Manager, Privacy

One of Canada's Best Diversity Employers and Greater Toronto's Top Employers for many consecutive years, William Osler Health System (Osler) provides a safe and supportive health care network to grow your career. Osler is nationally recognized for its commitment to patient safety and is Accredited with Exemplary Standing, the highest rating a Canadian hospital can receive. As a major Ontario hospital system, and home to some of the biggest specialty and emergency departments in the country, Osler serves the 1.3 million residents of Brampton, Etobicoke and surrounding communities. We are proud to offer you incredible exposure to best-in-class health care delivery and challenging hands-on opportunities to stay at the top of your game.

A hospital system built for and by the community, we continue to expand our services to meet the needs of a growing population, creating opportunities for increased hands-on skills development, cross-department training and promotional opportunities. Guided by our accomplished senior leadership team, together we are driving our vision of world-class health care inspired by our people and communities.

At Osler, we invest in careers that go beyond where health care professionals like you can achieve their goals and find deep personal and professional fulfillment. Join our team today!

Reporting to the Director, Cybersecurity, Privacy & HIM, the Privacy Manager is responsible for overseeing the privacy and FOI program at William Osler Health System to ensure all aspects of the program align with the organizational vision, mission and values. 

The Privacy Manager provides strategic direction, with support of the Director, Cybersecurity, Privacy and HIM. The Privacy Manager leads the privacy team through the privacy program by establishing highly effective risk management activities, including but not limited to, risk identification as it relates to compliance gaps involving privacy, access and emerging artificial intelligence compliance gaps They are also responsible for actioning appropriate mitigation activities including leading and participating in the development and implementation of appropriate Osler policies, corporate protocols and other internal and external stakeholders to manage risk.  s. In addition, this very specialized leader assumes responsibility for the education and enforcement of those protocols and matters of compliance (ie. industry best practice, legislative requirements, case law and IPC decisions).

The manager is required to provide mentorship to program staff and other stakeholders, both internal and external.  This position will help design and facilitate the adoption of good privacy practices by Osler staff and is required to provide leadership support and consultations with both internal and external stakeholders. With the support of the Director, the manager also is responsible for oversight and consistency of privacy inquiries/consultations, and complaints and breaches from the intake stage to complaints and investigations.

Accountabilities:

• Review existing privacy processes, identify gaps and areas of improvements
• Document risks and benefits of implementing new privacy processes and technology
• Environmental scanning of peer organizations and best practices
• Engaging stakeholders on potential changes and identifying operational impacts; communicating benefits and risks
• Monitors legislative changes, IPC orders and court decisions to determine new and emerging practices and operational requirements
• Conducts environmental scans to benchmark Osler’s policies and procedures against peer hospital and other organizations governed under the Personal Health Information Protection Act (PHIPA)/Freedom of Information and Protection Act (FIPPA)
• Analyzes FOI requests, privacy incidents/complaints/inquires/consultations to determine risk and response
• Conducts reviews using appropriate resources on jurisprudence on similar FOI decisions and provides advise and guidance considering current socio-legal climate and other operational risks
• Researches, analyzes and evaluates major complaints and challenges filed with the Ontario IPC
• Negotiates recommendations and strategies for the resolution of complaints and challenges e.g. FOI appeal under investigation
• Provides expertise, functional direction, interpretation and guidance on FOI requests and policy positions to all levels of management, clinical areas, professional staff and operations
• Leads privacy-related projects from inception to successful completion and is capable of effectively coaching staff on appropriate privacy protocols and needs as they implement new processes into the organization
• Effectively manages the Privacy team to ensure that the Osler’s obligations are met with respect to the PHIPA and FIPPA (“Acts’) and that the requirements are responded to and managed within time limits
• Monitors team workload and provides support and direction as needed to ensure staff follows policies, procedures and conventions
• Develops and coaches a team of professionals with the appropriate skills and competencies to meet departmental objectives, and creates a favorable organizational climate such that staff are motivated and committed to deliver to the best of their abilities
• Identify goals and set objectives for team members to drive consistency in operations and build towards professional development
• Provides opportunities for the team to learn from each other, and fosters an environment of professionalism, collegiality and growth

• 7 years managing a team in privacy, FOI, risk or audit
• Demonstrated expert knowledge of Privacy and Security Statutory, Regulatory Requirements and Standards, including PHIPA, FIPPA, CASL, PHA, RHPA, MHA, ITIL, NIST, CoBIT, ISO/IEC 31000 Series, ISO/IEC 27000 Series
• Expert with Personal Health Information Protection Act (PHIPA), and Freedom of Information and Protection Act (FIPPA)
• Experience in leading people, projects, and application implementations
• Intermediate experience with health information systems
• Intermediate experience in IT infrastructure
• Strong understanding of Windows Operating System and Active Directory
• Strong customer-service orientation
• Excellent written and oral communication skills
• Excellent listening and interpersonal skills
• Able to continually change priorities, managing the throughput of the group, with 25-30 initiatives in process at any given time
• Able to manage stakeholder expectations as priorities change
• Ability to communicate ideas in both technical and user-friendly language
• Highly self-motivated and directed
• Keen attention to detail
• Able to prioritize and execute tasks in a high-pressure environment
• Experience working in a team-oriented, collaborative environment
• Experience in leading large scale, complex change processes, preferably with a privacy focus
• Experience in teaching and education
• Training and experience in quality improvement and people change management principles and methodologies
• Solid understanding of quality and workflow process improvement methodologies and lean principles
• Solid understandings of implementation approaches and change management strategy
• Must demonstrate Osler's Values of Respect, Excellence, Service, Compassion, Innovation and Collaboration

Hours: Currently days, Monday to Friday (subject to change in accordance with operational requirements)

Hybrid: Roles that function remotely, but require essential, regular onsite weekly work.

Salary:

Minimum: $118,716.00

Maximum: $148,395.00

Internal application deadline: March 9, 2026

#LI-NP1

#FT

#LI-Hybrid

Osler values inclusivity and diversity in the workplace. We welcome and encourage applicants from diverse backgrounds. We are committed to providing accessible employment practices that are in compliance with the Accessibility for Ontarians with Disabilities Act. If you require an accommodation at any stage of the recruitment process, please notify Human Resources at [email protected].

While we thank all applicants, only those selected for an interview will be contacted. Any information obtained during the course of recruitment will be used for employment recruitment purposes only, and not for any other purpose.