Senior Manager, Privacy, Risk and Data Governance
About the role
Job Title: Senior Manager, Privacy, Risk and Data Governance
Posting Date: October 16, 2025
Closing Date: October 31, 2025
Branch/Department: North York Central
Division: Planning, Policy & Performance Management
Employment Type: Permanent Full Time
JOB SUMMARY:
Reporting to the Director, Policy, Planning and Performance Manager, the Senior Manager of Privacy, Risk and Data Governance is responsible for the privacy, risk and data governance portfolios at TPL. This position will work with all TPL divisions and the City Librarian’s Office, providing advice to management and the senior leadership team. The position will take a pro-active approach to matters of privacy, risk and data governance. This position will also respond to privacy, risk and data governance inquiries both internal and external to advise and resolve issues.
The Senior Manager of Privacy, Risk and Data Governance will be a main point of contact on matters involving privacy and access for many external organizations, including, but not limited to, the City of Toronto, partner organizations, and law enforcement. This position will maintain up to date awareness and ensures organizational compliance with privacy legislation, data governance principles, external policies, trends and best practices. In partnership with TPL’s Senior Manager, Data and Analytics, this position will lead an enterprise data governance program, to ensure data is secure, reliable, and responsibly managed to support transparency, accountability, and better services for Torontonians. This position will also lead the Enterprise Risk Management program that includes the maintenance and update of risk registries and completion of risk impact assessments. In addition, the position will be responsible for development TPL’s records management program.
DUTIES:
Privacy
- Manages the privacy program for TPL, strengthening all components and ensuring awareness for all TPL staff and management on privacy matters
- Ensures organizational compliance with the Municipal Freedom of information and Protection of Privacy Act
- Advises management and senior management on matters of privacy, dealing with significantly complex issues involving a high level of confidentiality and sensitivity, including labour relations and human resources matters
- Leads the review of disclosure policies, including updated templates and business processes, and ensuring staff awareness
- Revises TPL’s Privacy Breach protocol and manages privacy breaches coordinating with the cybersecurity unit and other departments/divisions as required
- Reviews and revises disclosure policies and templates, including training for managers and staff, and communications
- Leads and conducts PIAs for enterprise systems, initiatives, projects, and third party service providers, working with internal and external stakeholders
- Reviews current IT applications for privacy implications/considerations and making actionable suggestions to mitigate risk
- Conducts privacy investigations, consultations and audits
- Assesses, assigns, tracks, reports and prepares responses to Freedom of Information requests made under MFIPPA, in accordance with the legislated deadlines
- Balances the right of access with the protection of personal and other confidential information in accordance with legislation, Regulations and Orders of the Information & Privacy Commissioner, while ensuring that specific provisions of the legislation such as notification requirements are met
- Maintains awareness of and report on trends in the field of privacy and risk, including strategic relationships with external organizations and partners
Risk Management
- Reviews and revises TPL’s Enterprise Risk Management Framework, including the Risk Management Policy, annual risk registry reporting to the Board
- Implementation of the ERMF by embedding risk into strategic and business planning, service development, and capital project initiatives to support risk-informed decision making in all areas of the Library’s operations
- Leads and conducts risk impact assessments , allowing for early identification of organizational impacts, strategic considerations, and risk mitigation strategies
- Data Governance
- Develops, implements and monitors TPL’s data governance framework to ensure data is secure, reliable, and responsibly managed to support transparency, accountability, and better services for Torontonians
- Create policies and guidelines for data ownership, stewardship, access, sharing, privacy, and security
- Ensure compliance with relevant legislation (e.g., privacy legislation, records management etc.)
Partner & Stakeholder Relationship Management
- Organizes and works with multi-disciplinary business and technical teams from across the Library to formulate and execute project plans and tasks according to established project management principles and methodologies
- Cultivates and enhances highly collaborative working relationships & teams through cross portfolio engagement with stakeholders (internal customers, external partners/regulators/vendors and customers, and Management, to enable portfolio and integrated planning
- Manages assigned projects, ensuring effective teamwork and communication, high standards of work quality and organizational performance and continuous learning
People Leadership
- Provides full scope of management responsibilities to a team of function-specific resources, including recruitment, performance management and coaching, and support for, leadership and training opportunities
QUALIFICATIONS:
- Post-graduate university degree in law, policy, information management, information technology, data analytics, public administration or related discipline or a combination of education and professional experience
- Certified Information and Privacy Professional (CIPP) and/or Certified Privacy Manager (CIPM) strongly preferred
- Canadian Risk Management designation (CRM) strongly preferred
- Minimum of 3 years’ management or leadership experience within the library, municipal, or public sector preferred, including demonstrated expertise supervising and managing staff in a complex and fast-paced environment.
- Minimum of 7 years’ experience working directly with the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) or other related access and privacy legislation and the orders of the Information & Privacy Commissioner governing access and privacy issues
- Extensive experience in and awareness of legislation, trends, and outcomes and their application to data and technology
- Demonstrated experience with leading data governance for large-scale organizations, ideally within a public sector environment
- Demonstrated experience in leading and conducting privacy impact assessments (PIAs) for enterprise or IT systems
- Extensive experience in developing privacy related policies and procedures
- Demonstrated experience developing and implementing a records management program
- Strong interpersonal skills, with proven ability to coach and lead teams and resolve conflicts.
- Strong change management skills with ability to influence and build productive relationships with cross-divisional stakeholders.
- Superb written and verbal communication and presentation skills; ability to effectively communicate with senior leaders and TPL Board members.
SALARY: (minimum: $123,833 – maximum: $170,184) Grade 8
ACCOMMODATION:
We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs.
APPLICATION PROCESS:
Toronto Public Library (TPL) invites applications from all qualified individuals. The Library is committed to equal opportunity, diversity in the workplace, equity and reconciliation, and welcomes applications from Indigenous people, Black and racialized groups, people with disabilities, 2SLGBTQ+ people and women.
All applicants must be legally entitled to work in Canada. Toronto Public Library (TPL) will be using email to communicate with you for all job competitions. It is your responsibility to include an updated email address that is checked daily. As we send time sensitive correspondence, we recommend that you check your email regularly. If no response is received, we will assume you are no longer interested in pursuing the opportunity. Please be advised that a Criminal Record Check may be required of the successful candidate. Should it be determined that any background information provided be misleading, inaccurate or incorrect, Toronto Public Library (TPL) reserves the right to discontinue with the consideration of your application.
We thank all applicants for their interest, however, only those selected for further consideration will be contacted.
Senior Manager, Privacy, Risk and Data Governance
About the role
Job Title: Senior Manager, Privacy, Risk and Data Governance
Posting Date: October 16, 2025
Closing Date: October 31, 2025
Branch/Department: North York Central
Division: Planning, Policy & Performance Management
Employment Type: Permanent Full Time
JOB SUMMARY:
Reporting to the Director, Policy, Planning and Performance Manager, the Senior Manager of Privacy, Risk and Data Governance is responsible for the privacy, risk and data governance portfolios at TPL. This position will work with all TPL divisions and the City Librarian’s Office, providing advice to management and the senior leadership team. The position will take a pro-active approach to matters of privacy, risk and data governance. This position will also respond to privacy, risk and data governance inquiries both internal and external to advise and resolve issues.
The Senior Manager of Privacy, Risk and Data Governance will be a main point of contact on matters involving privacy and access for many external organizations, including, but not limited to, the City of Toronto, partner organizations, and law enforcement. This position will maintain up to date awareness and ensures organizational compliance with privacy legislation, data governance principles, external policies, trends and best practices. In partnership with TPL’s Senior Manager, Data and Analytics, this position will lead an enterprise data governance program, to ensure data is secure, reliable, and responsibly managed to support transparency, accountability, and better services for Torontonians. This position will also lead the Enterprise Risk Management program that includes the maintenance and update of risk registries and completion of risk impact assessments. In addition, the position will be responsible for development TPL’s records management program.
DUTIES:
Privacy
- Manages the privacy program for TPL, strengthening all components and ensuring awareness for all TPL staff and management on privacy matters
- Ensures organizational compliance with the Municipal Freedom of information and Protection of Privacy Act
- Advises management and senior management on matters of privacy, dealing with significantly complex issues involving a high level of confidentiality and sensitivity, including labour relations and human resources matters
- Leads the review of disclosure policies, including updated templates and business processes, and ensuring staff awareness
- Revises TPL’s Privacy Breach protocol and manages privacy breaches coordinating with the cybersecurity unit and other departments/divisions as required
- Reviews and revises disclosure policies and templates, including training for managers and staff, and communications
- Leads and conducts PIAs for enterprise systems, initiatives, projects, and third party service providers, working with internal and external stakeholders
- Reviews current IT applications for privacy implications/considerations and making actionable suggestions to mitigate risk
- Conducts privacy investigations, consultations and audits
- Assesses, assigns, tracks, reports and prepares responses to Freedom of Information requests made under MFIPPA, in accordance with the legislated deadlines
- Balances the right of access with the protection of personal and other confidential information in accordance with legislation, Regulations and Orders of the Information & Privacy Commissioner, while ensuring that specific provisions of the legislation such as notification requirements are met
- Maintains awareness of and report on trends in the field of privacy and risk, including strategic relationships with external organizations and partners
Risk Management
- Reviews and revises TPL’s Enterprise Risk Management Framework, including the Risk Management Policy, annual risk registry reporting to the Board
- Implementation of the ERMF by embedding risk into strategic and business planning, service development, and capital project initiatives to support risk-informed decision making in all areas of the Library’s operations
- Leads and conducts risk impact assessments , allowing for early identification of organizational impacts, strategic considerations, and risk mitigation strategies
- Data Governance
- Develops, implements and monitors TPL’s data governance framework to ensure data is secure, reliable, and responsibly managed to support transparency, accountability, and better services for Torontonians
- Create policies and guidelines for data ownership, stewardship, access, sharing, privacy, and security
- Ensure compliance with relevant legislation (e.g., privacy legislation, records management etc.)
Partner & Stakeholder Relationship Management
- Organizes and works with multi-disciplinary business and technical teams from across the Library to formulate and execute project plans and tasks according to established project management principles and methodologies
- Cultivates and enhances highly collaborative working relationships & teams through cross portfolio engagement with stakeholders (internal customers, external partners/regulators/vendors and customers, and Management, to enable portfolio and integrated planning
- Manages assigned projects, ensuring effective teamwork and communication, high standards of work quality and organizational performance and continuous learning
People Leadership
- Provides full scope of management responsibilities to a team of function-specific resources, including recruitment, performance management and coaching, and support for, leadership and training opportunities
QUALIFICATIONS:
- Post-graduate university degree in law, policy, information management, information technology, data analytics, public administration or related discipline or a combination of education and professional experience
- Certified Information and Privacy Professional (CIPP) and/or Certified Privacy Manager (CIPM) strongly preferred
- Canadian Risk Management designation (CRM) strongly preferred
- Minimum of 3 years’ management or leadership experience within the library, municipal, or public sector preferred, including demonstrated expertise supervising and managing staff in a complex and fast-paced environment.
- Minimum of 7 years’ experience working directly with the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) or other related access and privacy legislation and the orders of the Information & Privacy Commissioner governing access and privacy issues
- Extensive experience in and awareness of legislation, trends, and outcomes and their application to data and technology
- Demonstrated experience with leading data governance for large-scale organizations, ideally within a public sector environment
- Demonstrated experience in leading and conducting privacy impact assessments (PIAs) for enterprise or IT systems
- Extensive experience in developing privacy related policies and procedures
- Demonstrated experience developing and implementing a records management program
- Strong interpersonal skills, with proven ability to coach and lead teams and resolve conflicts.
- Strong change management skills with ability to influence and build productive relationships with cross-divisional stakeholders.
- Superb written and verbal communication and presentation skills; ability to effectively communicate with senior leaders and TPL Board members.
SALARY: (minimum: $123,833 – maximum: $170,184) Grade 8
ACCOMMODATION:
We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs.
APPLICATION PROCESS:
Toronto Public Library (TPL) invites applications from all qualified individuals. The Library is committed to equal opportunity, diversity in the workplace, equity and reconciliation, and welcomes applications from Indigenous people, Black and racialized groups, people with disabilities, 2SLGBTQ+ people and women.
All applicants must be legally entitled to work in Canada. Toronto Public Library (TPL) will be using email to communicate with you for all job competitions. It is your responsibility to include an updated email address that is checked daily. As we send time sensitive correspondence, we recommend that you check your email regularly. If no response is received, we will assume you are no longer interested in pursuing the opportunity. Please be advised that a Criminal Record Check may be required of the successful candidate. Should it be determined that any background information provided be misleading, inaccurate or incorrect, Toronto Public Library (TPL) reserves the right to discontinue with the consideration of your application.
We thank all applicants for their interest, however, only those selected for further consideration will be contacted.