Senior Privacy Assessment Inspection Specialist


company logo

Reecruit

  • Job Title: Senior Privacy Assessment Inspection Specialist
  • Salary: As Per Industry
  • Functional Area: IT Software
  • Job Shift: Day
  • Employment Type: Contractual
  • Keyskills: Communication, Conflict Management
  • Job Description:

    Responsibilities:

    Required to lead and develop privacy impact assessment (PIA) that evaluates whether new technologies, information systems, or proposed programs or policies meet legal and policy privacy requirements, determine and mitigate risks, and address clients’ concerns.

    These requirements include ensuring that the program complies with provincial, municipal, federal and private sector access and privacy legislation, as well as relevant regulations, statutes, OPS policies, Directives, standards, guidelines and internationally accepted Fair Information Practices.

    Work on the project with business and technology teams to ensure PIA captures all relevant information required for project governance and approvals

    Coordinate approvals of the PIA with project team and Privacy office

    Provide guidance and expertise to the project team on privacy requirements and standards

    Provides input and supports the development of amendments to FIPPA and MGSA to support projects long term roadmap and vision

     

    General Skills:

    Excellent knowledge of privacy and security concepts, trends, and issues. This will include an understanding of their impact on business processes, as well as skill with interpretation and communication of principles and compliance requirements

    Knowledge of, and experience in researching and applying relevant information privacy laws, regulations, jurisprudence (particularly as it relates to the Information and Privacy Commissioner of Ontario) and risk countermeasures

    Experience in conducting Privacy Impact Assessments in public sector context

    Knowledge of, and experience with privacy enhancing best practices

    Knowledge and ability to interpret and apply Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) and its municipal equivalent the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Personal Health Information Protection Act (PHIPA) their respective regulations and related jurisprudence

    Familiarity with federal Personal Information Protection and Electronic Documents Act (PIPEDA) and US PATRIOT Act

    Policy Knowledge

    Familiarity with OPS Privacy Impact Assessment Process and Tools released by the Ontario Ministry of Government Services;

    Good understanding of related disciplines, such as IT security, IT system design, policy development (privacy or security), business architecture, legal processes, Freedom of Information administration, business analysis, risk management, project management.

    Operational Program and Business Design Skills

    Ability to lead, mange or support the development of a PIA either independently or as part of a team by directing and gathering input from specific individuals within the organization

    Knowledge and ability to create and understand data flow diagrams and business process diagrams

    Ability to recognize the need for, and seek input from external experts as required

    Excellent communication skills with technical and business audiences and non- access and privacy experts.

    Technology and Systems Knowledge

    Analytical skills to understand the current and future access and privacy implications of policies, decisions and business initiatives

    Knowledge of Information Technology concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture and data flows

    Information and Record Keeping Knowledge

    Experience in developing risk assessment tools, methodologies, policies and procedures to effectively manage personal information

    Knowledge of policies, directives, standards, business rules, procedures and guidelines relating to records management including classification, retention and disposition of information

    Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards

     

    Desirable Skills:

    Professional certification from a related discipline such as IT security, architecture

    Experience providing education and training related to privacy

    Knowledge of, and experience with the policies and procedures of the Ontario government (e.g. business case development, project approvals and policy development)

     

    Experience and Skill Set Requirements

    Privacy Assessment Experience, Policy and Legislative Requirements

    • Experienced in privacy legislation including Freedom of Information and Protection of Privacy Act (FIPPA), Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA)

    • Experienced in conducting privacy assessments involving personal information, citing examples in resume.

    • Experienced in leading and conducting privacy assessments with Ontario health or D&V systems involving online and/or mobile digital solutions that handle personal and health related information,

    • Lead and conducted assessments involving personal health information involving third party solutions (e.g private sector or non-profit application solutions) and/or service integration providers

    • Experienced working with policy development teams; reviewing and comparing policies and legislation to make informed recommendations to ensure adequate privacy protections and considerations are addressed with in policy/legislation.

     

    Technical understanding

    • Experience with privacy risks and conducting PIAs associated with integration between legacy systems, web applications, mobile and cloud based solutions to obtain, retrieve and synchronize information.

