RQ11155 - Privacy Impact Assessment (PIA) Specialist - Senior

About The Position

Requirements

• Excellent knowledge of privacy and security concepts, trends, and issues, including their impact on business processes.
• Skill in interpretation and communication of privacy principles and compliance requirements.
• Knowledge of and experience in researching and applying relevant information privacy laws, regulations, and jurisprudence, particularly as it relates to the Information and Privacy Commissioner of Ontario.
• Experience in conducting Privacy Impact Assessments in a public sector context.
• Knowledge of and experience with privacy enhancing best practices.
• Knowledge and ability to interpret and apply Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) and its municipal equivalent the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Personal Health Information Protection Act (PHIPA), their respective regulations, and related jurisprudence.
• Familiarity with federal Personal Information Protection and Electronic Documents Act (PIPEDA) and US PATRIOT Act.
• Familiarity with OPS Privacy Impact Assessment Process and Tools released by the Ontario Ministry of Government Services.
• Good understanding of related disciplines, such as IT security, IT system design, policy development (privacy or security), business architecture, legal processes, Freedom of Information administration, business analysis, risk management, and project management.
• Ability to lead, manage, or support the development of a PIA either independently or as part of a team.
• Knowledge and ability to create and understand data flow diagrams and business process diagrams.
• Ability to recognize the need for, and seek input from external experts as required.
• Excellent communication skills with technical and business audiences and non-access and privacy experts.
• Analytical skills to understand the current and future access and privacy implications of policies, decisions, and business initiatives.
• Knowledge of Information Technology concepts and processes that impact the protection of personal information, including Internet tools, system interfaces, information security, information architecture, and data flows.
• Experience in developing risk assessment tools, methodologies, policies, and procedures to effectively manage personal information.
• Knowledge of policies, directives, standards, business rules, procedures, and guidelines relating to records management including classification, retention, and disposition of information.
• Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards.
• Experienced in privacy legislation including Freedom of Information and Protection of Privacy Act (FIPPA), Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA).
• Experienced in conducting privacy assessments involving personal information, citing examples in resume.
• Experienced in leading and conducting privacy assessments involving online and/or digital solutions.
• Lead and conducted assessments involving personal health information involving third party solutions (e.g., private sector or non-profit application solutions) and/or service integration providers.
• Experienced working with policy development teams; reviewing and comparing policies and legislation to make informed recommendations to ensure adequate privacy protections and considerations are addressed within policy/legislation.
• Experience with privacy risks and conducting PIAs and the unique security and privacy challenges associated with various platforms.
• Demonstrated experience and familiarity with strong security, encryption and privacy protection approaches to digital solutions, including web based and backend integrations via API or similar approaches.
• Experience with privacy risks and conducting PIAs associated with integration between legacy systems, web applications, digital and cloud-based solutions to obtain, retrieve and synchronize information.
• Familiar with cloud-based technologies including the security and privacy considerations, limitations, and best practices for data protection.
• Experience, knowledge and understanding of privacy protection standards and best practices, business, information and security architecture principles and emerging technology related to the protection of privacy and personal information.
• Demonstrated strong communication and engagement skills with ability to lead teams in discovery sessions to elicit details of technical solutions, business processes and/or policies.
• Strong writing skills to document findings, recommendations, etc.
• Demonstrated ability to interpret both technical (e.g., architecture design documents, process flows, state transition diagrams, etc.) and non-technical documentation to conduct assessment of impacts and to develop mitigation strategies.
• Strong organizational and time management skills to manage multiple and concurrent requests in an agile and highly dynamic work environment setting.
• Strong presentation abilities to communicate findings, recommendations, etc. to senior management and executives to inform decision making.
• Able to communicate complex problems/issues in simple terms.
• Experience in developing, applying and/or evaluating digital identity trust frameworks.
• Prior experience with leading and conducting multiple PIAs in OPS setting/environment, including demonstrated knowledge and experience with OPS processes, existing templates and expectations to obtain approvals/sign off.

