Senior Privacy Impact Assessment PIA Specialist

• Privacy Impact Assessment Leadership: Lead the end-to-end development of PIAs to determine whether new technologies, cloud configurations, or business policies meet complex legal compliance requirements
• Risk Mitigation Engineering: Evaluate information architectures and digital solutions to identify privacy threat vectors, design security countermeasures, and author formal privacy risk registries
• Third-Party & Vendor Validation: Conduct rigorous privacy reviews on third-party application solutions, non-profit sector software providers, and external data service integration partners handling personal health information
• Data Flow & Systems Auditing: Analyze complex systemic data flows, information architectures, and identity verification mechanisms to assess the current and future privacy implications of system designs
• Policy Collaboration: Partner with policy development teams to review, compare, and draft privacy-enhancing guidelines, standard operating procedures, and governance baselines
• Records Governance Oversight: Ensure compliance with information management directories, including strict data classification, secure retention schedules, and legal data disposition procedures
• Cross-Functional Communication: Serve as a core advisor, translating dense legislative mandates and technical security patterns into plain language for executive sponsors, project managers, and business BAs

• Legislative Mastery: Comprehensive, professional-level knowledge of Canadian privacy frameworks, including FIPPA (and MFIPPA), PHIPA, and federal PIPEDA mandates, regulations, and associated jurisprudence
• Digital Solution Assessment: Proven experience leading and conducting formal PIAs specifically tailored to online ecosystems, cloud configurations, and complex digital platforms
• Health Information Expertise: Direct, hands-on experience managing assessments that involve Personal Health Information (PHI) crossing boundaries into third-party vendor applications or external systems
• Modeling Capability: Demonstrated ability to read, interpret, and validate high-level data flow diagrams (DFDs) and business process models to identify privacy vulnerabilities
• Interpersonal Skills: Elite consultation, negotiation, and report-writing capabilities, with a track record of driving cross-functional project teams toward a privacy consensus
• Compliance Framework Knowledge: Strong familiarity with internationally accepted Fair Information Practices and the operational rulings of the Information and Privacy Commissioner of Ontario (IPC)

Prior experience navigating the Ontario Public Service (OPS) privacy impact assessment process, tools, or related public sector corporate governance