Job Title: Manager, Privacy & Security/Chief Privacy Officer (CPO)
Organization: Grand River Hospital
Location: Kitchener, ON
Job Type: Full-time

Job Summary

This dual-aligned position will use a disciplined approach to plan, execute and finalize complex security programs and projects and oversee the implementation, monitoring and reporting of the corporate privacy program. The position will comply and work in alignment with the Mission, Vision and Core Values of Grand River Hospital, to foster a culture of patient and staff safety. The Manager, Privacy & Security/CPO, as delegated by the Chief Executive Officer to act on his/her behalf, will ensure compliance with GRH privacy principles.

The Manager, Privacy & Security/CPO will provide oversight, support and advice on privacy and security matters to the organization. The role will lead processes to ensure that Grand River Hospital adheres to legislative requirements under federal and provincial jurisdictions including, but not limited to the Personal Health Information Protection Act (2004) (PHIPA), the Freedom of Information and Protection of Privacy Act (R.S.O. 1990) (FIPPA), and the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (PIPEDA).

Key Accountabilities and Responsibilities

  • Perform project work according to strict deadlines, within budget and meeting scope and quality expectations
  • Successfully able to perform their function in accordance with prescribed standards that focuses on the priority of People Safety and the delivery of the highest standard of Quality Care.
  • Demonstrate the physical and mental capabilities necessary for proper and efficient performance of the essential duties of the position.
  • Ensure GRH is in compliance with Ontario’s Personal Health Information Protection Act through a privacy management program comprised of policies, processes and protocols based on current legislative and regulatory requirements.
  • Ensure the privacy team is educated and trained to provide guidance and education on healthcare privacy issues throughout the hospital.
  • Lead the Privacy Team in addressing FIPPA requests, privacy investigations, Privacy Impact Assessments, and breach management protocols;
  • Perform reviews and oversee monitoring activities related to compliance with existing privacy legislation;
  • Establishes / administers protocols to address privacy and security complaints;
  • Serves as a resource for health information and privacy-related issues;
  • Addresses questions and concerns from the public related to patient / client privacy;
  • Develops and oversees privacy training for the organization;
  • Works alongside administration, legal counsel and other parties to ensure the organization’s privacy interests are represented.


  • A bachelor’s degree in Information Systems or Computer Science Engineering, Health Information Management or related field.
  • Certified Health Information Management (CHIM) certification
  • Minimum 5 years of Privacy & Freedom of Information experience;
  • Experience conducting Privacy Impact Assessments ;
  • Knowledge of Network Security infrastructure (Firewalls, Proxy Servers, VPN concentrators), network problem analysis, information security management frameworks, such as ISO/IEC 27001, and NIST.
  • Demonstrated capability of designing privacy management target operating models
  • 10+ years experience in IT infrastructure, information security, IT governance, risk and compliance, application & network security and experience in the operation and support of a wide range of networked end user computing technologies.Demonstrated ability to effectively engage leadership at all levels and to navigate through a large organization;
  • Exceptional communication, facilitation and presentations skills;
  • Proven success in the development of continuous improvement initiatives;
  • Experience in working with outcome metrics as a means of evaluation and performance management;
  • Demonstrated talent for building relationships, fostering collaboration, leading transformational change;Demonstrated experience in developing people practices and strategies.


All job applications are to be submitted through the careers page of Grand River Hospital.

Grand River Hospital is committed to fair and equitable employment and in our recruitment and selection practices. We strongly believe in inclusion and diversity within our organization, and welcome all applicants including, but not limited to: racialized communities, all religions and ethnicities, persons with disabilities, LGBTQ2S+ persons, Indigenous people, and all others who may contribute to the further diversification of our Hospital community. We are committed to providing and fostering a respectful workplace for all employees, free from violence and harassment. Grand River Hospital is a proud member of the Canadian Centre for Diversity and Inclusion (CCDI).

Upon individual request, the hospital will endeavor to remove any barrier to the hiring process to accommodate candidates, including those with disabilities. Should any applicant require accommodation through the application, interview or selection processes, please contact Human Resources in advance for assistance.