Lead, Privacy

At Ontario Health, we are committed to developing a strong organizational culture that connects and inspires all team members across the province. Our vision is that together, we will be a leader in health and wellness for all. Our mission is to connect the health system to drive improved and equitable health outcomes, experiences and value. How we work together is reflected through our five values: integrity, inspiration, tenacity, humility and care.

• Fully paid medical, dental and vision coverage from your first day

• a health care spending account

• a premium defined benefit pension plan

• three personal days and two float days annually

• three weeks' vacation to start (for individual contributors), increasing to four weeks after two years

• career development opportunities

• a collaborative values-based team culture

• a wellness program

• a hybrid working model

• participation in Communities of Inclusion

Want to make a difference in your career? Consider this opportunity.

At Ontario Health, we are committed to developing a strong organizational culture that connects and inspires all team members across the province. Our vision is that together, we will be a leader in health and wellness for all. Our mission is to connect the health system to drive improved and equitable health outcomes, experiences and value. How we work together is reflected through our five values: integrity, inspiration, tenacity, humility and care.

What Ontario Health offers:

Achieving your career goals is a priority to us. Benefits of working at Ontario Health may include the following based on employment type:

• Fully paid medical, dental and vision coverage from your first day
• Health care spending account
• Premium defined benefit pension plan
• 3 personal days and 2 float days annually
• Individual contributors start at 3 weeks' vacation with 4 weeks at 2 yrs.
• Career development opportunities
• A collaborative values-based team culture
• Wellness programs
• A hybrid working model
• Participation in Communities of Inclusion

Want to make a difference in your career? Consider this opportunity.

Here is what you will be doing:

Reporting to the Manager, Privacy, the Privacy Lead is responsible for the continued development, operation and execution of the privacy program for Ontario Health's CorHealth business unit that ensures full harmonization and compliance with Ontario Health's enterprise privacy program. The successful operation of the program will ensure the business unit meets all requirements to retain its existing designations under the Personal Health Information Protection Act, 2004 (PHIPA), and embeds privacy best practices and Privacy by Design principles into business unit operations. The Privacy Lead is responsible for the continued monitoring of the privacy program to ensure it meets evolving regulatory requirements, including requirements related to Ontario Health's Prescribed Person and Prescribed Entity roles under PHIPA.

The Privacy Lead will use their privacy program and operational experience and knowledge of privacy, legal and regulatory requirements to develop and operate the privacy program. This role is expected to simultaneously support the CorHealth business unit in meeting their business needs and advance new initiatives by providing privacy advisory services and conducting complex privacy impact assessments (PIAs). The Privacy Lead will be the key point of privacy contact for all projects and programs within the business unit. This role will also review, update, and implement standard operating procedures (SOPs), practices, and other mechanisms to address identified risks, and advance privacy knowledge and understanding for all members of the business unit.

The Privacy Lead will work closely with the Manager, Privacy; Director, Privacy; and other Ontario Health leaders and contributors. The Privacy Lead is expected to build internal and external relationships and liaise extensively with members of the Privacy team and functional teams across OH, including the Information Security Office (ISO), Strategy, Planning, Privacy & Analytics teams, and Legal Services.

The Privacy Lead will play an important role in championing a culture of privacy at Ontario Health and enabling compliance with Ontario Health's complex privacy requirements.

Here is what you will need to be successful:

As a Privacy Lead, you will have the opportunity to:

