Metrolinx is connecting communities across the Greater Golden Horseshoe. Metrolinx operates GO Transit and UP Express, as well as the PRESTO fare payment system. We are also building new and improved rapid transit, including GO Expansion, Light Rail Transit routes, and major expansions to Toronto’s subway system, to get people where they need to go, better, faster and easier. Metrolinx is an agency of the Government of Ontario.
We embody our values in everything that we do. We Serve with Passion, Think Forward, and Play as a Team. If you can relate, we want to hear from you!
Reporting to the Director, Privacy Program, our General Counsel & Corporate Secretary’s Office is looking for a Senior Privacy Advisor who with direction from the Director, Privacy Program, provides daily support to Metrolinx’s privacy program through advice, technical expertise, guidance and training, to corporate programs and activities that protect privacy, including interpreting and developing the privacy program, its goals and practices related to, and in compliance with government legislation, regulatory requirements, and industry best practices.
The incumbent in this role will primarily focus on providing advisory services to Metrolinx’s Digital Marketing Experience and Customer Digital Transformation Program areas. Experience advising on and knowledge of various marketing strategies such as cookies, third party targeted marketing, use of social media, e-commerce, web privacy, promotional contests and digital privacy issues is considered an asset. The Senior Advisor will support initiatives in an agile capacity while applying privacy best practices and embedding privacy by design throughout the project lifecycle.
What will I be doing?
- Promote interpretation, and compliance with legislative requirements of the Freedom of Information and Protection of Privacy Act (FIPPA), and guidance from Ontario’s Information and Privacy Commissioner
- Promote the development of privacy best practices above and beyond FIPPA and related legislative requirements, including requirements of the private-sector Personal Information Protection and Electronic Documents Act(PIPEDA), guidance from the Federal Office of the Privacy Commissioner of Canada, and industry best practices
- Maintain current knowledge of the application of privacy legislation and regulations and industry changes, and anticipate the impact on privacy issues to organizational/corporate practices
- As privacy subject matter expert, provides support to Metrolinx departments and project team members to ensure compliance with Metrolinx privacy policies, legislative and contractual obligations; and support standard and methodologies and implementation of best practices on an on-going basis
- Model Metrolinx’s values and core competences, especially in dealings with external partners, and in the handling of personal and confidential information
- Under the leadership of the Director, Privacy Program, supports the privacy program governance framework including development and tracking of privacy Goals and the Privacy Steering Committee
- Implement strategic privacy projects, including policies, best practices, and risk mitigation strategies across our departments
- Identify contentious issues, monitors changes to best practices and legal requirements, briefs staff and senior management, and implements revisions/mitigation strategies
- Identify and assess privacy risks and provide advisory and consultative support to risk owners to develop appropriate mitigation plans. Conduct post-implementation analysis and reviews to ensure recommendations have been implemented
- Investigate privacy incidents to identify privacy breaches and support response plans through all phases of the incident response process, including privacy analysis, root cause analysis, development of mitigation strategies, and reviewing associated communications and reporting
- Lead investigations and responds to privacy inquiries, privacy complaints and breach incidents, and acts as the primary contact for Ontario’s Information and Privacy Commissioner; logs follow-up activities and resolutions, and provides advice to staff and senior management
- Review, proposes, and coordinates appropriate action plans to address findings of privacy audits and monitoring, in collaboration with Internal Audit and departments
- Ensure assigned risks are added to the ERM and monitor to ensure compliance with risk mitigation plans and associated timelines
- Help plan privacy steering committee meetings and facilitate and maintain a network of essential privacy contacts throughout the organization
What skills & qualifications do I need?
- Completion of a degree in Business Administration, Information Management, Information Technology, or related field – or a combination of education, training and experience deemed equivalent
- Minimum five (5) years’ experience providing technical advice and guidance relating to information access and privacy with some public sector experience
- Knowledge of and ability to interpret and apply legislation and government regulations guiding privacy protection and access to information (e.g. Freedom of Information and Protection of Privacy Act (FIPPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s Anti-Spam Legislation(CASL), );
- Experience assessing privacy compliance for new programs, information systems, or services
- Experience preparing a range of written materials, documentation, reports, briefing notes, training materials; brief senior management and staff on a range of privacy issues/matters; provide information/documentation to the IPC
- Strong interpersonal skills, with a sense of political acuity and the ability to present complex facts, information and explanations to different audiences including, matters brought before Ontario’s Information and Privacy Commissioner and senior management
- Collaboration and relationship management skills to: demonstrate aptitude for building trusted relationships and a reputation for sound judgement and pragmatism with internal clients and partners. Ability to work effectively and in partnership with colleagues, diverse teams (including legal counsel and information technology, internal audit, and risk professionals) and partners to build consensus and influence decisions; foster a culture of information privacy awareness
- Knowledge of data digitization, data mining, information flow and security concepts, to review and advise on the agreement of our technology/information management/security projects/plans to privacy practices and legislative compliance requirements
Don’t Meet Every Requirement?
If you’re excited about working with Metrolinx but your past experience doesn’t quite align with every qualification of this posting, we encourage you to apply. You just might be the right candidate for this or other roles. We are always looking for great talent to join our team.
We invite all interested individuals to apply and encourage applications from members of equity-deserving communities, including those who identify as Indigenous, Black, racialized, women, people with disabilities, and people with diverse gender identities, expressions and sexual orientations.
Closing Date: 03/13/2023, 09:59 PM