Nice To Haves

• Professional certification from a related discipline such as IT security, architecture.
• Experience providing education and training related to privacy.
• Knowledge of, and experience with the policies and procedures of the Ontario government (e.g., business case development, project approvals and policy development).
• OPS or Public Sector exp.

Responsibilities

• Lead or support the development of a privacy impact assessment that evaluates whether new technologies, information systems, or proposed programs or policies meet legal and policy privacy requirements.
• Determine and mitigate risks associated with new technologies, systems, programs, or policies.
• Address clients’ concerns regarding privacy.
• Ensure compliance with provincial, municipal, federal, and private sector access and privacy legislation.
• Ensure compliance with relevant regulations, statutes, OPS policies, Directives, standards, guidelines, and internationally accepted Fair Information Practices.
• Research and apply relevant information privacy laws, regulations, and jurisprudence.
• Conduct Privacy Impact Assessments in a public sector context.
• Apply privacy enhancing best practices.
• Interpret and apply Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) and its municipal equivalent the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Personal Health Information Protection Act (PHIPA), their respective regulations, and related jurisprudence.
• Familiarize with federal Personal Information Protection and Electronic Documents Act (PIPEDA) and US PATRIOT Act.
• Understand and apply the OPS Privacy Impact Assessment Process and Tools released by the Ontario Ministry of Government Services.
• Understand related disciplines such as IT security, IT system design, policy development, business architecture, legal processes, Freedom of Information administration, business analysis, risk management, and project management.
• Lead, manage, or support the development of a PIA independently or as part of a team by directing and gathering input from specific individuals within the organization.
• Create and understand data flow diagrams and business process diagrams.
• Recognize the need for, and seek input from external experts as required.
• Communicate effectively with technical and business audiences, and non-access and privacy experts.
• Analyze current and future access and privacy implications of policies, decisions, and business initiatives.
• Understand Information Technology concepts and processes that impact the protection of personal information, including Internet tools, system interfaces, information security, information architecture, and data flows.
• Develop risk assessment tools, methodologies, policies, and procedures to effectively manage personal information.
• Understand policies, directives, standards, business rules, procedures, and guidelines relating to records management, including classification, retention, and disposition of information.
• Understand Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards.
• Provide education and training related to privacy.
• Understand and apply the policies and procedures of the Ontario government (e.g., business case development, project approvals, and policy development).
• Conduct privacy assessments involving personal information, citing examples.
• Lead and conduct privacy assessments involving online and/or digital solutions.
• Lead and conduct assessments involving personal health information with third-party solutions and/or service integration providers.
• Work with policy development teams, reviewing and comparing policies and legislation to make informed recommendations.
• Assess privacy risks and conduct PIAs, considering unique security and privacy challenges of various platforms.
• Demonstrate familiarity with strong security, encryption, and privacy protection approaches for digital solutions, including web-based and backend integrations via API.
• Assess privacy risks and conduct PIAs associated with integration between legacy systems, web applications, digital, and cloud-based solutions.
• Understand cloud-based technologies, including security and privacy considerations, limitations, and best practices for data protection.
• Understand privacy protection standards and best practices, business, information, and security architecture principles, and emerging technology related to privacy and personal information protection.
• Lead teams in discovery sessions to elicit details of technical solutions, business processes, and/or policies.
• Document findings and recommendations.
• Interpret technical documentation (e.g., architecture design documents, process flows, state transition diagrams) and non-technical documentation to assess impacts and develop mitigation strategies.
• Manage multiple and concurrent requests in an agile and highly dynamic work environment.
• Present findings and recommendations to senior management and executives.
• Communicate complex problems/issues in simple terms.
• Develop, apply, and/or evaluate digital identity trust frameworks.
• Lead and conduct multiple PIAs in an OPS setting/environment.
• Demonstrate knowledge and experience with OPS processes, existing templates, and expectations to obtain approvals/sign off.