Senior Manager, Privacy, Risk and Governance

LOCATION: North York Central Library
STATUS: Permanent Full-Time

JOB SUMMARY:
Reporting to the Director, Policy, Planning and Performance Manager, the Senior Manager of Governance, Privacy and Risk is responsible for the privacy, risk and governance portfolios at TPL. This position will work with all TPL divisions and the City Librarian’s Office, providing advice to management and the senior leadership team. The position will take a pro-active approach to matters of privacy, risk and governance. This position will also respond to governance, privacy and risk inquiries both internal and external to advise and resolve issues. The Manager of Privacy, Risk and Governance will be a main point of contact on matters involving privacy and access for many external organizations, including, but not limited to, the City of Toronto, partner organizations, and law enforcement. The Manager will maintain up to date awareness and ensures organizational compliance with privacy legislation, Board governance, external policies, trends and best practices. This position will also lead the Enterprise Risk Management program that includes the maintenance and update of risk registries and completion of risk impact assessments. In addition, the position will be responsible for development TPL’s records management program.

DUTIES:
Privacy

• Manages the privacy program for TPL, strengthening all components and ensuring awareness for all TPL staff and management on privacy matters
• Ensures organizational compliance with the Municipal Freedom of information and Protection of Privacy Act
• Advises management and senior management on matters of privacy, dealing with significantly complex issues involving a high level of confidentiality and sensitivity, including labour relations and human resources matters
• Leads the review of disclosure policies, including updated templates and business processes, and ensuring staff awareness
• Revises TPL’s Privacy Breach protocol and manages privacy breaches coordinating with the cyber security unit and other departments/divisions as required
• Reviews and revises disclosure policies and templates, including training for managers and staff, and communications
• Leads and conducts PIAs for enterprise systems, initiatives, projects, and third party service providers, working with internal and external stakeholders
• Reviews current IT applications for privacy implications/considerations and making actionable suggestions to mitigate risk
• Conducts privacy investigations, consultations and audits
• Assesses, assigns, tracks, reports and prepares responses to Freedom of Information requests made under MFIPPA, in accordance with the legislated deadlines
• Balances the right of access with the protection of personal and other confidential information in accordance with legislation, Regulations and Orders of the Information & Privacy Commissioner, while ensuring that specific provisions of the legislation such as notification requirements are met
• Maintains awareness of and report on trends in the field of privacy and risk, including strategic relationships with external organizations and partners

Risk Management

• Reviews and revises TPL’s Enterprise Risk Management Framework, including the Risk Management Policy, annual risk registry reporting to the Board
• Implementation of the ERMF by embedding risk into strategic and business planning, service development, and capital project initiatives to support risk-informed decision making in all areas of the Library’s operations
• Leads and conducts risk impact assessments , allowing for early identification of organizational impacts, strategic considerations, and risk mitigation strategies

Governance

• Ensures TPL’s Board meetings function in accordance with the Procedural By law, accepted meeting conventions, applicable legislation and alignment with other City Boards
• Identifies key legislative changes/trends that will impact municipal and board governance issues

Partner & Stakeholder Relationship Management

• Organizes and works with multi-disciplinary business and technical teams from across the Library to formulate and execute project plans and tasks according to established project management principles and methodologies
• Cultivates and enhances highly collaborative working relationships & teams through cross portfolio engagement with stakeholders (internal customers, external partners/regulators/vendors and customers, and Management, to enable portfolio and integrated planning
• Manages assigned projects, ensuring effective teamwork and communication, high standards of work quality and organizational performance and continuous learning

People Leadership

• Provides full scope of management responsibilities to a team of function-specific resources, including recruitment, performance management and coaching, and support for, leadership and training opportunities

QUALIFICATIONS:

• Post-graduate university degree in law, policy, information management, information technology, public administration or related discipline or a combination of education and professional experience
• Certified Information and Privacy Professional (CIPP) and/or Certified Privacy Manager (CIPM) strongly preferred
• Canadian Risk Management designation (CRM) strongly preferred
• Minimum of 3 years’ management or leadership experience within the library, municipal, or public sector preferred, including demonstrated expertise supervising and managing staff in a complex and fast-paced environment.
• Minimum of 7 years’ experience working directly with the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) or other related access and privacy legislation and the orders of the Information & Privacy Commissioner governing access and privacy issues
• Extensive experience in and awareness of legislation, trends, and outcomes and their application to data and technology
• Demonstrated experience with governance and Board management; solid understanding of procedural by-laws and meeting conventions
• Demonstrated experience in leading and conducting privacy impact assessments (PIAs) for enterprise or IT systems
• Extensive experience in developing privacy related policies and procedures
• Demonstrated experience developing and implementing a records management program
• Strong interpersonal skills, with proven ability to coach and lead teams and resolve conflicts.
• Strong change management skills with ability to influence and build productive relationships with cross-divisional stakeholders.
• Excellent written and verbal communication and presentation skills; ability to effectively communicate with senior leaders.

SALARY: Grade 8 $122,305.00 - $163,639.00 (2024 Range)

The Toronto Public Library invites applications from all qualified individuals. The Library is committed to employment equity and diversity in the workplace and welcomes applications from visible minorities, aboriginal people, persons with disabilities, and persons of any sexual orientation or gender identity.

Upon request, accommodation will be provided for persons with disabilities through all stages of the recruitment and selection process.