The Toronto Public Library is the busiest urban public library system in the world. Busier than the New York, Chicago or Los Angeles public libraries. There were over 18 million visits in 2019. That’s more than the Scotiabank Arena, CN Tower, AGO and the ROM combined. Your core mandate revolves around helping to expand access, increase opportunities, and build connections with over 2 million Torontonian's who use the system each year. On average users receive $500 worth of services annually which contributes $1 billion to Toronto’s economy. The salary budget for this role is up to $94,585.40 per year and includes a comprehensive long-term benefits package with an OMERS pension plan plus health, dental, life Insurance and more.
The Enterprise Privacy and Risk Advisor is responsible for providing leadership in, designing. executing, and implementing the enterprise access to information and protection of privacy, records management and risk management programs for Toronto Public Library. This role provides leadership in the strategic, tactical,and operational aspects of the privacy and risk management programs. These programs include the frameworks, policies/procedures, practices, tools and training to ensure legislative compliance, application of best practices, and alignment and support for Toronto Public Library’s (TPL's) mission, vision, values, and strategic directions. TPL's access to information and privacy and risk management programs are foundational to an innovative, accountable, transparent, digitally enabled work and service environment and to maintaining public trust.
- Leads, develops, implements and maintains Toronto Public Library’s enterprise privacy program including the policy, procedures and documentation related to privacy practices, privacy impact assessments, breach protocols, routine disclosure of information and the processing of freedom of information requests in compliance with legislation and leading practices in the public and library sector
- Establishes and works with multidisciplinary stakeholders to ensure enterprise wide application of the privacy discipline to support quality control, enabling consistent and effective privacy protections that minimize risk, and ensure the confidentiality of personal information
- Seeks and applies legal advice on complex and sensitive privacy related matters
- Maintains current awareness of developments in privacy legislation and practices in the public and library sector; understands the implications for public library values and service delivery and recommends appropriate actions
- Advises the organization on privacy best practices, including the application of privacy by design to ensure privacy is embedded into the design and operation of IT systems, networked infrastructure, cloud computing, data management and business practices.
- Advises the organization on privacy matters, consulting with internal resources, external organizations, and liaising with Legal Services as required
- Advises on privacy requirements for RFP’s, responds to RFP questions and contract requirements regarding privacy
- Works to ensure the organization maintains the appropriate privacy and confidentiality consent procedures, authorization forms, and information notices for services and programs
- Leads the privacy impact assessment process, in close collaboration with business stakeholders
- Prepares background reports, briefing memos, presentation materials, devising and updating policies for consideration by senior staff and the Library Board
- Evaluates, develops, and delivers training and education on privacy. Deals with confidential and sensitive information affecting Library operations, assets and resources with good judgement
- Reviews and makes recommendations for the processing and release of information following for formal requests for information
- Leads, develops, implements, and maintains an enterprise records management program that establishes standards, guidelines and practices for the management of information in and throughout its life cycle, from the time of creation or receipt to its eventual disposition
- Ensures record management program is aligned with best practice and in compliance with applicable federal and provincial statutes, regulations and municipal bylaws
- Provides guidance and advice on records management of both physical and electronic records including creation, classification, storage, and disposition
- Provides direction and oversight to integrate records management policies and practices into business processes, and to plan and carry out a wide range of records management activities for the organization
- Develops, maintains, and advises on records retention schedules for the organization, ensuring records management practices are communicated and followed
- Facilitates the conversion and migration of records management to an electronic environment
Enterprise Risk Management:
- Leads, develops, implements and maintains the enterprise risk management program including the policy, procedures and documentation to support the organization in the identification, evaluation, and prioritization of risks to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities
- Ensures risk management program is aligned with City of Toronto, provincial, and federal best practice and activities
- Advises on recommended actions to embed risk mitigation throughout the organization planning and service initiatives
