Enable job alerts via email!

RQ00248 - Privacy Impact Assessment (PIA) Specialist - Senior

S M Software Solutions Inc

Toronto

Hybrid

CAD 70,000 - 110,000

Full time

8 days ago

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

An established industry player is looking for a Senior Privacy Impact Assessment Specialist to join their team. This role involves conducting privacy impact assessments, ensuring compliance with legal obligations, and developing privacy policies for key IT projects. The ideal candidate will have extensive experience in health privacy, particularly in the context of electronic health records and data sharing agreements. This position offers a unique opportunity to make a significant impact on privacy practices while working in a hybrid environment that fosters collaboration and innovation.

Qualifications

3+ years of health privacy experience with PIAs.
5+ years in operational privacy experience in health/IT sectors.

Responsibilities

Conduct Privacy Impact Assessments and documentation.
Provide privacy consultation on complex health privacy issues.

Skills

Health Privacy Experience

Privacy Impact Assessments (PIAs)

Privacy Policies Development

Data Sharing Agreements

API Management

Familiarity with PHIPA

EMR/HIS Knowledge

Education

University Degree in Health or IT

Graduate Degree in Related Discipline

Tools

MS Project

MS Teams

Job Title:	RQ00248 - Privacy Impact Assessment (PIA) Specialist - Senior	Start Date:	2025-05-22
Client:	Supply Ontario	End Date:	2026-03-31
Work Location:	525 University Avenue, Toronto, Canada	#Business Days:	215.00
Job Type:	Hybrid	Hours per day or Week:	7.25 hours per day (5 Days)

Must Haves:

Minimum of 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexityprojects
Minimum 5 years’ direct operational level privacy experience preferably in a health sector and/or IT environment
Familiarity with Application Programming Interface (API) functionality and management
Minimum 5 years' experience drafting and reviewing privacy requirements for data sharing agreements
Minimum 5 years’ experience developing privacy policies and procedures, requirements, or controls
Familiarity with the Personal Health Information Protection Act (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure, design, and data flows

Description:

Background Information:

The purpose of this procurement of a Senior Privacy (PIA) Specialist is to acquire a contingent resource to act as a dedicated privacy subject matter expert to assist with supporting privacy matters related to a number of key Information Technology projects that include provincial Electronic Health Record (EHR) initiatives, AI Scribe; Homecare; Provincial Viewers, eReferral, Central Intake, etc.
Ontario Health is seeking a Privacy resource to ensure that Ontario Health maintains compliance with its legal and contractual privacy obligations, and builds privacy into the design of projects that involve personal health information (PHI), thus reducing risk for the organization and protecting the trust and privacy of individuals whose PHI we manage.

Responsibilities:

Conducting/Completing Privacy Impact Assessments and associated documentation
Providing Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives
Identify and assess privacy risks, including developing risk mitigation plans
Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
Reviewing and advising on agreements, including data sharing agreements
Developing privacy requirements for new or changing projects
Providing privacy advisory and support to business teams
Other duties as required

Desired Skills:

Demonstrable knowledge ofprojectmanagement; Knowledge and understanding of Project Management’s Institute’s Project Management Body of Knowledge is an asset
Experience working on and delivering multipleprojects
Demonstrated project management software skills and experience e.g. MS Project, MS Teams etc.
University undergraduate or graduate degree in Health, Computer Science, Engineering, Law, Security, or a related discipline from a recognized institution or equivalent experience – desired
Familiarity with Prescribed Entities (PEs) or Prescribed Persons (PP) under the Personal Health Information Protection Act (PHIPA), and their related requirements, is an asset
Familiarity with audit logging and Security Information and Event Management (SIEM) technology is an asset
Familiarity with technical data protection controls and technology such as encryption and tokenization is an asset
Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards is an asset

Required Skills

Minimum 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects.: 20 Points
Minimum 5 years’ direct operational level privacy experience in a health sector and/or IT environment or both.: 20 Points
Minimum 5 years’ experience in developing privacy policies and procedures, requirements, or controls.: 20 Points
Minimum 5 years’ experience drafting and reviewing privacy requirements for data sharing agreements.: 15 Points
Familiarity with the Personal Health Information Protection Act (PHIPA), and requirements related to Health Information Network Provider (HINP) and Electronic Service Provider (ESP).: 10 Points
Familiarity with Application Programming Interface (API) functionality and management.: 7.5 Points
Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure, design, and data flows.: 7.5 Points

Total - 100 Points

Deliverables:

Over the duration of the engagement, the Senior Privacy (PIA) Specialist will support work already in progress, as well as new work on Privacy Impact Assessments;
Work with the project and product teams on risk mitigation of PIA findings as required under PHIPA;
Support work related to update and/or developing new agreements;
Other duties as required. Note that knowledge of current privacy and data protection policy and legislation, especially Ontario’s Personal Health Information Protection Act (PHIPA), will be critical to ensure success.
Conducting/Completing Privacy Impact Assessments and associated documentation
Providing Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives
Developing risk mitigation plans
Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
Reviewing and advising on agreements, including data sharing agreements
Developing privacy requirements for new or changing projects

Notes:

Assignment Type:This position is currently hybrid. The resource under this request will be required to work onsite upon Ontario Health request.
Ontario Health assets including laptops and related equipment cannot be removed from the province of Ontario without prior written approval from Ontario Health.
Location:Fully remote
Public Sector Experience:Preferred
The term of this engagement is 215 business days with an option to extend for 163 days at Ontario Health's discretion.

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.