Lead, Privacy

At Ontario Health, we are committed to developing a strong organizational culture that connects and inspires all team members across the province. Our vision is that together, we will be a leader in health and wellness for all. Our mission is to connect the health system to drive improved and equitable health outcomes, experiences and value. How we work together is reflected through our five values: integrity, inspiration, tenacity, humility and care.

• Fully paid medical, dental and vision coverage from your first day

• a health care spending account

• a premium defined benefit pension plan

• three personal days and two float days annually

• three weeks' vacation to start (for individual contributors), increasing to four weeks after two years

• career development opportunities

• a collaborative values-based team culture

• a wellness program

• a hybrid working model

• participation in Communities of Inclusion

Want to make a difference in your career? Consider this opportunity.

At Ontario Health, we are committed to developing a strong organizational culture that connects and inspires all team members across the province. Our vision is that together, we will be a leader in health and wellness for all. Our mission is to connect the health system to drive improved and equitable health outcomes, experiences and value. How we work together is reflected through our five values: integrity, inspiration, tenacity, humility and care.

What Ontario Health offers:

Achieving your career goals is a priority to us. Benefits of working at Ontario Health may include the following based on employment type:

· Fully paid medical, dental and vision coverage from your first day

· Health care spending account

· Premium defined benefit pension plan

· 3 personal days and 2 float days annually

· Individual contributors start at 3 weeks' vacation, and 4 weeks at 2 yrs.

· Career development opportunities

· A collaborative values-based team culture

· Wellness programs

· A hybrid working model

· Participation in Communities of Inclusion

Want to make a difference in your career? Consider this opportunity.

Here is what you will be doing:

Reporting to the Manager, Privacy, the Privacy Lead is responsible for the continued development, operation and execution of the privacy program for Ontario Health's Trillium Gift of Life Network (TGLN) business unit that ensures full harmonization and compliance with Ontario Health's enterprise privacy program. The successful operation of the program will ensure the business unit meets is in compliance with the privacy provisions of the Gift of Life Act (GOLA) and Freedom of Information and Protection of Privacy Act (FIPPA), and embeds privacy best practices and Privacy by Design principles into business unit operations. The Privacy Lead is responsible for the continued monitoring of the privacy program to ensure it meets evolving legislative and corporate requirements.

The Privacy Lead will use their privacy program and operational experience and knowledge of privacy, legal and regulatory requirements to develop and operate the privacy program. This role is expected to simultaneously support the Trillium Gift of Life Network business unit in meeting their business needs and advance new initiatives by providing privacy advisory services and conducting complex privacy impact assessments (PIAs). The Privacy Lead will be the key point of privacy contact for all projects and programs within the business unit. This role will also review, update, and implement clinical process instructions (CPIs), practices, and other mechanisms to address identified risks, and advance privacy knowledge and understanding for all members of the business unit.

The Privacy Lead will work closely with the Manager, Privacy; Director, Privacy; and other Ontario Health leaders and contributors. The Privacy Lead is expected to build internal and external relationships and liaise extensively with members of the Privacy team and functional teams across OH, including the Information Security Office (ISO), Strategy, Planning, Privacy & Analytics teams, and Legal Services.

The Privacy Lead will play an important role in championing a culture of privacy at Ontario Health and enabling compliance with Ontario Health's complex privacy requirements.

Here is what you will need to be successful:

As a Privacy Lead, you will have the opportunity to:

• Operate and support the continued development of a privacy program for an Ontario Health business unit that:

  • Is fully aligned and harmonized with the Ontario Health enterprise privacy program.

  • Ensures compliance with legislative and contractual requirements/obligations.

  • Embeds privacy best practice and Privacy by Design principles into business unit operations as well as new initiatives/projects.

  • Includes an agreements framework that aligns with Ontario Health standardized contractual approaches.

  • Supports triennial IPC reporting processes for prescribed designations under PHIPA.

  • Tracks, monitors, and remediates identified risks.

