Manager, Information Systems Security, FOI & Privacy

  • William Osler Health System
  • Feb 13, 2019
Full time Manager

Job Description

William Osler Health System is a multi-site hospital system that serves 1.3 million residents of Brampton, Etobicoke, and surrounding communities within the Central West Local Health Integration Network. Osler’s emergency departments are among the busiest in Ontario and its labour and delivery program is one of the largest in Canada. William Osler Health System Foundation builds and fosters relationships in order to raise funds to support William Osler Health System’s capital, education and research priorities at Brampton Civic Hospital, Etobicoke General Hospital and Peel Memorial Centre for Integrated Health & Wellness.

Manager, Information Systems Security, FOI & Privacy – (1) One Permanent Full Time

DEPARTMENT/CAMPUS: IS - Information Services - Peel Memorial Centre



The Information Systems Security, FOI, and Privacy Manager’s role is to plan, coordinate, lead, and provide oversight on all activities related to William Osler Health System’s (Osler’s) information security and privacy frameworks, as well as related controls and best practices. The Manager will be responsible for contributing to the Information Management/Information Technology (IM/IT) vision and leading, developing and supporting initiatives critical to the organization’s information systems security, FOI, and privacy compliance practices. 

This individual manages the development and implementation of policies and procedures regarding the secure and compliant handling of, and access to, Osler’s data holdings. This includes information concerning patients, partners, physicians, staff, and volunteers, business practices and operations, and the information systems themselves. The Manager is also responsible for aligning the organization’s security, privacy and FOI practices with related local, provincial, federal, and industry-specific laws and regulations.


Strategy & Planning:

  • Collaborate with the organization’s Chief Privacy Officer and the Privacy and Security Committee to develop and communicate privacy and security strategies and plans to teams, staff, partners, customers, and stakeholders
  • Work with the Director of Infrastructure in leading privacy and security activities to achieve organizational and/or departmental goals
  • Develop IM/IT strategies and plans, and responsible for continuously enhancing the protection of the hospital’s information assets
  • Prioritize defense initiatives and coordinate the evaluation, deployment, and management of current and future privacy and security solutions by identifying, selecting, and utilizing a risk-based assessment methodology
  • Develop, implement, maintain, and work with other departments to enforce policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices
  • Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements
  • Remain current on updates and changes to applicable privacy and FOI legislation
  • Develop relationships with key external partners and where applicable actively participate in external regional and provincial committees, working groups and other forums involved in healthcare system improvement, privacy, FOI, and security management; and
  • Participate in and collaborate with various internal and external committees

Acquisition & Deployment:

  • Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies
  • Conduct and provide oversight for Privacy Impact Assessments and Threat Risk Assessments
  • Research and make recommendations on software systems and services in support of corporate procurement, integration and development efforts
  • Ensure that any new software procurement meets functional and compliance requirements
  • Assist with contract negotiation and review with software and service providers
  • Liaise with software and service suppliers for escalation and prompt rectification of problems or emergencies

Operational Management:

  • Act as advocate and primary liaison for the organization’s privacy and security vision via regular written and in-person communications with the company’s executives, department heads, and end users
  • Review corporate agreements with respect to privacy and security-related content
  • Oversee incident response procedure, following privacy and/or security-related breaches
  • Work with user groups to develop FOI, Privacy, and Security policies, procedures and protocols
  • Support the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software
  • Work closely with IS Infrastructure department on corporate technology solution development to fully secure information, computer, network, and processing systems
  • Responsible for development and update of policies and procedures on information-related matters, including: privacy and confidentiality, FOI, information security, information storage and retrieval, and record retention
  • Monitor and ensure that privacy and FOI incidents and requests are handled within legislated timelines
  • Maintain system for tracking, documenting, investigating, and taking action on any and all complaints (internal or external) regarding the company’s privacy policies and/or practices
  • Prepare and deliver – or manage delivery of – privacy-related training and awareness programs to all staff members, contractors, interns, and consultants
  • Devise and implement compliance monitoring of all business partners, associates, vendors, and service providers to ensure that privacy requirements adhere to
  • Advocate for compliance with organization’s privacy policies via regular written and in-person communications with company executives, department heads, and staff
  • Audit existing privacy practices across the organization, isolate potential risks or liabilities, and develop mitigation plans
  • Manage ongoing system access audit activities, relating to enforcement of policies and legislation
  • Oversee mandatory reporting of incidents and related information to external bodies (e.g. OIPC).


  • Bachelor’s Degree in Business Administration, Health Administration, Health Informatics or other relevant discipline(s)
  • Security Certifications and Privacy Certifications are an asset
  • System-based certifications are an asset (e.g. ITIL, COBIT, MCP, etc.)
  • Minimum of 3 years’ experience managing a Privacy team or experience managing a Security function
  • Minimum of 2 years’ experience working in the healthcare industry
  • Experience managing teams with high profile, time-sensitive deliverables and competing priorities, while leading projects or change initiatives
  • Strong coaching and mentoring skills with proven track record of developing high performance teams
  • Experience in planning, organizing, and deploying Information security technologies
  • Experience in developing policies, procedures and standards
  • Excellent knowledge of information technology environments, including information security and defence solutions
  • Strong ability to apply IT solutions to help mitigate security-related risks
  • Working knowledge of Ontario’s Privacy and Freedom of Information (FOI) legislation
  • In-depth knowledge of applicable laws and regulations as they relate to privacy, FOI, and security
  • In-depth knowledge and experience of the privacy and FOI processes of the Office of Ontario’s Information and Privacy Commissioner (OIPC)
  • Knowledge of business processes, management, budgeting, business office operations, and procurement
  • Understanding of project management principles
  • Proven stakeholder engagement and collaboration skills
  • Excellent written and verbal communication skills, including delivering presentations with complex information to senior administrative and medical leadership.
  • Ability to set and manage priorities judiciously and/or dynamically
  • Strong customer-service orientation
  • high-pressure environment; and
  • Ability to motivate/manage staff in a team-oriented, collaborative environment

Please apply to Posting # OSLER06051online at

Job Category

Information Technology


Brampton, ON