Becomes familiar with and keeps up to date with the customer data protection provisions of Hydro One’s distribution and transmission licences and any other documents issued by the Ontario Energy Board in relation thereto.
Works with the Privacy Officer and/or one of the department’s lawyers to establish and sustain an organization-wide, centralized privacy program.
Is responsible for the efficient daily operation and administration of the Privacy Program and the provision of privacy compliance services to staff.
Maintains and provides any required updates to Hydro One’s Privacy Code and the privacy portion of Hydro One’s Conditions of Service document.
Maintains and updates as required or appropriate and as requested by the Province officer, Hydro One’s Privacy Page on Hydro One’s intranet and external website.
Serves as Hydro One’s expert privacy witness as needed for litigation and administrative proceedings.
Monitors compliance with Hydro One’s Privacy Code and other privacy-related and customer data protection policies and procedures and provides advice and guidance to the Privacy Officer, senior management and all LOBs regarding strengths and weaknesses of privacy controls.
Implements additional privacy controls as required to ensure a corporate-wide privacy compliance culture.
As the subject matter expert for privacy and customer data protection, provides consultation and advisory services to all LOBs pertaining to privacy-related policies, practices and processes.
Fosters a data protection culture within Hydro One and implements essential elements of Hydro One’s organization-wide privacy program.
Serves as a privacy subject matter expert with a focus on the protection of personal information and customer information having regard to compliance with federal privacy legislation and the customer information and privacy requirements of the Ontario Energy Board.
Recommends to the Privacy Officer improvements to Hydro One’s Privacy Program through audit of the Program quality, controls and user practices.
identifies specific problem areas and implements appropriate corrective actions as approved by the Privacy Officer.
Provides guidance and assistance with the identification, development, implementation and maintenance of privacy and customer information policies, procedures and other documents in co-ordination with the Privacy Officer, management, LOBs, and the legal department.
Evaluates, monitors and assesses the ongoing adequacy of Hydro One’s privacy and customer information polices, standards, processes, tools, training and communications.
Makes changes and improvements to the foregoing documents as required and in accordance with statutory requirements and best practices.
Conducts privacy impact assessments on data holdings, systems, processes and third parties and creates formal reports pertaining to risk assessment findings.
Will also be responsible for performing ongoing compliance monitoring activities which may or may not be performed in co-ordination with other operational assessment functions.
Plans and conducts privacy audits to ensure compliance with Hydro One’s privacy and customer information handling policies and procedures and applicable legal and regulatory requirements.
Privacy audits may be performed in conjunction with Hydro One’s Audit department.
Monitors and reviews security audits (internal and 3rd party) and provides advice and guidance as necessary.
Communicates regularly with project managers, project teams and representatives from all lines of business (LOBs) and various functional areas, including escalating any matters that require additional analysis to the Privacy Officer.
Identifies and manages privacy risks in day-to-day operations, including within new and existing projects and programs.
Develops and delivers varying degrees of privacy training and orientation to all employees, contractors and third parties (as required) using a variety of delivery methods.
Promotesa culture of privacy awareness and risk management across the organization.
Investigates, documents and responds to any privacy incidents and complaints in accordance with Hydro One’s procedures and applicable privacy laws, regulations and guidelines.
Administers and coordinates the privacy breach response plan process and privacy breach reporting process.
Supports and provides consultation to LOBs.
Responsible for providing privacy incident/privacy breach case management e.g.
overseeing and directing the privacy breach incident management and escalation processes and procedures.
In the event of any privacy breach:
(a) guides the LOBs through Hydro One’s Privacy Breach Response Plan to assist them in collecting and submitting the required information.
(b) completes and submit to privacy breach report forms to the Privacy Officer for review and sign-off prior to submission to Privacy Commissioner’s office.
Works with Hydro One’s Regulatory Affairs department and relevant LOBs to collect information about, and work through required fact-finding and required documentation for reporting any customer data breach to the Ontario Energy Board.
Responsible for developing and maintaining a database of privacy breaches in compliance with applicable privacy laws, regulations and guidelines.
Keeps current on privacy trends and best practices and all guidelines and other documents issued by the federal Privacy Commissioner.
Conducts privacy research as may be required by the Privacy Officer or the LOBs.
Acts as the main liaison with, Information Solutions Division (ISD) in assessing and addressing privacy risks for ISD projects.
Performs other duties as may be assigned by the scope of this position.
Knowledge, Skills and Abilities Required:
Minimum five years of professional work experience in the field of privacy, data protection and risk management for an organization of comparable size and scope of operations to Hydro One.
Master’s or bachelor’s degree from an accredited college or university.
Possesses academic credential in information technology, security or internal audits (strongly preferred).
Professional privacy and/or security qualifications preferred (e.g. CIPP, CISSP).
Demonstrated experience, knowledge and command of Canadian privacy laws, regulations and best practices, privacy and security risk assessment and best practices especially with regard to evolving technology (mobile, cloud, etc.), privacy certification/seals, information security standards and certifications.
Experience with risk assessment/management and compliance, including, experience performing assessments around application, security and privacy controls (e.g. technical, organizational, procedural).
Ability to manage multiple processes and projects at once.
Superior analytic, interpersonal and communication skills.
Ability to work creatively and analytically in a problem- solving environment taking business problems, existing processes and technology and translate these into service and process requirements.
Demonstrated aptitude for developing working relationships with a broad range of professionals and stakeholders at multiple levels.
Ability to handle information and business affairs with secrecy and confidentiality as appropriate.
Knowledge of the energy sector would be an asset.
Knowledge of Hydro One’s organization.
If you share our passion for safety, our customer service focus, and are ready to play a lead role in building a bright future, we would love to hear from you!
Thank you for considering this opportunity and we welcome applications from all qualified candidates. If you are being considered for an interview or other assessment one of our Recruitment Consultants will be in touch. Furthermore, if you are being considered for an interview and require special accommodations please let us know. Finally, short-listed candidates will be asked to pass a reliability check (which could include criminal background check, driver’s license abstract, education verification, etc.) prior being offered a job at Hydro One.
Deadline: February 26, 2019
In the event you are experiencing difficulties applying to this job please consult our help page here.