Metrolinx is connecting communities across the Greater Golden Horseshoe. Metrolinx operates GO Transit and UP Express, as well as the PRESTO fare payment system. We are also building new and improved rapid transit, including GO Expansion, Light Rail Transit routes, and major expansions to Toronto’s subway system, to get people where they need to go, better, faster and easier. Metrolinx is an agency of the Government of Ontario.
We embody our values in everything that we do. We Serve with Passion, Think Forward, and Play as a Team. If you can relate, we want to hear from you!
Our General Counsel & Corporate Secretary’s Office is seeking a Senior Privacy Advisor who with direction from the Manager, Privacy Program, provides day-to-day support to Metrolinx’s privacy program through advice, technical expertise, guidance and training, to corporate programs and activities that protect privacy, including interpreting, developing and implementing the privacy program, its objectives and practices related to, and in compliance with government legislation, regulatory requirements, and industry best practices. Conducts privacy risk assessments, investigations, and audits to confirm ongoing compliance. Manages privacy protocols and programs applicable to Privacy Office including responding to requests for personal information, privacy complaints, and law enforcement requests. Develops, tracks and monitors privacy program KPIs.
What will I be doing?
- Promotes consistent interpretation, application, and compliance with legislative requirements of the Freedom of Information and Protection of Privacy Act (FIPPA), and guidance from Ontario’s Information and Privacy Commissioner
- Promotes the development and implementation of privacy best practices above and beyond FIPPA and related legislative requirements, including requirements of the private-sector Personal Information Protection and Electronic Documents Act (PIPEDA), guidance from the Federal Office of the Privacy Commissioner of Canada, and industry best practices
- Maintains current knowledge of the application/interpretation of privacy legislation and regulations and industry changes, and anticipates the impact on privacy issues to organizational/corporate practices and programs
- As privacy subject matter expert, provides support to Metrolinx business units and project team members to ensure compliance with Metrolinx privacy policies, legislative and contractual obligations; and supports standard and consistent methodologies and implementation of best practices on an on-going basis
- Models Metrolinx’s values and core competences, especially in dealings with external partners, and in the handling of personal, sensitive and confidential information
- Under the leadership of the Manager, Privacy Program, supports the privacy program governance framework including development and tracking of privacy KPIs and the Privacy Steering Committee
- Privacy Policies and Practices: Implements strategic privacy projects, including policies, best practices, and risk mitigation strategies across the organization’s business units
- Issues/Risk Management/Investigations: Identifies contentious issues and risks, monitors changes to best practices and legal requirements, briefs staff and senior management, and implements revisions/mitigation strategies
- Privacy Impact Assessments: Identifies and assesses privacy risks and provides advisory and consultative support to risk owners to develop appropriate mitigation plans. Conducts post-implementation analysis and reviews to ensure recommendations have been implemented
- Incident & Breach Management: Investigates privacy incidents to identify privacy breaches and supports response plans through all phases of the incident response process, including privacy analysis, root cause analysis, development of appropriate mitigation strategies, and drafting and reviewing associated communications and reporting
- Privacy Inquiries & Complaints: Leads and coordinates investigations and responds to privacy inquiries, privacy complaints and breach incidents, and acts as the primary point of contact for Ontario’s Information and Privacy Commissioner; logs follow-up activities and resolutions, and provides advice to staff and senior management
- Privacy Audits: Reviews, proposes, and coordinates appropriate action plans to address findings of privacy audits and monitoring, in collaboration with Internal Audit and respective business units
- Enterprise Risks: Ensures assigned risks are added to the ERM and monitor to ensure compliance with risk mitigation plans and associated timelines
- Committees: supports the planning of privacy steering committee meetings and facilitates/chairs where required, and maintains a network of key privacy contacts throughout the organization
- Key Point of Contact: Acts as the primary point of contact and technical expert for staff on privacy program inquiries and requirements as new or existing programs are developed or revised. Provides guidance and advice to the organization’s business units on requirements for privacy compliance (e.g. Transit Safety, PRESTO, Customer Experience, Marketing). Works with IT and Internal Audit to identify and address impacts of audits, technology/system related projects/plans, and privacy impact assessment findings on the Privacy Program and compliance requirements. Works with HR to advise on employee privacy issues, breaches, and appropriate course of action
- Privacy & Awareness Training: Develops and delivers privacy training initiatives to all employees and third parties, as appropriate. Facilitates and promotes privacy awareness activities to foster a culture of information privacy awareness within the organization
- Privacy KPIs: Identifies, coordinates, collects, tracks, analyses, maintains, and reports data related to the implementation of strategies, methods, and privacy program deliverables (e.g. privacy impact assessments, law enforcement requests, inquiries, complaints, breaches etc)
- Guides and influences others in the performance of their day-to-day activities, without direct supervisory responsibility
Closing Date: 23 May 2021