Manager, Privacy & Security

Department: Information Technology – Peel Memorial Site

Job Description

Reporting to the Director, Cybersecurity, Privacy & HIM, the Privacy Manager is responsible for overseeing the privacy and FOI program at William Osler Health System to ensure all aspects of the program align with the organizational vision, mission and values.

The Privacy Manager provides strategic direction, with support of the Director, Cybersecurity, Privacy and HIM. The Privacy Manager leads the privacy team through the privacy program by establishing highly effective risk management activities, including but not limited to, risk identification as it relates to compliance gaps involving privacy, access and emerging artificial intelligence compliance gaps They are also responsible for actioning appropriate mitigation activities including leading and participating in the development and implementation of appropriate Osler policies, corporate protocols and other internal and external stakeholders to manage risk. s. In addition, this very specialized leader assumes responsibility for the education and enforcement of those protocols and matters of compliance (i.e. industry best practice, legislative requirements, case law and IPC decisions).

The manager is required to provide mentorship to program staff and other stakeholders, both internal and external. This position will help design and facilitate the adoption of good privacy practices by Osler staff and is required to provide leadership support and consultations with both internal and external stakeholders. With the support of the Director, the manager also is responsible for oversight and consistency of privacy inquiries/consultations, and complaints and breaches from the intake stage to complaints and investigations.

Accountabilities:

• Review existing privacy processes, identify gaps and areas of improvements
• Document risks and benefits of implementing new privacy processes and technology
• Environmental scanning of peer organizations and best practices
• Engaging stakeholders on potential changes and identifying operational impacts; communicating benefits and risks
• Monitors legislative changes, IPC orders and court decisions to determine new and emerging practices and operational requirements
• Conducts environmental scans to benchmark Osler’s policies and procedures against peer hospital and other organizations governed under the Personal Health Information Protection Act (PHIPA)/Freedom of Information and Protection Act (FIPPA)
• Analyzes FOI requests, privacy incidents/complaints/inquires/consultations to determine risk and response
• Conducts reviews using appropriate resources on jurisprudence on similar FOI decisions and provides advise and guidance considering current socio-legal climate and other operational risks
• Researches, analyzes and evaluates major complaints and challenges filed with the Ontario IPC
• Negotiates recommendations and strategies for the resolution of complaints and challenges e.g. FOI appeal under investigation
• Provides expertise, functional direction, interpretation and guidance on FOI requests and policy positions to all levels of management, clinical areas, professional staff and operations
• Leads privacy-related projects from inception to successful completion and is capable of effectively coaching staff on appropriate privacy protocols and needs as they implement new processes into the organization
• Effectively manages the Privacy team to ensure that the Osler’s obligations are met with respect to the PHIPA and FIPPA (“Acts’) and that the requirements are responded to and managed within time limits
• Monitors team workload and provides support and direction as needed to ensure staff follows policies, procedures and conventions
• Develops and coaches a team of professionals with the appropriate skills and competencies to meet departmental objectives, and creates a favorable organizational climate such that staff are motivated and committed to deliver to the best of their abilities
• Identify goals and set objectives for team members to drive consistency in operations and build towards professional development
• Provides opportunities for the team to learn from each other, and fosters an environment of professionalism, collegiality and growth.

Qualifications

• 7 years managing a team in privacy, FOI, risk or audit
• Demonstrated expert knowledge of Privacy and Security Statutory, Regulatory Requirements and Standards, including PHIPA, FIPPA, CASL, PHA, RHPA, MHA, ITIL, NIST, CoBIT, ISO/IEC 31000 Series, ISO/IEC 27000 Series
• Expert with Personal Health Information Protection Act (PHIPA), and Freedom of Information and Protection Act (FIPPA)
• Experience in leading people, projects, and application implementations
• Intermediate experience with health information systems
• Intermediate experience in IT infrastructure
• Strong understanding of Windows Operating System and Active Directory
• Strong customer-service orientation
• Excellent written and oral communication skills
• Excellent listening and interpersonal skills
• Able to continually change priorities, managing the throughput of the group, with 25-30 initiatives in process at any given time
• Able to manage stakeholder expectations as priorities change
• Ability to communicate ideas in both technical and user-friendly language
• Highly self-motivated and directed
• Keen attention to detail
• Able to prioritize and execute tasks in a high-pressure environment
• Experience working in a team-oriented, collaborative environment
• Experience in leading large scale, complex change processes, preferably with a privacy focus
• Experience in teaching and education
• Training and experience in quality improvement and people change management principles and methodologies
• Solid understanding of quality and workflow process improvement methodologies and lean principles
• Solid understandings of implementation approaches and change management strategy
• Must demonstrate Osler's Values of Respect, Excellence, Service, Compassion, Innovation and Collaboration

Additional Information

Hours: Monday to Friday (subject to change in accordance with operational requirements) Hybrid: Roles that function remotely, but require essential, regular onsite weekly work.

Salary (Min to Max): $118,716.00 to $148,395.00

How To Apply

To explore this opportunity further in confidence, please submit your application online below.

For further information, please contact Jason Coelho, Consultant, at jason.coelho@odgers.com

We would like to thank all applicants but regret that we are only able to personally contact those individuals whose backgrounds best match the requirements for the role.

 

Diversity, Equity, and Inclusion 

Odgers is deeply committed to diversity, equity, and inclusion in all the work that we do. As part of our efforts to better understand our ability to reach as broad a pool of candidates as possible for our searches, our DEI team would like to encourage you to take a moment and access our Self-Declaration Form.