- Coordinates the update to the risk registry, working across the organization with key stakeholders to understand and mitigate current, emerging and longer term risks related in the external and internal environment
- Promotes and provides expertise in the development of risk impact assessments (RIA’s) on services, programs, and other initiatives to drive continuous improvement and risk mitigation
- Coordinates communication and training on the risk management policy, procedures and tools processes in partnership with key stakeholders across the organization and external partners
- University degree in law, policy, or related discipline or a combination of education and professional experience
- Certified Information and Privacy Professional (CIPP) and/or Certified Privacy Manager (CIPM) and/or Canadian Risk Management Designation (CRM) strongly preferred
- Minimum of three (3) years of relevant and progressively responsible experience in the field of privacy and risk advising. A mix of privacy, risk, information management, project management, records management and policy development is ideal
- Demonstrated experience in and awareness of privacy legislation, trends, and outcomes and its application to data and technology
- Experience in leading and conducting privacy impact assessments (PIAs) and/or risk impact assessments (RIAs)
- Familiarity and experience with cloud computing, online services, web and enterprise applications, and data analytics
- Demonstrated interest in national and international privacy legislation and standards, constitutional privacy guarantees, and how they support the values of public library service
- Comprehensive and extensive experience in MFIPPA, including freedom of information requests
- Comprehensive and extensive knowledge of risk management principles, processes, and theory
- Experience advising organizations on risk management and mitigation
- Experience or familiarity with governance, risk and compliance (GRC) tools
- Experience in quantifying and qualifying privacy and security risk and in researching and applying relevant access and privacy requirements and risk mitigation strategies
- Strong leadership skills with a proven ability to take lead on projects and initiatives
- Excellent report writing, communication, presentation skills with the ability to explain privacy and security data analysis results to business people and business processes, challenges and issues to technical people
- Strong interpersonal skills to deal effectively with individuals from multiple disciplines throughout all levels of the organization
- Sound judgment and the ability to handle confidential and sensitive information appropriately
SALARY: The salary budget for this role is up to $94,585.40 per year and includes a comprehensive long-term benefits package with an OMERS pension plan plus health, dental, life Insurance and more.
ABOUT THE TORONTO PUBLIC LIBRARY:
The Toronto Public Library is the busiest urban public library system in the world. Every year, we have millions of users visiting our branches and taking advantage of our online services. We empower Torontonians to thrive in the digital age and global knowledge economy. With expanded access to technology, lifelong learning and diverse cultural and leisure experiences, Torontonians have increased opportunities for growth and success, as well as stronger connections to each other and their communities.
Vision - Toronto Public Library will be recognized as the world's leading library by informing and inspiring Toronto and its communities, making us all more resilient, more knowledgeable, more connected and more successful.
Mission - Toronto Public Library provides free and equitable access to services that meet the changing needs of Torontonians. The Library preserves and promotes universal access to a broad range of human knowledge, experience, information and ideas in a welcoming and supportive environment.
Equity: Accessibility, respect and fairness
Diversity: Valuing individual needs, experiences and differences
Intellectual Freedom: Guaranteeing and facilitating the free exchange of information and ideas in a democratic society, protecting intellectual freedom and respecting individuals' rights to privacy and choice
Innovation: Encouraging creativity, experimentation and the generation of ideas
Inclusion: Welcoming participation in decision making and service development by residents and communities
Integrity: Open, transparent and honest in all our dealings
Accountability: Taking responsibility for our actions and the services we provide
Service Orientation: Providing excellent, responsive services
The Toronto Public Library invites applications from all qualified individuals. The Library is committed to employment equity and diversity in the workplace and welcomes applications from visible minorities, aboriginal people, persons with disabilities, and persons of any sexual orientation or gender identity. Upon request, accommodation will be provided for persons with disabilities through all stages of the recruitment and selection process. COVID-19 vaccines are a requirement of the job unless you have an exemption on a medical ground pursuant to the Ontario Human Rights Code. TPL Posting #21-690
CONTACT: Jeff Richmond email@example.com (416) 238-6400
TO APPLY: Please go to: https://www.nafor.com/tpl or use the links below.
Click here to apply online