Metrolinx is connecting communities across the Greater Golden Horseshoe. Metrolinx operates GO Transit and UP Express, as well as the PRESTO fare payment system. We are also building new and improved rapid transit, including GO Expansion, Light Rail Transit routes, and major expansions to Toronto’s subway system, to get people where they need to go, better, faster and easier. Metrolinx is an agency of the Government of Ontario.   At Metrolinx, equity, diversity and inclusion are essential to living our values of serving with passion, thinking forward and playing as a team.  

Our Legal and Commercial Corporate Services Division is looking for a Senior Privacy Advisor to support our Privacy Office.  Under the direction of the Director, Privacy Program, the successful candidate will support legislative compliance and privacy best practices within Metrolinx, with a focus on enabling privacy by design across AI and technology initiatives within a complex public sector environment. This role requires demonstrated experience with emerging technologies, including the ability to understand technical requirements, assess evolving privacy risks and ensure compliance with FIPPA and other applicable directives while enabling responsible innovation. The successful candidate will provide practical, risk-informed guidance to support privacy by design and uphold public trust in the delivery of digital services.

The successful candidate is a self starter and will support initiatives in an agile capacity as a Privacy Subject Matter Expert on AI and emerging technology projects across several business areas such as Transit Safety, PRESTO, Customer Experience, Information Technology, and Marketing.   In-Office Requirement – NON-HR: This role is an in‑office position based at our 97 Front Street location. Our team is highly collaborative, and much of our work benefits from in‑person co‑creation, relationship‑building, and hands‑on partnership with leaders across the organization. 

What will I be doing?

• Promote interpretation, and compliance with legislative requirements of the Freedom of Information and Protection of Privacy Act (FIPPA), and guidance from Ontario's Information and Privacy Commissioner.

• Promote the development of privacy best practices above and beyond FIPPA and related legislative requirements, including requirements of the private-sector Personal Information Protection and Electronic Documents Act (PIPEDA), guidance from the Federal Office of the Privacy Commissioner of Canada, guidance from the Ontario Public Service and related directives, and industry best practices.

• Maintain current knowledge of the application of privacy legislation and regulations and industry changes and anticipate the impact on privacy issues to organizational/corporate practices.

• As privacy subject matter expert, provide support to Metrolinx departments and project team members to ensure compliance with Metrolinx privacy policies, legislative and contractual obligations, and support standards and methodologies and implementation of best practices on an on-going basis.

• Model Metrolinx’ s values and core competences, especially in dealings with external partners, and in the handling of personal and confidential information.

• Support the privacy program governance framework under the leadership of the Director, Privacy Program.

• Implement strategic privacy projects, including policies, best practices, and risk mitigation strategies across our departments.

• Work effectively with other data governance partners such as AI Governance, Security, Records Management, and others to ensure a fulsome review and assessment of projects assigned.

• Monitor and conduct privacy research activities to identify and assess jurisdictional/private sector and industry best practices, risks and impacts related to program delivery, to inform and enhance the effectiveness of Metrolinx's privacy policy, legal commitments, and program delivery.

• Identify contentious issues, monitor changes to best practices and legal requirements, brief staff and senior management, and implement revisions/mitigation strategies.

• Identify and assess privacy risks and provide advisory and consultative support to risk owners to develop appropriate mitigation plans. Conduct post-implementation analysis and reviews to ensure recommendations have been implemented.

• Investigate privacy incidents to identify privacy breaches and support response plans through all phases of the incident response process, including privacy analysis, root cause analysis, development of mitigation strategies, and reviewing associated communications and reporting.

• Lead investigations and respond to privacy inquiries, privacy complaints and breach incidents, and act as the primary contact for Ontario's Information and Privacy Commissioner; log follow-up activities and resolutions and provide advice to staff and senior management.

• Review, propose, and coordinate appropriate action plans to address findings of privacy audits and monitoring, in collaboration with Internal Audit and departments.