    • Experience with privacy risks and conducting PIAs involving mobile app solutions and the unique security and privacy challenges associated with such platforms

    • Demonstrated experience and familiarity with strong security, encryption and privacy protection approaches to digital solutions, including mobile; web based and backend integrations via API or similar approaches.

    • Familiar with Digital Wallet technologies (native within OS or third party) including the security and privacy considerations, limitations and best practices for local data protection on mobile devices

    • Familiar with cloud based digital wallet technologies including the security and privacy considerations, limitations and best practices for data protection

    • Experience, knowledge and understanding of privacy protection standards and best practices, business, information and security architecture principles and emerging technology related to the protection of privacy and personal information

     

    Leadership and Communications

    • Demonstrated strong communication and engagement skills with ability to lead teams in discovery sessions to elicit details of technical solutions, business processes and/or policies; strong writing skills to document findings, recommendation, etc

    • Demonstrated ability to interpret both technical (e.g architecture design documents, process flows, state transition diagrams, etc) and non-technical documentation to conduct assessment of impacts and to develop mitigation strategies

    • Strong organizational and time management skills to manage multiple and concurrent requests in an agile and highly dynamic work environment setting.

    • Strong presentation abilities to communicate findings, recommendations, etc to senior management and executives to inform decision making; able to communicate Page 6 of 12 complex problems/issues in a simple terms

     

    Digital Identity Frameworks and Standards

    • Experience in developing, applying and/or evaluating digital identity trust frameworks such as the PCTF, eIDAS, or similar.

    • Experience with Digital Identity standards such as NIST, FIDO, Open ID Connect, SAML

     

    OPS experience

    • Prior experience with leading and conducting multiple PIAs in OPS setting/ environment, including demonstrated knowledge and experience with OPS processes, existing templates and expectations to obtain approvals/sign off.

Desire candidate profile

Must Haves: • Experienced in privacy legislation including Freedom of Information and Protection of Privacy Act (FIPPA), Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA) • Experienced in leading and conducting privacy assessments with Ontario health or D&V systems involving online and/or mobile digital solutions that handle personal and health related information, • Experienced working with policy development teams; reviewing and comparing policies and legislation to make informed recommendations to ensure adequate privacy protections and considerations are addressed with in policy/legislation. • Experience with privacy risks and conducting PIAs associated with integration between legacy systems, web applications, mobile and cloud based solutions to obtain, retrieve and synchronize information. Nice to Have: • Experience in developing, applying and/or evaluating digital identity trust frameworks such as the PCTF, eIDAS, or similar. • Experience with Digital Identity standards such as NIST, FIDO, Open ID Connect, SAML Previous Public Sector Experience

Education Level

 Graduation

Organization Profile

Reecruit

  • We aim to assist our customers to find the right fit in their choice of industries. Our goal is to develop an intelligent data-driven platform that works as a matchmaking service for our employers and job seekers. We intend to bring automation to the field of recruitment to reduce the time it takes employers to fill their vacancies and at the same time provide candidates with opportunities that match their skill set the best. Our vision is to be the next data-driven go-to recruitment platform. Reecruit aims to match the right candidate regardless of the industry they are into their dream job. May it be in the field of FinTech or Administration, our mission is to provide our clients with the right fit for the position they are looking to hire for. Reecruit stands by its position of Talent Matched by ensuring that our clients meet their Staffing and Recruiting needs by utilizing our extensive database. Reecruit's mission is to be a global leader in recruiting with fulfilled clients and job seekers in all regions it operates in. We currently operate in the U.S., Canada, Australia and India with the aspiration to establish our brand in more regions in the future. Currently, we have our teams based in Houston, Toronto, and New Delhi working round the clock to ensure our client's vacancies are met as required. We have filled numerous openings since our inception with the niche hiring in ERP (Enterprise Resource Planning) systems such as Microsoft Dynamics, Oracle, and SAP with the goal of expanding further into various other fields. Our founders have multiple years of experience in their distinguished fields of information technologies and decided to enter the field of recruitment after having troubles such as high turnover after filling vacancies. Their intention behind the venture of Reecruit is to ensure candidates match the expectations of their employers and at the same time ensure jobseekers are content with their work.

Overview:

  • Location: Toronto
  • Job Title: Senior Privacy Assessment Inspection Specialist
  • Job details: Posted on: March 19, 2024 07:38 AM Company Hiring For : Confidential
Apply For This Job