RQ08931 - Privacy Impact Assessment (PIA) Specialist - Senior

Job Openings RQ08931 - Privacy Impact Assessment (PIA) Specialist - Senior

Description

NOTE

Assignment Type: This position is currently listed as "Hybrid" and consultants will be required to work onsite at the work location 3 days a week and 2 days from home, or as per schedule agreed to with the Hiring Manager.

Extension/Amendment Attestation: Extension(s) only allowed using unused days/funds left on contract. No additional funds will be added beyond maximum contract value. The Statement of Work (SOW) shall expire on April 3, 2026. HSC may exercise its option(s) to extend a SOW beyond April 3, 2026. Such extension(s) will be allowable only if the Master Service Agreement is extended beyond April 5, 2026 and be upon the same terms, conditions and covenants contained in the SOW.

The resources needed till October 15, 2026 will include an option to extend, at the same rate, until October 15, 2026 if Tender_12075 Managed Service Provider for Contingent IT Resources is also extended for a further one year, else an RFS under the Successor VOR will be issued for the services required April 5, 2026 to October 15, 2026.

==========================================================================

Responsibilities:

• Develop privacy impact assessments of the Ministrys optimization of the provincial Immunization Repository and other provincial repositories and the COVaxON solution (this includes initiatives in support of immunization administration, and vaccine distribution and delivery (inventory).
• Lead and provide technical expertise in the development of access and privacy tools to facilitate the development of I&IT
• requirements, implementation of security mechanisms pertaining to the creation, collection, storage, access, retrieval and disclosure of Personal Health Information (PHI)
• Engage and facilitate privacy related discussions with a wide range of business, IT, legal and privacy stakeholders across the ministry, public health units and Public Health Ontario.
• Examine complex program, policy and information system proposals to assess and document business flow and context; perform stakeholder analysis, public/private partnerships, governance structures and feasibility in terms of the protection of Personal Health Information (PHI) collected and retained
• Support projects to ensure compliance with security and privacy best practices, such as the Personal Health Information Privacy Act (PHIPA) (2004)
• Provide technical and systems advice on legacy systems, internet tools and system interfaces, information, security, technical architecture and data flows to improve protection of Personal Health Information (PHI)
• Provide technical and systems advice on data flows that flow into / originate from the Immunization Repository Optimization Program - Wave 1 & 2 and other relevant provincial repositories and COVaxON solution
• Provide technical and systems advice on data flows to the ministry, Public Health units and other stakeholders
• Develop business processes and procedures that describe information flows associated with new technologies, programs, policies or information systems to illustrate how and by whom Personal Health Information (PHI) will be collected, used, disclosed and retained
• Using system and infrastructure architectures, document physical and/or logical separation of Personal Health Information
• (PHI) or security mechanisms that prevent improper access to Personal Health Information (PHI) or maintain any required separation
• Provide privacy expertise, consultation, and support to project team members, senior management and colleagues in MOH advising on the legislation and regulations, in an effort to resolve potential legal or privacy problems
• Provide analysis and advice to ministries and clusters regarding the Freedom of Information Act (FOI) and privacy implications, privacy and security concepts, of new information technologies and information systems, and assist institutions in documenting their analysis
• Recommend mitigation strategies and privacy enhancing technologies in accordance with Privacy Impact Assessment (PIA) procedures
• Identify, analyze and assess emerging and critical policy issues relating to Freedom of Information (FOI) and Protection of Privacy which may have an impact on PIA methodology
• Formulate policy proposals, recommendations, strategies and options for the project team and Ministry executive to address emerging issues
• Participate and provide PIA feedback on the planning and design of solutions in support of immunization administration and optimization, and vaccine distribution and delivery (inventory).

