The Senior Information Management Analyst provides expert leadership in privacy, cybersecurity, and data governance across 3sHealth. This role ensures information is managed securely, lawfully, and in alignment with the Health Information Privacy Act(HIPA), the Local Authority Freedom of Information and Privacy Act(LAFOIP), and recognized security frameworks. Working closely with information technology (IT), project teams, and health-system partners, the Analyst leads risk assessments, policy development, training, and incident response to reduce risk and support safe, effective service delivery.

Key Areas of Accountability

Privacy governance and compliance

• Lead organization wide privacy compliance in accordance with HIPA and LAFOIP, including policy interpretation, training, and monitoring.
• Design and deliver organization wide privacy training and awareness initiatives.
• Lead or coordinate Privacy Impact Assessments (PIAs), audits, and risk assessments for new or changed services and systems.
• Follow 3sHealth incident response process.
• Maintain inventories and data maps of personal and personal health information, documenting data flows and safeguards.

Cybersecurity risk management

• Lead or facilitate threat and risk assessments (TRAs) and gap analyses, recommending risk mitigation strategies.
• Partner with internal and external stakeholders to ensure privacy and security safeguards are implemented through appropriate technical and administrative controls.
• Develop, maintain, and update cybersecurity policies, standards, and procedures aligned with industry best practices and health sector requirements.
• Coordinate and support privacy and cybersecurity incident response, including containment, root cause analysis, notifications, and lessons learned.
• Design and deliver cybersecurity awareness and targeted training for staff and leadership.

Information management and data governance

• Develop and maintain data management processes, metrics, and reporting to monitor service performance and regulatory compliance.
• Review and update policies, agreements, and contracts (e.g., MSAs, data sharing agreements) to ensure privacy and security requirements are met.
• Provide expert input to project teams on requirements, design decisions, and control selection to embed privacy and security by design.

Other duties as assigned.

This position requires an office-based environment with extensive computer uses and periods of visual concentration. Infrequent travel may be required.

Information Management is a dynamic environment with multiple priorities and deadlines, requiring resilience, diplomacy, and tact in sensitive situations.