The Cardiac Arrhythmia Network of Canada (CANet) is the gateway to arrhythmia research and development in Canada. One point of contact links pharmaceutical and biotechnology companies, government, and not-for-profit organizations to world-leading Canadian arrhythmia researchers and resources. Our vision is to generate new innovations in arrhythmia treatment and technologies that transform care, focus on the individual needs of patients, and allow them to take control of their care. We are one of 14 Networks in the Networks of Centres of Excellence, Canada’s flagship science and technology program. We are looking for a Privacy Officer to join our growing team of professionals.
Reporting to the Managing Director/COO, the Privacy Officer is responsible for compliance with relevant privacy and information access legislation including the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Health Information Protection Act (PHIPA). The Privacy Officer is a key member of the Management team and is responsible for providing consultative support and advice on risk and obligations as the subject matter expert on privacy and access for the organization, including those required to achieve its designation as a Prescribed Organization under PHIPA.
- Leading the development, documentation and periodic review of privacy policies and procedures, as assigned;
- Independently conducting privacy impact assessments;
- Leading the investigation of privacy incidents to identify privacy breaches and support response through all phases of the incident response process, including privacy analysis, root cause analysis, development of appropriate mitigation strategies, and drafting and reviewing associated communications and reporting;
- Providing advice, drafting and documentary review services, as required, to enable effective evaluation and response to patient inquiries, complaints, and requests of any kind;
- Reviewing, developing and coordinating appropriate action plans to address findings of privacy audits and monitoring;
- Identifying and assessing privacy risks and providing advisory and consultative support to risk owners to develop appropriate mitigation plans;
- Ensuring assigned risks are added to the Network’s risk register and monitoring to ensure compliance with risk mitigation plans and associated timelines;
- Representing the Network in external committee and working groups, as assigned;
- Contributing actively to all aspects of the Agency’s preparations to become and remain a Prescribed Organization, including planning, leading internal stakeholders through required readiness work, and preparation of any and all associated documentation and reporting;
- Participating in privacy training and information, such as PIA summaries and privacy safeguarding descriptions that are required to meet the Network’s transparency obligations;
- Proactively monitor the legislative, regulatory and best practice developments and trends which may impact the Network; informing leadership of pertinent operational requirements, legislative and regulatory matters.
- In all of the above, formulating solutions that are both enabling and analytically sound, taking into account the Network’s various obligations, including but not limited to those as a Prescribed Organization
Skills and Experience
- A minimum of 5 years of directly related work experience
- Strong organizational skills and attention to detail, follow-up, and accuracy coupled with good analytical and critical thinking skills as well as solid business acumen
- Results driven with a strong sense of urgency and an ability to meet tight deadlines and handle multiple projects simultaneously
- Strong interpersonal, verbal and written communication skills required
- Significant, demonstrated knowledge and experience of access and privacy requirements and practices, preferably related to the health and public sectors:
- Knowledge of relevant health and public sector privacy laws and best practices, including a thorough knowledge of, and demonstrated ability to interpret, PHIPA, FIPPA and PIPEDA
- Knowledge of risk management and best practices related to privacy.
- Substantial knowledge of and experience with health information, health data flows and related technologies;
- Exceptional analytic and creative problem-solving abilities;
- Discretion and ability to remain calm and be a credible and commanding advisor under pressure;
- Demonstrated aptitude for building trusted relationships, and a reputation for sound judgment and pragmatism, with internal clients and stakeholders;
- Proven abilities to work both collaboratively and independently;
- Professional certification in privacy and access preferred
- University degree
To apply, please send your resume and cover letter to the attention of the Managing Director at firstname.lastname@example.org
The posting will remain open until filled.