SkillsExperience and Skill Set Requirements

Public Sector Experience

· 5+ years of experience working with federal/provincial/broader public-sector healthcare providers

• Previous Public Sector experience and familiarity with the privacy and de-identification guidelines set by IPC, Government of Ontario IT Standard (GO-ITS), Public Sector Corporate Policy on Protection of Personal Information, and Public Sector Corporate Policy on Record Keeping
• Knowledge of Public Sector Enterprise Architecture artifacts (or similar), processes and practices, and ability to produce technical documentation that comply with industry standard practices
• In-depth knowledge of industry standard such as Project Management Institute (PMI)
• Knowledge of Public Sector I&IT project management methodologies
• Knowledge and experience with Public Sector or Broader Public-Sector health related projects
• Knowledge and understanding of Ministry policy and IT project approval processes and requirements
• Experience adopting and adhering to Public Sector Unified I&IT Project Methodology, Public Sector Enterprise Architecture and Public Sector Gating process, and Public Sector Standard Systems Development Methodologies
• Experience with large complex IT Health-related projects

· Experience with GO-ITS Digital Health standards, and internal branch standards would be an asset.

5 points

Technical Skills

10+ years of experience in the following:

· Privacy impact assessment methodologies, tools and techniques

· Application of threat and risk analysis principles, program analysis, business analysis

· Understanding of policy development to lead or participate in the development of options and strategies on information management and privacy protection

· Practical knowledge of information technology concepts and processes that impact the protection of personal information (i.e. information management, knowledge management, intellectual property/copyright, information technology and electronic service delivery channels)

· Practical knowledge of broad political, legal, fiscal, social and governance dimensions to ensure that privacy principles, directives, notices and directions are considered in the development of new programs/initiatives

· Managing privacy risks in the collection, use and disclosure of Personal Health Information (PHI)

· Leading end-to-end operational risk assessments, selecting risk methodologies, identifying privacy compliance gaps, priorities, dependencies and redundancies, and recommending process remediation or simplification

50 points

Core Skills and Experience

10+ years of experience in the following:

· Demonstrated experience and competency to resolve complex issues, identify options and make recommendations

· Demonstrated experience and competency to analyze policy proposals to assess / identify I&IT business implications and develop strategic policy planning options and impact analyses for clients

· Demonstrated experience and competency to acquire and apply relevant legislation, regulations and directives to ensure proposed initiatives conform to legislation

· Demonstrated experience and competency to identify and evaluate emerging privacy issues, changes, and trends in current and future that impact government policy directions

· Experience in program analysis/evaluation techniques to assess the impact of proposed, or new/changed policies/fiscal or governance arrangements for new programs

· Demonstrated experience and competency to prepare comprehensive reports, options analyses, briefing materials and presentations and propose responses on privacy issues

· Experience in consultation and negotiation to gain support for policy and program initiatives

· Demonstrated experience and competency to develop effective relationships with senior management and stakeholders

· Strong oral and written communications and principles and methods, to draft papers, reports, options analyses, correspondence, briefing notes, speeches, and materials.

35 points

General Skills

· Demonstrated strong leadership and people management skills

· Exceptional analytical, trouble-shooting, problem solving and decision-making skills

· Demonstrated strong interpersonal, verbal and written communication, and presentation skills

· Proven troubleshooting and critical thinking experience

· Demonstrated ability to apply strong listening skills to facilitate issue resolution

· Effective consulting skills to engage with all stakeholders with proven track record for building strong working relationships

· Strong interpersonal, facilitation and negotiation skills with ability to build rapport with stakeholders and drive negotiations to a successful outcome

· Excellent customer service skills, including tact and diplomacy to ensure client needs are managed effectively

· A motivated, flexible, detail-oriented and creativse team player with perseverance, excellent organization and multi-tasking abilities, and a proven track record for meeting strict deadlines.

10 points

MUST HAVES:

10+ years of experience in the following:

· Privacy impact assessment methodologies, tools and techniques

Application of threat and risk analysis principles, program analysis, business analysis

Experience with large complex IT Health-related projects

· Experience with GO-ITS Digital Health standards, and internal branch standards would be an asset.