Reporting to the Manager, Information Privacy & Access, the Privacy & Information Security Coordinator will participate in key functions of Privacy, Access, and Information Security, including privacy & security audits, risk assessments, staff education, policy development and review, and investigations. The Privacy & Information Security Coordinator is also responsible for facilitating access to and disclosure of personal information and compliance with PHIPA and FIPPA.
Job Duties and Responsibilities:
• Perform privacy impact assessments. vulnerability assessments, coordinate the execution of these within the corporate context, as well as oversee the remediation activities associated with vulnerability/risk findings
• Work in partnership with the Security Analyst to monitor current trends of malware and intrusions
• Assist in the development and enforcement of departmental and corporate policies and procedures associated with privacy, information security and access controls based on industry best practice and managerial direction
• Collaborate with the IT team in ensuring high availability of information security technologies including, but not limited to, Network Intrusion Prevention Systems, Enterprise Anti-Virus Systems, Enterprise Host Intrusion Prevention Systems, Firewalls, Patch Management Systems, End Point Encryption, and Security Incident Management Systems.
• Coordinates internal and external audits and maintains Information Security related documents including confidential data about existing risks
• Supports Cyber Incident response process
• Familiarity with applicable legislation such as :
• the Public Hospital Act (PHA)
• Personal Health Information Act (PHIPA),
• Freedom of Information and Protection Act (FIPPA),
• Mental Health Act and
• Personal Information Protection & Electronic Document Act (PIPEDA).
• Bachelor’s degree in related field. Equivalent work experience without a degree will be considered.
• Minimum of 2 years IT, privacy, data analytics or related work experience
• Previous work experience with privacy and information security in a health care setting considered an asset
• Understanding of lifecycle data management (collection, use, transmission, disclosure, and retention of personal and/or confidential business information)
• Ability to work independently and with limited supervision
• Excellent interpersonal, oral and written communication skills
• Demonstrated knowledge and experience in training and presentations
• Responsible, energetic individual with above average ability to organize and prioritize duties
• Ability to thrive in an extremely busy environment; where multi-tasking is essential and the quality of work must not be compromised
• Good attendance record