Senior Privacy Impact Assessment Specialist

This role involves acting as a dedicated privacy subject matter expert, assisting with privacy matters related to home and community care, including Ontario Health Team (OHT) deployment. The Senior Privacy Impact Assessment Specialist will ensure compliance with legal and contractual privacy obligations, build privacy into project design involving personal health information (PHI), and reduce organizational risk while protecting individual privacy. This position requires significant experience in conducting privacy impact assessments (PIAs), developing privacy policies, and advising business teams on privacy matters.

Responsibilities :

• Develop privacy policies and procedures.
• Conduct privacy impact assessments for medium to high complexity initiatives and / or implement mitigation activities based on PIA recommendations.
• Identify and assess privacy risks.
• Provide privacy advisory and support to business teams.
• Lead and / or participate in Ontario Health, regional, or provincial committees or project teams as the privacy Subject Matter Expert (SME).
• Identify privacy requirements.
• Develop strong relationships with internal and external stakeholders to foster a culture of privacy.
• Respond to and provide advice and legislative interpretation for information and access requests, consent management requests, complaints, inquiries, appeals, and privacy issues under PHIPA.
• Support privacy program projects and activities to improve the efficiency and effectiveness of the Privacy Office.
• Other duties as required.

Required Skills & Certifications :

• Minimum of 3 years' health privacy experience conducting PIAs on medium to high complexity projects.
• Minimum 5 years' direct operational level privacy experience, preferably in a health sector and / or IT environment.
• Minimum 5 years' experience drafting and reviewing privacy requirements for data sharing agreements.
• Minimum 5 years' experience developing privacy policies and procedures, requirements, or controls.
• Familiarity with the Personal Health Information Protection Act (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP).

Preferred Skills & Certifications :

• Completion of a university undergraduate or master's degree in health, policy, IT, security, law, or a related discipline.
• Demonstrated knowledge and experience of access and privacy requirements and practices, preferably related to the health and public sectors.
• Excellent knowledge of privacy and security concepts, trends, and issues, including their impact on business processes, and skill in interpreting and communicating principles and compliance requirements.
• Knowledge and ability to interpret Ontario's Personal Health Information Protection Act, 2004 (PHIPA).
• Knowledge and ability to interpret Ontario's Freedom of Information and Protection of Privacy Act (FIPPA).
• Analytical skills to understand current and future access and privacy implications of policies, decisions, and business initiatives.
• Experience with conducting and / or providing oversight for PIAs, including developing privacy requirements, risk mitigation plans, corporate policies, and developing and / or delivering training content.
• Working knowledge of digital health technologies and information security industry standards.
• Ability to excel in a fast-paced and project-focused environment.
• Exceptional analytic and creative problem-solving abilities.
• Good understanding of related disciplines such as IT system design, policy development (privacy or security), business architecture, legal processes, Freedom of Information administration, business analysis, risk management, and project management.
• Knowledge of Information Technology concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture, and data flows.
• Excellent communication skills (verbal and written), and strong stakeholder engagement skills.
• Time management skills, with the ability to manage tight deadlines and prioritize multiple projects.

Special Considerations :

• None specified.

Scheduling :

• Not specified.