Privacy Impact Assessment (PIA) Specialist

IT - Application & Software Development
Toronto, ON
Contract
Jun 03, 2025

Our client has a + month, remote (in Canada) contract for a person with the following experience. Government experience is a must to be considered.
Must haves:

Minimum of 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects
Minimum 5 years’ direct operational level privacy experience preferably in a health sector and/or IT environment
Minimum 5 years' experience drafting and reviewing privacy requirements for data sharing agreements
Familiarity with the Personal Health Information Protection Act (PHIPA), and it’s related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
Responsibilities:

Develop privacy policies and procedures
Conduct privacy impact assessments for medium to high complex initiatives and/or implement mitigations activities in response to recommendations from PIAs
Identify and assess privacy risks
Provide privacy advisory and support to business teams
Lead and/or participate on regional or provincial committees or project teams as the privacy Subject Matter Expert (SME)
Identify privacy requirements
Develop strong relationships with various internal and external stakeholders to foster a culture of privacy
Respond and provide advice and legislative interpretation for information and access requests, consent management requests, complaints, or inquiries, appeals and privacy issues under the PHIPA
Support privacy program projects and activities to improve the efficiency and effectiveness of the Privacy Office
Other duties as required
Desired Skills:

Completion of a university undergraduate or master’s degree in health, policy, IT, security, law or a related discipline
Demonstrated knowledge and experience of access and privacy requirements and practices, preferably related to the health and public sectors
Excellent knowledge of privacy and security concepts, trends, and issues. This will include an understanding of their impact on business processes, as well as skill with interpretation and communication of principles and compliance requirements
Knowledge and ability to interpret of Ontario’s Personal Health Information Protection Act, 2004 (PHIPA)
Knowledge and ability to interpret Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA)
Analytical skills to understand the current and future access and privacy implications of policies, decisions, and business initiatives
Experience with conducting and/or providing oversight for Privacy Impact Assessments including developing privacy requirements, risk mitigation plans, corporate policies and developing and/or delivering training content
Working knowledge of digital health technologies and information security industry standards
Excel in a fast-paced and project focused environment
Exceptional analytic and creative problem-solving abilities
Good understanding of related disciplines, such as IT system design, policy development (privacy or security), business architecture, legal processes, Freedom of Information administration, business analysis, risk management, project management
Knowledge of Information Technology concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture and data flows
Excellent communication skills both verbal and written, and strong stakeholder engagement skills
Time management, with the ability to manage tight deadlines and prioritize multiple projects
Required Experience / Evaluation Criteria:

Minimum of 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects: 20 pts
Minimum 5 years’ direct operational level privacy experience preferably in a health sector and/or IT environments: 20 pts
Minimum 5 years' experience drafting and reviewing privacy requirements for data sharing agreements: 20 pts
Minimum 5 years’ experience developing privacy policies and procedures, requirements, or controls: 20 pts
Familiarity with the Personal Health Information Protection Act (PHIPA), and it’s related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP): 20 pts
Total Capabilities Criteria: 100 Points