Job Title: RQ05266 - Privacy Impact Assessment (PIA) Specialist - Senior
Client: Ontario Health
Work Location: Toronto, Ontario, Hybrid
Estimated Start Date: 2023-04-01
Estimated End Date: 2024-03-31
#Business Days: 156.00
Extension: 157.00
Hours per day or Week: 7.25 hours per day
Security Level: CRJMC
Must haves
Business Knowledge
· Extensive knowledge and experience of the Integrated Assessment Record (IAR) and its application specifically in the Community Mental Health & Addictions and other community care sectors
· Demonstrated experience with implementation methodologies and processes related to the community health care sector
Stakeholder Relationship Management
· Superior consultation, negotiation, and consensus building skills to work collaboratively and build consensus with internal and external stakeholders and business partners
· Excellent communication and problem-solving skills, exceptional judgement, political acuity and demonstrated ability to manage expectations and resolve major obstacles and conflicts.
Technical Skills
5+ years of experience as a privacy expert including:
· Managing privacy risks in the collection, use, and disclosure of assessment information within and between HSP's
· Leading end-to-end operational risk assessments, including selecting risk methodologies, identifying privacy compliance gaps, priorities, dependencies and redundancies, and recommending process remediation or simplification implementing information privacy best practices in the operation of healthcare systems containing personal health information
· Developing, implementing and operating information security and privacy risk management programs based on the ISO/IEC 17799/27001/27799 standards, including strategic planning, benefits-driven approaches, performance evaluations and implementation plans
· Implementing information security and privacy best practices, including but not restricted to, risks to the security of data (such as financial information) and risks to the privacy of personal information
· Experience with commonly used business software (e.g. word processing, spreadsheet, database management in order to develop complete systems, user and operations documentation
Description
Deliverables include, but are not limited to:
· Privacy Impact Assessment Specialist (Senior) is required to:
· Conducting security and privacy design reviews, integration methodology, PIA/Threat Risk Assessment and service operations support during patches, bug fixes and issues resolutions
· Provide daily ongoing operational support and Subject Matter Expertise (SME) to operational and business function to ensure ISO/IEC 27001 compliance.
· Provide security expert advice and guidance to Infrastructure and Operations on security technologies, firewalls, VPN, intrusion prevention systems, log correlation, and anti-malware.
· Maintain and update Common Privacy Framework and privacy toolkit for community care sector.
· Provide technical support for IAR, CHRIS (is a web-based application and the core patient care system for the home and community care sector) and Provincial Assessment solutions (is a point of care application that hosts several standardized health care instruments that are used to assess patient needs and develop care plans), managing security and privacy risks including guidance on compliance with privacy legislation and compliance policies and processes.
· Provide security and privacy training to healthcare service provider.
· Continuous improvement of (ISMS) Information Security Management System design, implementation and documenting new information security controls and processes for optimal operational suitability and effectiveness.
· Respond to and identify privacy breaches and security/privacy incidents, develop, and implement remediation plans.
· Assist health service providers with security and privacy practice implementations. The IAR Specialized IT Consultant lead and provide specialized skills and knowledge of common assessment utilized in the Community care sector, the Integrated Assessment Record (IAR), and clinical and business process within the community care sector within Ontario.
Experience and Skill Set Requirements
Business experience
· 5-year experience with the Integrated Assessment Record (IAR) and its application specifically in the community mental health & addictions and other community care sectors - 20%
· 10-year experience implementing methodologies and processes related to the community health care sector - 15%
Stakeholder Management
· Superior consultation, negotiation, and consensus building skills to work collaboratively and build consensus with internal and external stakeholders and business partners - 15%
· Excellent communication and problem-solving skills, exceptional judgement, political acuity and demonstrated ability to manage expectations and resolve major obstacles and conflicts. - 15%
Technical Skills
· 5+ years of experience as a privacy expert - 35%