  • Identifies and addresses privacy education needs of the business unit.

  • Includes up-to-date and relevant SOPs to support operational compliance.

• Monitor the effectiveness of the privacy program, identifying gaps and addressing newly identified areas of risk as required.

• Manage the continued operation of the privacy program once implemented, adjusting and expanding the program as required to accommodate business needs.

• Perform incident management, investigation, containment, and remediation for the business unit.

• Develop and implement strategies to effectively prioritize the management of competing areas of risk, while supporting business objectives.

• Support new projects and initiatives for the business unit by providing expert privacy advisory services, conducting PIAs and leading risk mitigation efforts.

• Liaise with the Legal, Information Security, and other teams as required to inform agreement structures and ensure a harmonized and standardized approach to data protection and information management across the organization.

• Proactively and effectively engage Legal, Privacy and Risk Portfolio Leadership as required to address areas of high risk or sensitivity.

• Provide mentorship support and training to Privacy colleagues supporting projects and initiatives for the business unit.

• Monitor and stay current on relevant privacy, legal, technology and other matters that may impact OH's privacy program and risk posture.

Education and Experience

• Completion of a university (bachelor) program; holds an undergraduate or master's degree in health, policy, IT, security, law or related disciplines, or equivalent education/experience with evidence of continuing professional development in privacy.
• Recognized access and privacy designation (Certified Information Privacy Professional (CIPP/C) or other relevant privacy designation) is preferred.
• Recognized security certification is an asset.
• Minimum 5 years of direct operational level privacy experience, with 2-3 recent years focused in public sector healthcare privacy. Experience in an organization involved in the provincial organ and tissue donation and transplantation continuum is an asset.
• Experience conducting privacy impact assessments and interpreting complex legislation, developing recommendations for risk mitigation, assigning responsibility for risk mitigation tasks and activities, and monitoring to completion.
• Experience developing and/or leading privacy program and operational activities including, for example, privacy breach management, training and awareness, and privacy risk management.
• Experience leading working groups, projects, or programs.
• Experience or familiarity with Ontario Health and/or TGLN's business processes.

Knowledge and Skills

• Extensive knowledge of Ontario's Freedom of Information and Protection of Privacy Act (FIPPA) and Personal Health Information Protection Act, 2004 (PHIPA), privacy best practices and industry standards.
• Understanding of the Gift of Life Act.
• Broad understanding of privacy concepts, trends, legislative and regulatory requirements, and emerging issues (e.g., de-identification, event auditing and monitoring, AI, privacy maturity models, etc.) and their potential impacts.
• Demonstrated ability to plan, develop and implement strategies to achieve privacy compliance, identify and remediate risk, and develop and grow a culture of privacy.
• Proficient in Microsoft based work environment (i.e., Word, PowerPoint, Excel, Teams).
• Strong organizational skills and ability to establish and manage priorities with a superior commitment to follow-through, employing a risk-based approach where appropriate.
• Excellent interpersonal skills with ability to build collaborative relationships with internal and external stakeholders.
• Excellent written communication skills, including the ability to draft policies, briefing notes, and risk assessments.
• Ability to effectively communicate with and present to a diverse range of stakeholders, including executive leaders, portfolio leaders, and subject matter experts for functional areas such as Information Security, Legal and Architecture.

Employment Type: Permanent Full-time

Salary Band: Band 6

Location: Ontario (currently hybrid; subject to change)

All applicants must be a resident of Ontario to be considered for roles at Ontario Health.

Internal Application Deadline Date: August 15, 2024

External Application Deadline Date: August 27, 2024

Ontario Health encourages applications from candidates who are First Nations, Métis, Inuit, and urban Indigenous; Francophone; Black and racialized; members of 2SLGBTQIA+ communities; trans and nonbinary; and disabled.

We encourage applicants with accessibility needs to notify us if they have any accommodation needs in the application and/or interview process.

#LI-RN1

Employment Type:

Contract Length:

Salary Band:

External Application Deadline Date: