Privacy Lead

90 Sheppard Ave E, North York, ON M2N 3A1, Canada

Posted Wednesday, February 11, 2026 at 5:00 AM | Expires Thursday, February 19, 2026 at 4:59 AM

Employment Type:

Permanent, Full-Time

Existing Vacancy:

Yes

Division/Branch:

Information and Information Technology Division / Enterprise Data and Analytics Branch

Final date to receive applications:

February 18, 2026

Pay Range:

$103,518 to $129,393

Work Location:

Head Office, Toronto, ON ; (In-Office)

The Alcohol and Gaming Commission of Ontario (AGCO) is an agency where innovation thrives, ideas flourish, and passion drives us to new heights of excellence. Reporting to the Ministry of the Attorney General, the AGCO is responsible for regulating Ontario’s vibrant alcohol, gaming, horse racing, and private retail cannabis sectors in accordance with the principles of honesty and integrity, and in the public interest.

The Privacy Lead is a key contributor to the Alcohol and Gaming Commission of Ontario (AGCO), providing expert guidance and leadership in the development, implementation, and maintenance of privacy programs, policies, and procedures. The role requires a creative and strategic thinker who can navigate complex privacy and data governance challenges, thoughtfully balance diverse perspectives, and help drive initiatives forward with clarity and purpose.

Reporting to the Senior Manager, Data Governance & Information Management, the Privacy Lead will support the organization in embedding a culture of privacy, proactively managing privacy risks, and integrating privacy considerations into programs, systems, and business processes, while ensuring compliance with applicable legislation, frameworks, and standards.

• Lead AGCO’s privacy maturity assessment process, evaluating the privacy management program, reporting on progress, conducting self‑assessments to identify areas for improvement, and collaborating with stakeholders to achieve an appropriate maturity level for managing personal information.
• Establish and maintain a Privacy Risk Management process, including identifying and assessing risks, maintaining a risk register, documenting mitigation activities, and assigning ownership. Incorporate outcomes from privacy breaches, audit findings, and other compliance initiatives into the risk register.
• Provide expertise in Privacy Impact Assessments (PIAs) and the integration of “Privacy by Design” principles into system and program design. Conduct PIAs on new technology systems, policies, and programs, collaborating with stakeholders, developing supporting artifacts (e.g., data flow diagrams, inventories), and advising on risk mitigation strategies.
• Develop, recommend, and communicate privacy policies, standards, and data governance protocols for the management and protection of personal information, including identification and sensitivity classification. Ensure alignment with AGCO’s enterprise data and information governance program.
• Consult and collaborate with internal and external stakeholders, including the Ministry of the Attorney General, the Archivist of Ontario / Chief Privacy Officer, and the Information and Privacy Commissioner, to ensure policy consistency, provide guidance, and obtain feedback on privacy initiatives.
• Collaborate with IT, Cybersecurity, Internal Audit, Enterprise Risk Management, Legal, and other business areas on privacy breach responses and implementation of audit recommendations.
• Conduct investigations of privacy complaints and breaches, providing guidance and recommending resolution strategies. Coordinate with the Ministry FIPPA Coordinator and Information Privacy Commissioner as needed.
• Analyze and interpret complex access and privacy issues, provide expert advice on information sharing agreements, data analytics, reporting, and decision‑making, ensuring compliance with FIPPA and other applicable legislation.

• University degree in a relevant field, such as Public Administration, Information Science, or equivalent experience.
• Minimum of 7 years of practical experience in data governance and information management, with at least 1–2 years of focused experience in privacy programs, privacy risk…