Senior Privacy Analyst - Toronto, Canada - GTT, LLC

    GTT, LLC
    GTT, LLC Toronto, Canada

    1 month ago

    Default job background
    Full time
    Description

    Senior Privacy Analyst /PIA Specialist
    Contract Duration 2 years

    Job Overview:
    Our client is seeking a PIA Specialist to complete the Privacy Impact Assessment (PIA) deliverable for the CX Platform's upcoming releases, further making more services available online, and improving current online services, as seen through the Transportation Safety Transformation (TSTx) initiative and discovery work to increase eligibility to complete health card renewals online.
    The PIA Specialist is required to lead or support the development of a privacy impact assessment of the applications that evaluates whether new technologies, information systems, or proposed programs or policies meet legal and policy privacy requirements, determine and mitigate risks, and address clients' concerns.
    These requirements include ensuring that the program complies with provincial, municipal, federal, and private sector access and privacy legislation, as well as relevant regulations, statutes, OPS policies, Directives, standards, guidelines, and internationally accepted Fair Information Practices.

    Job Responsibilities:

    Senior Privacy Analyst required to lead and develop privacy impact assessment (PIA) that evaluates whether new technologies, information systems, or proposed programs or policies meet legal and policy privacy requirements, determine and mitigate risks, and address clients' concerns.
    These requirements include ensuring that the program complies with provincial, municipal, federal, and private sector access and privacy legislation, as well as relevant regulations, statutes, OPS policies, Directives, standards, guidelines, and internationally accepted Fair Information Practices.
    Work on the project with business and technology teams to ensure PIA captures all relevant information required for project governance and approvals
    Coordinate approvals of the PIA with the project team and Privacy office
    Provide guidance and expertise to the project team on privacy requirements and standards
    Provides input and supports the development of amendments to FIPPA and MGSA to support the project's long-term roadmap and vision

    Must Haves:

    Experienced in privacy legislation including the Freedom of Information and Protection of Privacy Act (FIPPA), the Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA)
    Experienced in leading and conducting privacy assessments with Ontario health or D&V systems involving online and/or mobile digital solutions that handle personal and health-related information,
    Experienced working with policy development teams; reviewing and comparing policies and legislation to make informed recommendations to ensure adequate privacy protections and considerations are addressed within policy/legislation.
    Experience with privacy risks and conducting PIAs associated with integration between legacy systems, web applications, and mobile and cloud-based solutions to obtain, retrieve, and synchronize information.

    Nice to Have:

    Experience in developing, applying, and/or evaluating digital identity trust frameworks such as the PCTF, eIDAS, or similar.
    Experience with Digital Identity standards such as NIST, FIDO, Open ID Connect, SAML
    Previous Public Sector Experience

    Evaluation Criteria:

    Privacy Assessment Experience, Policy, and Legislative Requirements
    Experienced in privacy legislation including the Freedom of Information and Protection of Privacy Act (FIPPA), the Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA)
    Experienced in conducting privacy assessments involving personal information, citing examples in resumes.
    Experienced in leading and conducting privacy assessments with Ontario health or D&V systems involving online and/or mobile digital solutions that handle personal and health-related information,
    Lead and conducted assessments involving personal health information involving third-party solutions (e.g private sector or non-profit application solutions) and/or service integration providers
    Experienced working with policy development teams; reviewing and comparing policies and legislation to make informed recommendations to ensure adequate privacy protections and considerations are addressed within policy/legislation.

    Technical Understanding:

    Experience with privacy risks and conducting PIAs associated with integration between legacy systems, web applications, and mobile and cloud-based solutions to obtain, retrieve, and synchronize information.
    Experience with privacy risks and conducting PIAs involving mobile app solutions and the unique security and privacy challenges associated with such platforms
    Demonstrated experience and familiarity with strong security, encryption, and privacy protection approaches to digital solutions, including mobile; web-based, and backend integrations via API or similar approaches.
    Familiar with Digital Wallet technologies (native within OS or third party) including the security and privacy considerations, limitations, and best practices for local data protection on mobile devices
    Familiar with cloud-based digital wallet technologies including the security and privacy considerations, limitations, and best practices for data protection
    Experience, knowledge, and understanding of privacy protection standards and best practices, business, information, and security architecture principles, and emerging technology related to the protection of privacy and personal information

    Leadership and Communications:

    Demonstrated strong communication and engagement skills with the ability to lead teams in discovery sessions to elicit details of technical solutions, business processes, and/or policies; strong writing skills to document findings, recommendations, etc
    Demonstrated ability to interpret both technical (e.g architecture design documents, process flows, state transition diagrams, etc) and non-technical documentation to conduct an assessment of impacts and to develop mitigation strategies
    Strong organizational and time management skills to manage multiple and concurrent requests in an agile and highly dynamic work environment setting.
    Strong presentation abilities to communicate findings, recommendations, etc to senior management and executives to inform decision-making; able to communicate Page 6 of 12 complex problems/issues in simple terms

    Digital Identity Frameworks and Standards

    Experience in developing, applying, and/or evaluating digital identity trust frameworks such as the PCTF, eIDAS, or similar.
    Experience with Digital Identity standards such as NIST, FIDO, Open ID Connect, SAML

    OPS Experience:

    Prior experience with leading and conducting multiple PIAs in OPS setting/ environment, including demonstrated knowledge and experience with OPS processes, existing templates and expectations to obtain approvals/sign-off.

    Note:
    Hybrid Role- 3 days per week on-site expected.

    About the Company:
    The client provides strategic advice and cost-effective technology solutions for the Ministries of Economic Development, Job Creation and Trade, Seniors and Accessibility, Government and Consumer Services, Infrastructure, and Francophone Affairs. It delivers the information technology necessary for its partners and agencies to operate, modernize, and transform the delivery of services to the public, businesses, and employees.