Privacy Impact Assessment Specialist 7152-2016 - Toronto, Canada - Foilcon

Foilcon

Verified Company

Toronto, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

HM Note:
This hybrid role is three (3) in office

Responsibilities:

Required to lead and develop privacy impact assessment (PIA) that evaluates whether new technologies, information systems, or proposed programs or policies meet legal and policy privacy requirements, determine and mitigate risks, and address clients' concerns.

These requirements include ensuring that the program complies with provincial, municipal, federal and private sector access and privacy legislation, as well as relevant regulations, statutes, OPS policies, Directives, standards, guidelines and internationally accepted Fair Information Practices.

Work on the project with business and technology teams to ensure PIA captures all relevant information required for project governance and approvals

Coordinate approvals of the PIA with project team and Privacy office

Provide guidance and expertise to the project team on privacy requirements and standards

Provides input and supports the development of amendments to FIPPA and MGSA to support projects long term roadmap and vision

General Skills:

'‹Excellent knowledge of privacy and security concepts, trends, and issues. This will include an understanding of their impact on business processes, as well as skill with interpretation and communication of principles and compliance requirements

Experience in conducting Privacy Impact Assessments in public sector context

Knowledge of, and experience with privacy enhancing best practices

Familiarity with federal Personal Information Protection and Electronic Documents Act (PIPEDA) and US PATRIOT Act

Policy Knowledge

Familiarity with OPS Privacy Impact Assessment Process and Tools released by the Ontario Ministry of Government Services;

Good understanding of related disciplines, such as IT security, IT system design, policy development (privacy or security), business architecture, legal processes, Freedom of Information administration, business analysis, risk management, project management.

Operational Program and Business Design Skills

Ability to lead, mange or support the development of a PIA either independently or as part of a team by directing and gathering input from specific individuals within the organization

Knowledge and ability to create and understand data flow diagrams and business process diagrams

Ability to recognize the need for, and seek input from external experts as required

Excellent communication skills with technical and business audiences and non
- access and privacy experts.

Technology and Systems Knowledge

Analytical skills to understand the current and future access and privacy implications of policies, decisions and business initiatives

Knowledge of Information Technology concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture and data flows

Information and Record Keeping Knowledge

Experience in developing risk assessment tools, methodologies, policies and procedures to effectively manage personal information

Knowledge of policies, directives, standards, business rules, procedures and guidelines relating to records management including classification, retention and disposition of information

Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards

Desirable Skills:

Professional certification from a related discipline such as IT security, architecture

Experience providing education and training related to privacy

Knowledge of, and experience with the policies and procedures of the Ontario government (e.g. business case development, project approvals and policy development)

Skills:

Experience and Skill Set Requirements

40% - Privacy Assessment Experience, Policy and Legislative Requirements
'¢ Experienced in privacy legislation including Freedom of Information and Protection of Privacy Act (FIPPA), Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA)

'¢ Experienced in conducting privacy assessments involving personal information, citing examples in resume.

'¢ Experienced in leading and conducting privacy assessments with Ontario health or D&V systems involving online and/or mobile digital solutions that handle personal and health related information,

'¢ Experienced working with policy development teams; reviewing and comparing policies and legislation to make informed recommendations to ensure adequate privacy protections and considerations are addressed with in policy/legislation.

30% - Technical understanding
'¢ Experience with privacy risks and conducting PIAs involving mobile app solutions and the unique security and privacy challenges associated with such platforms

'¢ Demonstrated experience and familiarity with strong security, encryption and privacy protection approaches to digital solut