.
• These requirements include ensuring that the program complies with provincial, municipal, federal and private sector access and privacy legislation, as well as relevant regulations, statutes, OPS policies, Directives, standards, guidelines and internationally accepted Fair Information Practices.

General Skills:

• Excellent knowledge of privacy and security concepts, trends, and issues.
• This will include an understanding of their impact on business processes, as well as skill with interpretation and communication of principles and compliance requirements.
• Experience in conducting Privacy Impact Assessments in public sector context.
• Knowledge of, and experience with privacy enhancing best practices.
• Knowledge and ability to interpret and apply Ontario's Freedom of Information and Protection of Privacy Act (FIPPA) and its municipal equivalent Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Personal Candidatealth Information Protection Act (PHIPA), their respective regulations and related jurisprudence.
• Familiarity with federal Personal Information Protection and Electronic Documents Act (PIPEDA) and US PATRIOT Act.
• Good understanding of related disciplines such as IT security, IT system design, policy development (privacy or security), business architecture, legal processes, Freedom of Information administration, business analysis, risk management, project management.

Operational Program and Business XXgn Skills:

• Ability to lead, manage or support the development of a PIA either independently or as part of a team by directing and gathering input from specific individuals within the organization.
• Knowledge and ability to create and understand data flow diagrams and business process diagrams.
• Ability to recognize the need for, and seek input from external experts as required.
• Excellent communication skills with technical and business audiences and non-access and privacy experts.

Technology and Systems Knowledge:

• Analytical skills to understand the current and future access and privacy implications of policies, decisions and business initiatives.
• Knowledge of Information Technology concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture and data flows.

Information and Record Keeping Knowledge:

• Experience in developing risk assessment tools, methodologies, policies and procedures to effectively manage personal information.
• Knowledge of policies, directives, standards, business rules, procedures and guidelines relating to records management including classification, retention and disposition of information.

XXrable Skills:

• Professional certification from a related discipline such as IT security, architecture.
• Experience providing education and training related to privacy.

Experience and Skill Set Requirements:

• 40% Privacy Assessment Experience, Policy and Legislative Requirements
• Experienced in privacy legislation including FIPPA, PHIPA, PIPEDA.
• Experienced in conducting privacy assessments involving personal information, citing examples in resume.
• Lead and conducted assessments involving personal health information involving third party solutions (e.g., private sector or non-profit application solutions) and/or service integration providers.
• Experienced working with policy development teams; reviewing and comparing policies and legislation to make informed recommendations to ensure adequate privacy protections and considerations are addressed within policy/legislation.

30% Technical Understanding:

• Experience with privacy risks and conducting PIAs associated with integration between legacy systems, web applications, mobile and cloud-based solutions to obtain, retrieve and synchronize information.
• Experience with privacy risks and conducting PIAs involving mobile app solutions and the unique security and privacy challenges associated with such platforms.
• DemonstXXd experience and familiarity with strong security, encryption and privacy protection approaches to digital solutions, including mobile; web-based and backend integrations via API or similar approaches.
• Familiar with Digital Wallet technologies (native within OS or third party), including the security and privacy considerations, limitations and best practices for local data protection on mobile devices.
• Familiar with cloud-based digital wallet technologies, including the security and privacy considerations, limitations and best practices for data protection.
• Experience, knowledge and understanding of privacy protection standards and best practices, business, information and security architecture principles and emerging technology related to the protection of privacy and personal information.

20% Leadership and Communications:

• Demonstrated strong communication and engagement skills with ability to lead teams in discovery sessions to elicit details of technical solutions, business processes and/or policies; strong writing skills to document findings, recommendations, etc.
• Demonstrated ability to interpret both technical (e.g., architecture design documents, process flows, state transition diagrams, etc.) and non-technical documentation to conduct assessment of impacts and to develop mitigation strategies.
• Strong organizational and time management skills to manage multiple and concurrent requests in an agile and highly dynamic work environment.
• Strong presentation abilities to communicate findings, recommendations, etc. to senior management and executives to inform decision making; able to communicate complex problems/issues in simple terms.

5% Digital Identity Frameworks and Standards:

• Experience in developing, applying and/or evaluating digital identity trust frameworks such as the PCTF, eIDAS, or similar.
• Experience with Digital Identity standards such as NIST, FIDO, OpenID Connect, SAML.