UBC has embarked on a multi-year journey to transform its academic and administrative support processes and system environments for the entire UBC community. In November 2020, UBC successfully went live with its new HR and Finance implementation of Workday. The Integrated Renewal Program (IRP) is now focused on the journey to renew the Student information ecosystem, anchored by the implementation of Workday Student.
The Integrated Renewal Program—Student (IRP Student) vision is to transform the way UBC supports learning and research, and how UBC works, to create a cohesive, integrated, and enriched experience for students, staff, and faculty. This implementation will result in superior support for UBC students, a better user experience, a new set of tools, a new way of working, and improved reporting for informed decision-making. IRP Student will leverage the industry-leading cloud enterprise solution Workday to replace our current core Student administration systems with a new integrated, user friendly, mobile-enabled platform.
For more information on the IRP, please visit www.integrated-renewal.ubc.ca
The Lead Privacy & Information Security Advisor (the Advisor) will play a critical role providing strategic and operational support for Privacy Impact Assessments (PIAs) and associated Security Threat Risk Assessments in relation to IRP Student, including point solutions such as Learner Financial Support, and integrations with existing systems in the SIS ecosystem.
At UBC, PIAs cover both privacy and information security requirements. Privacy requirements are defined by the BC FIPPA. Information security requirements are established by UBC policy and a comprehensive set of information security standards, as well as accepted industry standards on cybersecurity. To be effective, the PIA must be conducted over the life of an initiative. The scale and complexity of a major initiative such as IRP Student dictates that PIA completion will be highly complex, requiring consultation with many stakeholders throughout UBC; identifying risks and assisting in the design of mitigating controls to both privacy and information security.
The Advisor drives partnerships between the IRP Student program and key privacy and information security stakeholders. The Advisor influences leadership and operational roles to address risk through initiative lifecycles, defining strategies to embed risk assessment activities and in doing so enables strategic risk mitigation and acceptance, while delivering on legally required PIAs. The role oversees the completion of multiple PIAs to ensure that they are performed correctly and that risk mitigations are completed in a timely manner. The Advisor may oversee the activities of employee and contract resources within project teams as well as other Risk Analyst activities.
Reports (dotted-line) to the IRP Student Program Director, and directly to the Manager, PrISM SRS. Works closely with a variety of constituents at the University, particularly UBC IT, University Counsel, the CISO, Enterprise Data Governance, the Records Management Office, and Enterprise Risk Management functions. The position interfaces with all University employees, processes, and technologies that handle information (both paper and electronic records).
– Responsible for working directly with the IRP Student project teams to define and agree strategies to embed risk assessment in initiative lifecycle.
– Advising teams through risk assessment activities to move into a position where they have reasonable measures in place to protect information.
– Engaging broadly (through training, workshops and relationship building) within IRP Student and related teams to raise awareness of privacy and information security risk and mitigations training.
– Providing updates and formal reports to the relevant committee and stakeholders, including the PrISM Executive Team and IRP Student program governance bodies as required.
– Driving the process to produce required privacy and information security deliverables for IRP Student, including privacy and information security risk and control matrices, risk registers and Privacy Impact Assessments.
– Provides expert advice on privacy and information security risks to the IRP Student project teams, as deemed necessary.
– Developing and implementing privacy and information security risk assessment methodologies, processes and tools as well as provides guidance to project resources and risk analysts.
– Selects and follows project management methods, procedures, and quality objectives, and tracks metrics for assessing progress on privacy and information security risk assessments throughout the IRP Student program.
– Assesses variances from the assessment project plans, budgets and schedules, develops and implements changes as necessary to ensure that the project remains within specified scope and is within time, cost, and quality objectives, and keeps management aware of the situation.
– Conducts formal reviews with program sponsors at project completion to confirm acceptance and satisfaction.
– Acquiring and maintaining a working knowledge of the University’s technical and business environment.
– Building and maintaining good and productive working relationships with team members, stakeholders, UBC IT, and other vendors / consultants.
CONSEQUENCE OF ERROR
The IRP Student program is a complex multi-year initiative to replace 30+ year old student administrative systems with Workday’s cloud-based application plus point solutions using other technology platforms, integrated with hundreds of existing applications. These student administrative systems contain some of the most sensitive information at UBC. An information breach (especially relating to personal or other high-risk information) could have a significant financial and reputational impact on the University.
The Lead Privacy & Information Security Advisor plays a critical role in the identification of key privacy and information security risks, and providing appropriate recommendations to reduce these risks to an acceptable level.
Sound judgment must be exercised. Lack of good judgment and / or inability to adopt sound risk management techniques may result in the failure to detect significant privacy and security related exposures to the University’s information.
The incumbent reports directly and works under the general direction of the Manager, PrISM SRS, and indirectly to the IRP Student Program Director. The incumbent must be able to work independently as well as contribute actively and collaborate openly as a team member.
The Lead Privacy & Information Security Advisor will supervise the risk assessment work for the IRP Student program, including work performed by consultants and staff assigned to projects.
The closing date is August 19 and 16, which means any candidates need to apply by August 18 or 15 at midnight.