• Ensure assigned risks are added to the Enterprise Risk Register and monitor to ensure compliance with risk mitigation plans and associated timelines.

 

What Skills and Qualifications Do I Need?

• Completion of a degree in Public Policy, Computer Engineering, Information Management, Information Technology, or related field – or a combination of education, training and experience deemed equivalent.

• Demonstrated experience/training in providing technical advice in connection with emerging technologies, including an ability to understand technical requirements, assess evolving privacy risks and ensure legislative compliance while enabling responsible innovation.

• Knowledge of and ability to interpret and apply legislation and government regulations guiding privacy protection and access to information (e.g. Freedom of Information and Protection of Privacy Act (FIPPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL).

• Experience assessing privacy compliance for new programs, information systems, or services, ideally in a public sector environment.

• Experience preparing a range of written materials, documentation, reports, briefing notes, training materials; brief senior management and staff on a range of privacy issues/matters; provide information/documentation to the IPC.

• Strong interpersonal skills, with a sense of political acuity and the ability to present complex facts, information and explanations to different audiences including, matters brought before Ontario's Information and Privacy Commissioner and senior management.

• Collaboration and relationship management skills to demonstrate aptitude for building trusted relationships and a reputation for sound judgement and pragmatism with internal clients and partners. Ability to work effectively and in partnership with colleagues, diverse teams (including legal counsel and information technology, internal audit, and risk professionals) and partners to build consensus and influence decisions; foster a culture of information privacy awareness.

• Knowledge of data digitization, data mining, information flow and security concepts, to review and advise on the agreement of our technology/information management/security projects/plans to privacy practices and legislative compliance requirements.

• Any relevant designations from IAPP such as CIPT/C, CIPP/C, AIGP, are an asset.

 

Don’t Meet Every Requirement?  If you’re excited about working with Metrolinx but your past experience doesn’t quite align with every qualification of this posting, we encourage you to apply. You just might be the right candidate for this or other roles. We are always looking for great talent to join our team.

  We invite all interested individuals to apply and encourage applications from members of equity-deserving communities, including those who identify as Indigenous, Black, racialized, women, people with disabilities, and people with diverse gender identities, expressions and sexual orientations.

  Accommodation: We value the unique skills and experiences each person brings to Metrolinx and are committed to creating and maintaining an inclusive and accessible environment. We are committed to the requirements of the Accessibility for Ontarians with Disabilities Act and other applicable legislation so if you require accommodation during the hiring process, please let our Recruitment team know by contacting us at: 416-202-5601 or email hr.recruitment@metrolinx.com.

  Application Process: All applicants must be legally entitled to work in Canada. Metrolinx will be using email to communicate with you for all job competitions. It is your responsibility to include an updated email address that is checked daily and accepts emails from unknown users. As we send time-sensitive correspondence, we recommend that you check your email regularly. If no response is received, we will assume you are no longer interested in pursuing the opportunity. Please be advised that a Criminal Record Check may be required of the successful candidate. 

  For Internal applicants, with the recent implementation of the Internal Mobility Policy, the internal recruitment process has changed for non-union roles. Candidates must be in their current role for 12 months prior to applying for another role and each applicant must be in good standing (not participating in a Performance Improvement Plan). Please review all provisions of the policy [https://metrolinx.sharepoint.com/sites/MyLinx-Policy/Manuals/Forms/AllItems.aspx?id=/sites/MyLinx-Policy/Manuals/HR Policies by name/HR-0202-17 Internal Career Mobility Policy.pdf&parent=/sites/MyLinx-Policy/Manuals/HR Policies by name] before submitting your application.

  Should it be determined that any background information provided is misleading, inaccurate or incorrect, Metrolinx reserves the right to discontinue with the consideration of your application.

  We thank all applicants for their interest, however, only those selected for further consideration will be contacted.

  WE ARE AN EQUITABLE AND INCLUSIVE EMPLOYER.

#LI-MM3 and #LI-Onsite