Organization: Information and Privacy Commissioner of Ontario
Division: Strategic Initiatives and External Relations Division
Position Title: Technology Policy Analyst Student
Duration: 18 weeks between May and September
Location: 2 Bloor Street East, Toronto, Ontario
Salary: $26.92/hr. - $29.00/hr.
Position Status: Open

AVAILABLE POSITION:

The Strategic Initiatives and External Relations Division is seeking motivated and talented individual for the role of Technology Policy Analyst Student in the Technology Policy Department.

HOW DO I QUALIFY?

Preference will be given to post-secondary students enrolled in a discipline relevant to policy and/or information management.

JOB REQUIREMENTS:

• At minimum, the third year of a bachelor’s degree or equivalent in a relevant field such as computer science, political science, sociology, or criminology or a related field.
• It is preferred that the student has elective courses that cover one of the activities they may work on (e.g., in penetration testing or application security or network research, cybersecurity, artificial intelligence, etc.) or have completed a major term paper on a related topic. Demonstrated research capability is highly desired.
• Demonstrated interest in contemporary access, privacy, and/or security issues, particularly in relation to technology and its impacts.
• Research and analytical skills to seek out, evaluate and synthesize relevant information.
• Written and verbal communication skills to effectively summarize, document and share findings.
• Strong organizational and coordination skills to reliably meet objectives and deadlines.
• Interpersonal skills, including a professional, collaborative manner and good judgment.
• Strong computer skills, with proficiency in MS Office programs.

In this role you will work under the direction of the Technology Policy department to support the delivery of projects. Activities may include:

• Cybersecurity policy work that involves assessing the laws and regulations that governments have passed to strengthen government, and private sector, cybersecurity protections. The outcome of this could be a report that includes specific recommendations concerning the measures the IPC should make concerning the Ontario government’s cybersecurity regulations and policies.
• Cybersecurity technical research on the current tools, software, and systems that are used to perform a penetration test. The outcome of this could be to deliver a report that covers the tools involved in different phases of the process (i.e. information gathering, reconnaissance, discovery and scanning, vulnerability assessments, exploitation, and final analysis and review), the technical specifications and features of relevant tools, and analysis or recommendations regarding the tools.
• Cybersecurity policy or technical research that assesses trends and threats that have emerged over the past 2 years, and forecasts future threats that adversaries may deploy to illegitimately access or affect Ontarians’ personal information. The outcome of this could be a brief or presentation scoping out the recent history, emerging trendlines, and activities that the IPC should undertake to encourage organizations to best protect themselves from cyber threats.
• Artificial Intelligence policy work that involves tracking and monitoring the emerging key AI and generative AI events that occur slightly before and during your time with the IPC. The outcome of this could be a brief that summarizes key activities, along with emerging areas that the IPC should be focused on in the coming months and year.
• Artificial Intelligence technical or policy work that examines the privacy, access, and bias or discrimination-based implications of different AI technologies (e.g., contemporary biometrics, speech-to-text, automated semantic classification, etc). The outcome of this could be a report that unpacks given technologies, their privacy and access and bias or discrimination implications, and any relevant recommendations to ameliorate these harms.
• Identity management policy work that focuses on different ways that standards bodies and/or governments are developing or implementing digital identification systems or technologies. The outcome of this could be a report or presentation summarizing research and technical privacy concerns associated with different systems or technologies.
• Emerging technology policy or technical work that considers future technologies and activities that regulators should undertake to prepare for them. Technologies could include automated mobile phone assessment devices, quantum computing, next-generation law enforcement technologies, or emerging risks to anonymization or encryption technologies. The outcome of this work could be a report or presentation summarizing the research, its implications, and recommendations for future activities.

Your work may additionally include some or all of the following types of activities in support of the policy team.

• Conduct research, perform analysis and synthesize information and data relating to a range of technology policy issues and initiatives.
• Support the development of summaries, options, or recommendations.
• Organize and categorize internal files and information.
• Coordinate, draft or edit written documents and presentations.
• Organize and schedule activities for the Policy Department.