• Operate and support the continued development of a privacy program for Ontario Health's business unit that:
  • Is fully aligned and harmonized with the Ontario Health enterprise privacy program.
  • Ensures compliance with complex legislative and contractual requirements/obligations.
  • Embeds privacy best practice and Privacy by Design principles into business unit operations as well as new initiatives/projects.
  • Includes an agreements framework that aligns with Ontario Health' standardized contractual approaches.
  • Supports the triennial Information and Privacy Commissioner of Ontario (IPC) reporting processes for prescribed designations under PHIPA.
  • Tracks, monitors, and remediates identified risks.
  • Identifies and addresses privacy education needs of the business unit.
  • Includes up-to-date and relevant SOPs to support operational compliance.
• Monitor the effectiveness of the privacy program, identifying gaps and addressing newly identified areas of risk as required.
• Manage the continued operation of the privacy program, adjusting and expanding the program as required to accommodate business needs.
• Conduct end-to-end PIAs on the business unit's existing programs and services to identify risks and develop and execute risk treatment plans, engaging subject matter experts from other portfolios or functional teams (e.g., Information Security, etc.) as needed.
• Support new projects and initiatives for the business unit by providing expert privacy advisory services, conducting PIAs and leading risk mitigation efforts.
• Develop and implement strategies to effectively prioritize the management of competing areas of risk, while supporting business objectives.
• Perform incident management, investigation, containment, and remediation for the business unit.
• Liaise with Legal, Information Security, and other teams as required to inform agreement structures and ensure a harmonized and standardized approach to data protection and information management across the organization.
• Proactively and effectively engage members of the Strategy, Planning, Privacy & Analytics Portfolio Leadership team as required to address areas of high risk or sensitivity.
• Monitor and stay current on relevant privacy, legal, technology and other matters that may impact Ontario Health's privacy program and risk posture.

Education and Experience

• Completion of a university (bachelor) program; holds an undergraduate or master's degree in health, policy, IT, security, law or related disciplines, or equivalent education/experience with evidence of continuing professional development in privacy.
• Recognized access and privacy designation (Certified Information Privacy Professional (CIPP/C) or other relevant privacy designation) is preferred.
• Recognized security certification is an asset.
• Minimum 5 years of direct operational level privacy experience, with 2-3 recent years focused in public sector healthcare privacy. Experience in an organization also designated as a Prescribed Person and/or Prescribed Entity under PHIPA is an asset.
• Experience conducting privacy impact assessments and interpreting complex legislation, developing recommendations for risk mitigation, assigning responsibility for risk mitigation tasks and activities, and monitoring to completion.
• Experience developing and/or leading privacy program and operational activities including, for example, privacy breach management, training and awareness, and privacy risk management.
• Experience leading working groups, projects, or programs.
• Experience or familiarity with Ontario Health and/or CorHealth Ontario's business processes, including Prescribed Person and/or Entity requirements.

Knowledge and Skills

• Extensive knowledge of Ontario's Freedom of Information and Protection of Privacy Act (FIPPA) and Personal Health Information Protection Act, 2004 (PHIPA), privacy best practices and industry standards.
• Understanding of Prescribed Entity and/or Prescribed Person roles under PHIPA and related compliance requirements.
• Broad understanding of privacy concepts, trends, legislative and regulatory requirements, and emerging issues (e.g., de-identification, event auditing and monitoring, AI, privacy maturity models, etc.) and their potential impacts.
• Demonstrated ability to plan, develop and implement strategies to achieve privacy compliance, identify and remediate risk, and develop and grow a culture of privacy.
• Proficient in Microsoft based work environment (i.e., Word, PowerPoint, Excel, Teams).
• Strong organizational skills and ability to establish and manage priorities with a superior commitment to follow-through, employing a risk-based approach where appropriate.
• Excellent interpersonal skills with ability to build collaborative relationships with internal and external stakeholders.
• Excellent written communication skills, including the ability to draft policies, briefing notes, and risk assessments.
• Ability to effectively communicate with and present to a diverse range of stakeholders, including executive leaders, portfolio leaders, and subject matter experts for functional areas such as Information Security, Legal and Architecture.

Employment Type: Permanent Full-Time

Paygrade: Band 6

Location: Ontario (currently hybrid; subject to change)

All applicants must be a resident of Ontario to be considered for roles at Ontario Health.

Internal Application Deadline Date: November 1, 2024

External Application Deadline Date: November 7, 2024

Ontario Health encourages applications from candidates who are First Nations, Métis, Inuit, and urban Indigenous; Francophone; members of Black and racialized groups; 2SLGBTQIA+ communities; trans and nonbinary individuals; and people living with disabilities.

Ontario Health is an accessible employer and we offer accommodation in all aspects of employment, including the recruitment process. If you require a disability related accommodation in order to participate in the recruitment process, please contact us and a member of the team will connect with you within 48 hours.

Employment Type:

Contract Length:

Salary Band:

External Application Deadline Date: