Privacy Impact Assessment Specialist

Job title: Privacy Impact Assessment Specialist

Company: isgSearch


Job description: Our client has a 10 month remote contract for the following…Must haves:

• Minimum of 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects
• Minimum 5 years’ direct operational level privacy experience preferably in a health sector and/or IT environment
• Minimum 5 years’ experience drafting and reviewing privacy requirements for data sharing agreements
• Minimum 5 years’ experience developing privacy policies and procedures, requirements, or controls
• Familiarity with the Personal Health Information Protection Act (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
• Familiarity with Application Programming Interface (API) functionality and management
• Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure, design, and data flows

Responsibilities:

• Conducting/Completing Privacy Impact Assessments and associated documentation
• Providing Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives
• Identify and assess privacy risks, including developing risk mitigation plans
• Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
• Reviewing and advising on agreements, including data sharing agreements
• Developing privacy requirements for new or changing projects
• Providing privacy advisory and support to business teams
• Other duties as required

Desired Skills:

• Demonstrable knowledge of project management; Knowledge and understanding of Project Management’s Institute’s Project Management Body of Knowledge is an asset
• Experience working on and delivering multiple projects
• Demonstrated project management software skills and experience e.g. MS Project, MS Teams etc.
• University undergraduate or graduate degree in Health, Computer Science, Engineering, Law, Security, or a related discipline from a recognized institution or equivalent experience – desired
• Familiarity with Prescribed Entities (PEs) or Prescribed Persons (PP) under the Personal Health Information Protection Act (PHIPA), and their related requirements, is an asset
• Familiarity with audit logging and Security Information and Event Management (SIEM) technology is an asset
• Familiarity with technical data protection controls and technology such as encryption and tokenization is an asset
• Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards is an asset

Required Skills: * Minimum 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects.: 20 Points

• Minimum 5 years’ direct operational level privacy experience in a health sector and/or IT environment or both.: 20 Points
• Minimum 5 years’ experience in developing privacy policies and procedures, requirements, or controls.: 20 Points
• Minimum 5 years’ experience drafting and reviewing privacy requirements for data sharing agreements.: 15 Points
• Familiarity with the Personal Health Information Protection Act (PHIPA), and requirements related to Health Information Network Provider (HINP) and Electronic Service Provider (ESP).: 10 Points
• Familiarity with Application Programming Interface (API) functionality and management.: 7.5 Points
• Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure, design, and data flows.: 7.5 Points

Total Capabilities Criteria: 100 PointsDeliverables:

• Over the duration of the engagement, the Senior Privacy (PIA) Specialist will support work already in progress, as well as new work on Privacy Impact Assessments;
• Work with the project and product teams on risk mitigation of PIA findings as required under PHIPA;
• Support work related to update and/or developing new agreements;
• Other duties as required. Note that knowledge of current privacy and data protection policy and legislation, especially Ontario’s Personal Health Information Protection Act (PHIPA), will be critical to ensure success.
• Conducting/Completing Privacy Impact Assessments and associated documentation
• Providing Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives
• Developing risk mitigation plans
• Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
• Reviewing and advising on agreements, including data sharing agreements
• Developing privacy requirements for new or changing projects

Expected salary:

Location: Toronto, ON

Job date: Fri, 09 May 2025 00:45:56 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck