Privacy Impact Assessment

**Aviso Wealth**:
**The Opportunity**:
This can be a remote role, however for those who would like to come into the office we are at 151 Yonge St, Toronto, ON.

Reporting to Director, Privacy, the PIA Specialist is responsible for helping to enhance Aviso's data privacy framework and implement privacy strategies and processes to support to Aviso's Legal Department and other members of the Company as required. The PIA Specialist will implement industry best practices and solutions to reduce risk and ensure the protection of customer data. The PIA Specialist will leverage their knowledge of privacy law to assist with privacy inquiries from all departments of the organization and will act as an initial point of contact and lead for the management of all Privacy Impact Assessments (PIA’s).

**Who you are**:

- **Service** - You consider both internal and external stakeholders and demonstrate intent of understanding and putting the clients’ needs first. You advocate service excellence and work to deliver solutions that meet the needs. You proactively develop strategic partnerships that allow Aviso Wealth to become a trusted advisor and partner
- **Execution** - You are committed to achieving your goals and to succeed. This includes focusing on “getting things done”, as well as recognizing and taking advantage of opportunities as they arise. You are consistently looking for ways to improve your personal best and see value in continuous improvement. You take accountability for your actions and learn from mistakes
- **Collaboration** - You work collaboratively with others with the common goal of driving positive results. Making meaningful contributions to your team to achieve organizational goals is a priority. You proactively encourage collaboration, build trust and inclusion, and work to establish effective relationships both inside and outside of the organization

**What your day looks like**:
Implement industry best practices and solutions to reduce risk and ensure the protection of customer data. Leverage their knowledge of privacy law and IT skills to conduct complex and technical PIA’s and Privacy Compliance Audits including the involvement of necessary regulatory bodies where applicable.
- Be the central point of contact for all privacy project and vendor related inquiries at Aviso
- Develop and maintain policies, processes, and training as required
- Through comprehensive Privacy Impact Assessments or as a result of incident investigations, evaluate areas of vulnerability and provide directive leadership for the implementation of corrective actions for their resolution.
- Communicate new privacy risks, emerging issues, managing effectiveness and consistency of practices across the organization, assessing compliance and escalation of internal issues or risks
- Ensure Aviso complies with the applicable privacy legislation and amendments
- Promote awareness and an effective privacy compliance culture and provide advice and recommendations
- Lead in the development and implementation of privacy management framework and create tools to manage compliance, incl. policies, process, and training
- Collaborate with all areas of the business to ensure records of processing activities are maintained
- Perform privacy risk assessments & vendor privacy assessments on products and services, building in privacy by design and default
- Create and maintain process for transfer impact assessments
- Develop KPI/KRI and present reports to executives on Privacy Impact Assessments and stats
- Conduct systematic audits for improvement and non-compliance
- Develop new / revisiting privacy policies and processes
- Work with regulatory bodies
- Monitor the industry landscape to identify trends

**Requirements**:
**Your experience and skills**:

- Minimum 5+ years in a privacy related role in a corporate environment or the investment industry
- Comprehensive knowledge of applicable privacy legislation (PIPEDA/Provincial Privacy Laws/Bill C27/Law 25)
- Comprehensive knowledge and understanding of technical and information security concepts
- Experience conducting privacy investigations, compliance reviews, and audits
- Experience in the initiation, development and implementation of new policies, procedures and practices, employing solid project management skills and the organizational “know-how” to get things done through a network of contacts
- Ability to earn trust, maintain positive and professional relationships, and strengthen our culture of inclusion.
- Experience with regulatory matters
- Ability to work independently and in a team setting
- Ability to coordinate work that involve multiple departments
- Innovative and a self-starter with strong analytical, project management, research and documentation skills

Nice to have:

- A degree in law, information technology, business or other related field
- IAPP certifications such as CIPP/C and CIPP/M
- Knowledge of and experience in IT or data governance related field