Senior Privacy Impact Assessment Specialist

• PIA Technical Leadership: Lead and manage the end-to-end development of comprehensive Privacy Impact Assessments (PIAs) to evaluate whether new software, platforms, programs, or corporate policies meet absolute statutory privacy requirements
• Risk Mitigation Engineering: Analyze current and future privacy implications for business designs, systematically identifying operational data risks, vulnerabilities, and authoring formal risk countermeasure playbooks
• Legislative Compliance Guarding: Ensure all technical platforms and programs comply with provincial, municipal, federal, and private-sector privacy laws, relevant regulations, and internationally accepted Fair Information Practices
• Digital Solution Assessment: Lead privacy reviews for modern online, cloud-hosted, and mobile application solutions, focusing heavily on security approaches, data encryption, and local protection frameworks
• Integration & Architecture Review: Assess privacy risks associated with data synchronization and backend integrations via APIs connecting legacy environments to third-party or private-sector applications
• Data Flow & Blueprint Analysis: Interpret both technical and non-technical documentation, including architectural design documents, state transition diagrams, system interfaces, and data flow models
• Stakeholder Engagement & Discovery: Lead cross-functional discovery workshops with technical architects, developers, legal analysts, and business teams to elicit precise technical configurations and operational workflows
• Executive Presentation & Reporting: Document clear assessment findings and present strategic compliance recommendations to executive leadership to inform high-level corporate decision-making
• Records Governance Lifecycle: Align system designs with strict records management policies, ensuring proper data classification, retention schedules, and secure disposition parameters

• Statutory Framework Mastery: Deep operational knowledge and hands-on experience interpreting and applying privacy legislation, specifically including FIPPA, PHIPA, and PIPEDA, alongside related jurisprudence
• Privacy Assessment Depth: Extensive track record leading complex Privacy Impact Assessments (PIAs) within the public sector or large, highly regulated multi-stakeholder corporate settings
• Digital Identity Frameworks: Practical experience evaluating or developing digital identity trust frameworks (such as PCTF, eIDAS) and standard protocols (NIST, FIDO, OpenID Connect, SAML)
• Healthcare & Third-Party Domain Insight: Direct experience managing assessments that involve personal health information handled by third-party vendor applications or service integration providers
• Architecture Interrogation: Strong ability to analyze technical system diagrams, database interfaces, data transfer methodologies, and information security encryption standards
• Mobile & Cloud Platform Savvy: Deep understanding of the unique security and privacy constraints associated with mobile applications, cloud infrastructures, and native or third-party digital wallet technologies
• Records Management: Solid understanding of institutional records management practices, including information classification, retention rules, and digital accessibility compliance standards (AODA)
• Workshop Facilitation: Elite communication skills with a proven ability to lead multidisciplinary teams through complex technical discovery sessions
• Analytical Problem Solving: Superior critical thinking skills to interpret intricate technical setups and translate them into simplified, fact-based risk summaries for non-privacy experts
• Desirable Credentials: Active professional certifications in related disciplines (e.g., IAPP CIPP/C, technical architecture, or information security designations) are highly valued

Active professional certifications in related disciplines (e.g., IAPP CIPP/C, technical architecture, or information security designations)