Privacy Officer

Deadline: Nov 30, 2017 by 4:30 PM CST
Location: Sioux Lookout
Commitment: One-Year Term

The Privacy Officer will coordinate and manage the organization's privacy initiatives including the development, maintenance and implementation of policies, procedures and standards pertaining to privacy and data security that is reflective of current organizational practices and in compliance with legislative requirements. This individual shall continually monitor organizational activities and will conduct regularly scheduled risk assessments to ensure compliance to privacy and data security requirements, investigating and resolving all potential violations. The Privacy Officer shall also act as a key resource and subject matter expert pertaining to privacy and data security issues and concerns providing information, interpretation and education as required.

QUALIFICATIONS

  • Bachelor’s degree is required
  • Completed or working towards an AAPP/CAPP designation is strongly preferred
  • OCAP Certification required  (or willingness to complete within 3 months of hire) and experience putting the principles of OCAP into practice
  • Minimum 3 years of experience with health privacy
  • Experience working with electronic information systems and their privacy controls, including OSCAR, CIMS, Mustimuhw, FNHIS, EHIS, IntelliHealth, etc.
  • Demonstrated expert knowledge of and practice in current federal and provincial privacy and freedom of information legislation and requirements
  • Strong understanding of privacy frameworks, principles, and compliance programs
  • Previous auditing and risk assessment experience considered an asset
  • Demonstrated strategic and analytical thinker
  • Ability to take difficult or unpopular positions when necessary to protect the organization
  • Self-starter with the ability to work with minimal supervision or in a team setting as required
  • Excellent verbal and written communication skills including the ability to write reports, develop presentations and conduct training sessions
  • Ability to communicate to all levels of the organization tactfully and professionally
  • Proficiency utilizing various Microsoft applications
  • Strong attention to detail
  • Ability to prioritize effectively and balance multiple projects simultaneously

Responsibilities

  • Direct and manage the organization's privacy efforts to ensure compliance to privacy policies and procedures as well as governing provincial and federal legislation. Continuously enforce the organization's privacy standards to all levels of the organization
  • Reviews and updates privacy policies, procedures, and training materials on a regular basis
  • In conjunction with Human Resources, ensures all staff have signed the Oath of Confidentiality upon hire
  • Develop, implement, and monitor annual privacy training to staff
  • In conjunction with Human Resources, maintains a record of staff privacy training
  • Responds to privacy inquiries and complaints according to process and timelines outlined in SLFNHA Privacy Policies
  • Responds to access and correction requests according to process and timelines outlined in SLFNHA Privacy Policies
  • Manages consent directives
  • In conjunction with program managers, conducts Privacy Impact Assessments of new programs and services
  • Conducts regular Privacy Impact Assessments
  • Develops and implements risk remediation activities in response to Privacy Impact Assessments and/or identified privacy risks
  • Conduct ongoing compliance monitoring activities and regularly scheduled audits of the organization's services, systems and computer networks to ensure compliance to privacy and data security accountabilities, promptly responding to and resolving detected offences with appropriate corrective action
  • Manages and documents breach responses in a timely manner
  • Responds to questions and concerns regarding privacy from managers and staff
  • Ensures necessary documentation and communication materials are created, updated, and maintained in compliance with SLFNHA Privacy Policies and federal and provincial legislation
  • Monitor legislative updates and revisions pertaining to privacy and data security incorporating new requirements as appropriate
  • Provide coordination of all corporate activities to ensure compliance with legislated and organizational requirements and to assess possible privacy implications
  • Develop and deliver corporate privacy and data security reports as required
  • Develop and execute short and long term privacy goals to ensure the organization's privacy initiatives continuously evolve
  • Provides guidance, training, and mentorship to communities regarding the development, implementation, and enforcement of privacy framework and infrastructure, as requested
  • Support communities in the development of relevant privacy tools, as requested
  • Other duties as required.