19 Apr
|
Rubicon Path
|
Toronto
19 Apr
Rubicon Path
Toronto
Apply on Kit Job: kitjob.ca/job/2g99my
RQ09375 - Privacy Impact Assessment (PIA) Specialist - Senior Job Openings RQ09375 - Privacy Impact Assessment (PIA) Specialist - Senior
About the job RQ09375 - Privacy Impact Assessment (PIA) Specialist - Senior Description
Develop privacy impact assessments and review recommendations from the privacy impact assessment (PIA) of proposed solution and business processes
Lead and provide technical expertise in the development of access and privacy tools to facilitate the development of implementation key strategy data and digital initiatives, implementation of security mechanisms pertaining to the creation, collection, storage, access, retrieval and disclosure of Personal Health Information (PHI)
Engage and facilitate privacy related discussions with a wide range of business, IT, legal and privacy stakeholders across the ministry, and government agencies.
Examine complex program, policy and information system proposals to assess and document business flow and context; perform stakeholder analysis, public/private partnerships, governance structures and feasibility in terms of the protection of Personal Health Information (PHI) collected and retained
Support projects to ensure compliance with security and privacy best practices, such as the Personal Health Information Privacy Act (PHIPA) (2004)
Provide technical and systems advice on legacy systems, internet tools and system interfaces, information, security, technical architecture and data flows to improve protection of Personal Health Information (PHI)
Provide technical and systems advice on data flows to the ministry, and other stakeholders
Develop business processes and procedures that describe information flows associated with new technologies, programs, policies or information systems to illustrate how and by whom Personal Health Information (PHI) will be collected, used, disclosed and retained
Using system and infrastructure architectures, document physical and/or logical separation of Personal Health Information
Identify, analyze and assess emerging and critical policy issues relating to Freedom of Information (FOI) and Protection of Privacy which may have an impact on PIA methodology
Formulate policy proposals, recommendations, strategies and options for the project team and Ministry executive to address emerging issues
Prepare and present status reports and updates for any relevant steering committees, advisory panels, working groups, or similar governance bodies
Assess existing regulations for potential changes required to support additional initiatives to provide greater access to PHI and determine impacts on existing data sharing/electronic health record (EHR) agreements/privacy frameworks/health information custodian (HIC) models.
Develop and provide change management support and/or communications to support stakeholders with changes related to privacy business processes
Review the recommendations from the privacy impact assessment (PIA) of the proposed solution and business processes
Provide advice to the Ministry as it relates to privacy policy and guidelines
Coordinate across branches and develop communication materials such as briefing notes and presentations
Consult and gather input from specific individuals within the organization on privacy topics either independently or as part of a team
Communicate with technical and business audiences and non-privacy experts
NOTE Extension/Amendment Attestation: Extension(s) only allowed using unused days/funds left on contract. No additional funds will be added beyond the maximum contract value and any extension options included in the original SOW.
Assignment Type: This position is currently listed as "Hybrid" as consultants will be required to work partly in the physical workplace and partly remotely. The details of this arrangement will be at the Hiring Manager's discretion.
Technical Skills (50%)
10+ years of experience in privacy impact assessment methodologies, tools and techniques
10+ years of experience in application of threat and risk analysis principles, program analysis, business analysis
10+ years of experience in understanding of policy development to lead or participate in the development of options and strategies on information management and privacy protection
10+ years of experience in practical knowledge of information technology concepts and processes that impact the protection of personal information (i.e. information management, knowledge management, intellectual property/copyright, information technology and electronic service delivery channels)
10+ years of experience in practical knowledge of broad political, legal, fiscal, social and governance dimensions to ensure that privacy principles, directives, notices and directions are considered in the development of new programs/initiatives
10+ years of experience in managing privacy risks in the collection, use and disclosure of Personal Health Information (PHI)
10+ years of experience in leading end-to-end operational risk assessments, selecting risk methodologies, identifying privacy compliance gaps, priorities, dependencies and redundancies, and recommending process remediation or simplification
Core Skills and Experience (35%)
10+ years of experience in demonstrated experience and competency to resolve complex issues, identify options and make recommendations
10+ years of experience in demonstrated experience and competency to analyze policy proposals to assess / identify I⁢ business implications and develop strategic policy planning options and impact analyses for clients
10+ years of experience in demonstrated experience and competency to acquire and apply relevant legislation, regulations and directives to ensure proposed initiatives conform to legislation
10+ years of experience in demonstrated experience and competency to identify and evaluate emerging privacy issues, changes, and trends in current and future that impact government policy directions
10+ years of experience in program analysis/evaluation techniques to assess the impact of proposed, or new/changed policies/fiscal or governance arrangements for new programs
10+ years of experience in demonstrated experience and competency to prepare comprehensive reports, options analyses, briefing materials and presentations and propose responses on privacy issues
10+ years of experience in consultation and negotiation to gain support for policy and program initiatives
10+ years of experience in demonstrated experience and competency to develop effective relationships with senior management and stakeholders
10+ years of experience in strong oral and written communications and principles and methods, to draft papers, reports, options analyses, correspondence, briefing notes, speeches, and materials.
General Skills Demonstrated strong leadership and people management skills (10%)
Exceptional analytical, trouble‑shooting, problem solving and decision‑making skills
Demonstrated robust interpersonal, verbal and written communication, and presentation skills
Proven troubleshooting and critical thinking experience
Demonstrated ability to apply strong listening skills to facilitate issue resolution
Effective consulting skills to engage with all stakeholders with proven track record for building strong working relationships
Strong interpersonal, facilitation and negotiation skills with ability to build rapport with stakeholders and drive negotiations to a successful outcome
Excellent customer service skills, including tact and diplomacy to ensure client needs are managed effectively
A motivated, flexible, detail‑oriented and creative team player with perseverance, excellent organization and multi‑tasking abilities, and a proven track record for meeting strict deadlines
Public sector Experience (5%)
5+ years of experience working with federal/provincial/broader public‑sector healthcare providers
Previous Public Sector experience and familiarity with the privacy and de‑identification guidelines set by IPC, Government of Ontario IT Standard (GO‑ITS), Public Sector Corporate Policy on Protection of Personal Information, and Public Sector Corporate Policy on Record Keeping
Knowledge of Public Sector Enterprise Architecture artifacts (or similar), processes and practices, and ability to produce technical documentation that comply with industry standard practices
In‑depth knowledge of industry standard such as Project Management Institute (PMI)
Knowledge of Public Sector I⁢ project management methodologies
Knowledge and experience with Public Sector or Broader Public‑Sector health related projects
Knowledge and understanding of Ministry policy and IT project approval processes and requirements
Experience adopting and adhering to Public Sector Unified I⁢ Project Methodology, Public Sector Enterprise Architecture and Public Sector Gating process, and Public Sector Standard Systems Development Methodologies
Experience with large complex IT Health‑related projects
Experience with GO‑ITS Digital Health standards, and internal branch standards would be an asset.
MUST HAVES: 10+ years of experience in the following:
Understanding of policy development to lead or participate in the development of options and strategies on information management and privacy protection
Managing privacy risks in the collection, use and disclosure of Personal Health Information (PHI)
Demonstrated experience and competency to identify and evaluate emerging privacy issues, changes, and trends in current and future that impact government policy directions
Demonstrated experience and competency to prepare comprehensive reports, options analyses, briefing materials and presentations and propose responses on privacy issues
#J-18808-Ljbffr
Apply on Kit Job: kitjob.ca/job/2g99my
📌 Privacy Impact Assessment (PIA) Specialist - Senior (Toronto)
🏢 Rubicon Path
📍 Toronto