Senior Privacy Impact Assessment Specialist (BB-A70A5)
Found in: Neuvoo CA
5+ years of experience working in Privacy Impact Assessment for the healthcare industry, providing security and privacy expertise for provincial Health systems such as Integrated Assessment Records, Electronic Medical Records (EMRs), Hospital Information Systems (HISs), and Clinical Assessment tools.
Privacy Impact Assessment Specialist (Level 3) is required to:
Provide daily ongoing operational support and Subject Matter Expertise (SME) to operational and business function to ensure ISO/IEC 27001 compliance.
Provide security expert advice and guidance to Infrastructure and Operations on security technologies, firewalls, VPN, intrusion prevention systems, log correlation, and anti-malware.
Maintain and update Common Privacy Framework and privacy toolkit for the community care sector.
Provide technical support for IAR, HRIS and MIS solutions, managing security and privacy risks including guidance on compliance with privacy legislation and compliance policies and processes.
Provide security and privacy training to healthcare service providers.
Continuous improvement of (ISMS) Information Security Management System design, implementation and documenting new information security controls and processes for optimal operational suitability and effectiveness.
Respond to and identify privacy breaches and security/privacy incidents, develop and implement remediation plans.
Assist health service providers with security and privacy practice implementations.
Experience and Skill Set Requirements:
Technical Skills (35%):
5+ years of experience as a privacy expert including:
Managing privacy risks in the collection, use, and disclosure of assessment information within and between HSP's.
Leading end-to-end operational risk assessments, including selecting risk methodologies, identifying privacy compliance gaps, priorities, dependencies and redundancies, and recommending process remediation or simplification implementing information privacy best practices in the operation of healthcare systems containing personal health information.
Developing, implementing and operating information security and privacy risk management programs based on the ISO/IEC 17799/27001/27799 standards, including strategic planning, benefits-driven approaches, performance evaluations and implementation plans.
Implementing information security and privacy best practices, including but not restricted to, risks to the security of data (such as financial information) and risks to the privacy of personal information.
Experience with commonly used business software (e.g. word processing, spreadsheet, database management in order to develop complete systems, user and operations documentation.
Privacy Impact Assessment (PIA) Skills (20%):
Extensive experience in conducting conceptual, logical and physical Privacy Impact Analysis (PIA’s), Threat Risk Analysis (TRA’s).
Experience in testing privacy and security functions.
Extensive experience in implementing and operating security technologies and conducting vulnerability assessments and penetration testing.
Stakeholder Management & Communication Skills (10%):
Understanding of and experience with the maintenance of information standards involving multiple stakeholders.
Strong leadership and people management skills and experience.
Effective facilitation skills; ability to build rapport with stakeholders and drive negotiations to a successful outcome.
A proven track record for building strong working relationships.
Public Sector Experience (5%):
5+ years of experience working in the healthcare industry, providing security and privacy expertise for provincial Health systems such as Integrated Assessment Records,
Electronic Medical Records (EMRs), Hospital Information Systems (HISs), and Clinical Assessment tools.
Knowledge of personal health information protection legislative requirements and how they apply to developing and maintaining healthcare systems containing personal health information preferred.
Experience providing privacy training and awareness in the healthcare sector.
In-depth knowledge of personal health information protection legislation (e.g. PHIPA, FIPPA), the information risk factors in healthcare and how they apply to managing security and privacy risks in healthcare systems containing personal health information (PHI).
calendar_today6 hours ago
work Cynet Systems