Senior Information and Privacy Manager, Compliance Support

The Opportunity

Reporting to the Director, Compliance Support (CS), this role offers a unique opportunity to be at the forefront of the Commissioner’s legislated oversight mandate. Through relationship building, strong leadership and effective investigation and communication skills you will influence and effect changes in the development and implementation of initiatives, programs, policies, goals and proposed legislative schemes in the public, health and private sectors.

This is not an IT position. This position requires someone who is able to apply legislative requirements and information security and privacy principles to ensure compliance with Alberta's privacy and access legislation.

For example, in this role you may:

• review a privacy impact assessment that involves the use of artificial intelligence.
• be involved in the Commissioner's investigation into the adequacy of an organization's security measures to protect personal and health information involved in a privacy breach.
• examine business models and contracts concerning virtual care platforms to determine compliance with health information and private sector privacy legislation.

Responsibilities:

The position’s specific accountabilities include:

• Reviewing the decisions of public bodies, private organizations and health custodians for compliance with applicable legislation;
• Reviewing privacy impact assessments, providing comments and making recommendations;
• Reviewing privacy breaches to ensure compliances with applicable legislations;
• Conducting informal investigations to ensure legislative compliance;
• Issue findings and make recommendations on access and privacy issues;
• Reviewing and comment on initiatives, policies, contracts, procedures and practices of public bodies, custodians, and private sector organizations to support compliance with the Acts;
• Consulting and providing education concerning complex and multi-jurisdictional access and privacy issues; and
• Educating and informing the public and public bodies, custodians and organizations on the Acts.

To be successful in this role, you must have:

• The ability to interpret and apply legislation to specific circumstances, ensuring compliance and providing well-reasoned findings and recommendations;
• Good technical knowledge in information technology and security and be able to apply this in the legislative framework. For example, evaluating compliance of virtual care platforms that collect, use and disclose personal and health information of patients with the applicable legislative frameworks.
• Investigation experience, including the ability to prepare investigative plans, gather evidence, conduct interviews, analyze information, and make finding and recommendations on complex and sensitive issues, preferably in areas related to information access, privacy and security; and
• Experience establishing and building effective relationships with stakeholders.
• Superior interpersonal skills, including the ability to manage conflict, maintain objectivity in politically sensitive or adversarial situations, demonstrate tact and diplomacy and work collaboratively with colleagues.

For a copy of the job description, please visit this link .

For a copy of the full job ad and how to apply, please visit the Job Board website.

University Degree in a related field, supplemented by at least six years of directly progressively responsible related experience, encompassing:

• Interpreting and applying legislation
• Information security and/or privacy compliance reviews
• Research and analysis
• Investigation experience

Assets:

• An Understanding of access and privacy laws and principles, especially in relation to the Freedom of Information and Protection of Privacy Act (FOIP), Health Information Act (HIA), and Personal Information Protection Act (PIPA).
• A professional designation in Information Security such as CISSP, CISA, CISM or related experience.