Job Title

Company : TransForm Shared Service Organization Location : On-site in Windsor, ON with opportunity for one day per week work from home. Posting Period : March 6, 2025 to March 27, 2025 closed at 4 : 00pm. Employment Type : Permanent, Full-Time Benefits : Pension, Health & Dental, Paid Sick, Life & Disability Insurance, Vacation and more. Visit our website for more details. Scope : Internal & External Conditions : Current business reference checks, judicial matters police clearance, and immunization medical clearance. POSITION SUMMARY : Under the direction of the CEO, the VP Chief Information Officer is responsible for providing strategic direction for TransForms enterprise architecture, enterprise data, information management, information technology privacy, security and compliance; supports the development and implementation of sound Information Systems policies and governance. This role also oversees clinical systems and integration, and development related to the Oracle Health / clinical applications environment. The VP Chief Information Officer participates in the overall business strategy development and planning; oversees major technological initiatives by managing technology standards and systems, ensures Privacy compliance; provides client services that support the organizations mission and business goals. Operating Budget development and oversight ($6m annually) via Chiefs of IT and AID (applications, integration and development) Capital Budget development and oversight ($2.5-$4m annually) via Chiefs of IT and AID Stakeholder engagement (members, vendors and regional partners) Development and execution of TransForms Digital Strategic and Operating plans Primary accountability related to IT : Cyber Security, disaster recovery / business continuity manager, identity and access management, privacy compliance, information regulatory compliance, risk management, information security and information assurance, the Regional Data Centre (RDC) and information technology controls for financial and other systems Oversee the alignment of clinical systems and application development with goals and objectives that support our mission and vision, in addition to our members and customers Data Governance Application and Integration lifecycle management WHAT YOULL DO : Knowledge or familiarity with security audits of systems and / or audits of processes to verify compliance with security standards and / or regulations Knowledge of one or more Industry / government regulations PHIPPA for the patient information processed as the consent call center for IAR FIPPA FOI requests from the public Canadian anti-SPAM legislation PCI compliance regarding processing or storing of credit card information PEPIDA Federal level of Privacy protection PHIPPA as it relates to Data Sharing Agreements and MOUs that include contractual obligations. Under PHIPPA TransForm acts as a HINP (Health Information Network Provider) and agent of the hospitals (classified as HICs) ePHIPPA Connecting Security from eHealth Ontario legal framework for participating in eHealth Electronic Health Records Knowledge of Ontarios eHealth Blueprint Knowledge of Security Standards (e.g. ISO 2700x series, NIST Publications, COBIT, etc.) and associated framework of controls Working knowledge of one or more of the following : Microsoft Excel, Microsoft Access, ACL, IDEA Experience in conducting threat risk assessments (TRA), business impact assessments (BIA), and / or privacy impact assessments (PIA), and make recommendations to mitigate risks and / or ensure compliance Ability to conduct third party risk assessments, and make recommendations to mitigate risks, and / or ensure compliance Ability to develop strategies and architectures to address information security risks / threats Ability to collect and analyze data from systems to determine compliance and risk levels, as well as determine trends in systems and processes Experience in managing projects - developing project charters, communication plans, project governance, budget plans, and managing a team of technical resources Knowledge of collecting, processing and reporting of security metrics System design and architecture Experience in developing processes around many of the following areas : Patch management Vulnerability management Network security Internet security Access Control Security administration including aspects of segregation of duties and least privilege Security incident management Business Continuity Management (BCM) / Disaster Recovery (DR) Securing Application Development Securing Local and Wide Area TCP / IP Networking Securing Windows Server 2012 / 200x, Linux and UNIX based environments Knowledge of information system architecture and security controls including configurations of perimeter devices, operating systems, wireless LAN technologies, databases, specialized appliances, and information security policies, standards and procedures Knowledge of common application architecture, e.g. Client Server architecture, n-Tier architecture, Web Application architecture Knowledge of vulnerability testing of infrastructure and applications using automated and manual tools, and providing recommendations to remediate them in a risk based prioritization Knowledge of deployment and / or management of logging and monitoring tools, and developing documented procedures for operating such tools, and managing security incidents Proven track record of creating and maintaining a culture of service excellence for internal and external stakeholders Strong leadership ability as it relates to change management and adoption Serves in a leadership role for privacy compliance and acts as a liaison, ensuring all privacy concerns, requirements, and responsibilities are addressed. Builds a strategic and comprehensive ongoing privacy program that consistently utilizes effective privacy practices minimizing risk and ensuring confidentiality, across all paper or electronic media. Works cooperatively with other Organizational Units in overseeing patient rights to inspect, amend, and restrict access to protected health information when appropriate. Performs or oversees initial and periodic information privacy risk assessment / analysis, mitigation and remediation. Oversees, development and delivery of initial, ongoing privacy training, and ongoing compliance monitoring to the workforce and business associates. Manages all required breach determination and notification processes under HIPAA and applicable Ontario breach rules and requirements. Establishes and administers a process for investigating and acting on privacy and security complaints. #J-18808-Ljbffr