IT Compliance, Information Security, Risk Management
The Information and Privacy Commissioner, Ombudsman and Public Interest Disclosure Commissioner in Whitehorse, Yukon, Canada, is seeking to fill the full-time permanent position of Investigator and Compliance Review Officer – Information Systems Security.
A key responsibility of this position will be to review privacy impact assessments involving complex information systems and privacy breaches to ensure public bodies subject to the Access to Information and Protection of Privacy Act (ATIPPA) and custodians subject to the Health Information Privacy and Management Act (HIPMA) are in compliance.
This position will also be responsible for conducting investigations into allegations of unfairness under the Ombudsman Act, violations of the access to information and protection of privacy requirements in the ATIPPA and the HIPMA, and disclosures of wrongdoing or reprisals under the Public Interest Disclosure of Wrongdoing Act.
Leading investigations and compliance review activities involving information security.
Evaluate Privacy Impact Assessments (PIA’s) submitted by Public Bodies for compliance and ensuring best practices. Knowledge of information systems and security risks is an essential component of these evolutions.
Conducting research, developing guidance, advisories, reports and providing advice regarding the impact of technological developments on privacy and security in Yukon.
Providing information security and technological advice to other team members on their investigations and compliance review activities as needed.
Consulting with numerous bodies and individuals across Canada to perform effectively.
Works with the Information and Privacy Commissioner on initiatives (local and national) undertaken by custodians and public bodies that impact the privacy and security of personal and health information.
Working with the Information and Privacy Commissioner on improving the security of the office’s data management systems.
Acting as the chief information security officer for the office.
The Investigator and Compliance Review Officer (ISS) must have valid Information security management certification such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CSSP), Certified Information Security Manager (CISM). Preference will be given to candidates having any of the following additional certifications:
Information security certifications such as Offensive Security Certified Professional (OSCP), GIAC Certified Penetration Tester (GPEN)
Privacy certification as a CIPP (Certified Information Privacy Professional), CIPM (Certified Information Privacy Manager), IAPP (Information Access and Protection of Privacy) Certificate, CIAPP (Canadian Institute of Access and Privacy Professionals) Certification, or equivalent.
Desired Knowledge, Skills, and Experience
The ideal candidate should have, and may be assessed on their:
Up to date knowledge about and a keen interest in emerging developments and technologies on the confluence of technology and privacy/fairness such as privacy preserving techniques, genomic medicine, cryptography, AI, digital identity, government e-services, cloud computing, cryptocurrency etc. Certified Cloud Security Professional (CCSP) designation
developing or reviewing privacy impact assessments and security threat risk assessments on complex information systems,
investigating causes of privacy breaches or in privacy breach management involving information systems,
providing management advice,
developing guidance, advisories, and other resources for compliance purposes.
interpreting and applying ombudsman, access, (health) privacy, and/or public interest disclosure legislation,
working in an information security management and/or privacy management role in the public and/or private sector,
conducting investigations, analyzing information, drawing conclusions, and writing investigation reports or letters (as applicable),
writing and communicating effectively,
fostering and maintaining professional working relationships, working within a team and independently, and
experience conducting audits.
Additional Salary Information: +12% in lieu of pension
$2242 Yukon Bonus annually (after 2 years)
About Yukon Information and Privacy Commissioner
The Information and Privacy Commissioner (IPC), Ombudsman and Public Interest Disclosure Commissioner (PIDC) is an independent officer of the Yukon Legislative Assembly and has responsibilities under the Access to Information and Protection of Privacy Act, the Health Information Privacy and Management Act, the Ombudsman Act and the Public Interest Disclosure of Wrongdoing Act. For information about the Ombudsman, IPC and PIDC visit the Office’s website at: http://yukonombudsman.ca
The Information and Privacy Commissioner is responsible to ensure government and other public bodies comply with the Access to Information and Protection of Privacy Act (ATIPPA) and health care custodians comply with the Health Information Privacy and Management Act (HIPMA).
Under the Ombudsman Act, the Ombudsman is responsible to investigate allegations of unfairness made against government and other authorities.
The PIDC is responsible to investigate disclosures of wrongdoing made by employees of government and other public entities and investigate allegations of reprisals taken against an employee under the Public Interest Disclosure of Wrongdoing Act (PIDWA).
BACK TO TOP
ISACA Career Centre is Just One of the Benefits.
Discover what else ISACA has to offer!
The job you are trying to reach from was originally posted at ISACA Career Centre.