Business Consultant

Description:

Project Overview

Privacy and security expertise with direct experience and knowledge of Alberta's health information legislation and related requirements is critical to support the ongoing strategic priorities of the health ministries, including Primary and Preventative Health Services (PPHS) and Hospital and Surgical Health Services (HSHS).

Provide privacy and security support on key Department priorities to ensure compliance with legislative requirements, including the Departments information management policies, and Information and Security Directives.

This role is critical to ensuring privacy risks are identified early, compliance obligations are met, and project timelines are not delayed due to unresolved privacy or security issues.

Description of Services

• Liaise with PPHS Data Access and Information Privacy for community implementation of privacy and security related processes in the use of eHealth technologies, implementation of legislative instruments, or other health ministry initiatives (eHealth).

• Leads and supports updates to the organizational PIA, which underpins both PPHS and HSHS enterprise level compliance posture.

• Provides sustained privacy and security oversight for a high profile initiative through ongoing monitoring, Intake Form and PIA support on several releases per year, participation in monthly governance meetings, and continuous coordination with the program areas.

• Lead and/or collaborate with a team of professionals to support privacy and security activities such as development of PIAs or security assessments.

• Assess and evaluate potential impact of HIA and privacy and security policies related to the scope of eHealth Support Services in delivering new eHealth technologies.

• Work with the Province to plan and develop privacy and security related material for community Users when implementing new eHealth technologies.

• Develop privacy and security related materials during planning phase of eHealth technology implementations, i.e., pORA template cross-references, development of privacy and security assessments (threat risk assessments) and associated materials.

• Provide assistance related to privacy and security related activities, documentation, and processes.

• Provide other privacy and security assistance to Users in implementing and using the eHealth technologies.

• Coordinate eHealth Services activities across multiple streams / projects to ensure privacy and security related processes are followed in all eHealth Services activities.

• Align eHealth Services privacy and security related processes with HIA and EHR related policies, and any changes to them.

• Ensure that sensitive health and personal information is collected, used, and disclosed in compliance with legislative requirements, and that associated privacy risks are appropriately assessed and mitigated.

• Privacy and security expertise with direct experience and knowledge of Alberta's health information legislation and related requirements is critical to support the ongoing strategic priorities of the Department and Minister.

• Provide support on key departmental priorities to ensure compliance with legislative requirements, including the Departments information management policies, and information and security directives.

• Ensure timely and effective advice on privacy and security issues are provided to program areas and project teams.

• Draft internal PIA training materials for internal use by the Privacy and Security team, Data Access Information Privacy branch and program areas to support current and future PIA development and delivers a half-day instructional session to build internal capability and consistency. This supports improved quality of submissions, reduces rework, and strengthens privacy by design practices across program areas.

• Draft and finalize privacy and security guidance for Responsible AI initiatives, supporting the health ministries adoption of emerging technologies in a manner that is compliant, risk‑informed, and aligned with public trust expectations. This work is increasingly critical as AI use expands within health programs.

Background check required.

• The Supplier shall, prior to commencement of the Services, provide the Province, on its request and at no cost to the Province, with criminal record checks.

Mandatory Training Courses:

• Once hired the resource will be required to complete all mandatory training which includes but not limited to Health Information Act, Protection of Privacy Act, Security/Cybersecurity, Information Management, and Respect in the Workplace. There may also be other mandatory and/or optional training.

Anticipated Interviews dates

• Interviews are estimated to be held between interviews between Apr 27-30. This is an estimate only.

Refer to the Job Posting attachments for the proposed form of contract applicable to this Contingent Resource Request

Equipment requirements:

• The Province shall provide the resource the use of a Laptop and ensure they have the necessary access and credentials to the Government of Alberta’s system.

The fixed rate quoted must be inclusive of all overhead, office space and equipment, including supplies, administrative burden, mark-up, and all other costs to perform the Services for the duration of the Contract.

Qualifications

The Prospective Contingent Resource's relevant qualifications are to be detailed within the attached resume in order to validate the relevancy/duration of all claimed experience.

QualificationDescriptionExpectedCurrent

Must Have

Education

Yes/No - (MG)The proposed resource must meet or exceed one of the following combinations...

The proposed resource must meet or exceed one of the following combinations of education or certification and experience in the resource role:

• University degree in business, management or a related discipline and four years of related experience; OR

• Two-year diploma in business, management or a related discipline from a recognized post-secondary institution and six years of related experience; OR

• One-year certificate in business, management or a related discipline from a recognized post-secondary institution and seven years of related experience.

Yes

Yes

No

Work Experience

Duration - Experience conducting, facilitating and interpreting impact and risk assessments...

Experience conducting, facilitating and interpreting impact and risk assessments across multiple scenarios.

10 years

years

Duration - Experience with business writing, communication and documentation.

Experience with business writing, communication and documentation.

5 years

years

Duration - Experience working with AI (e.g., machine learning, NLP)

Experience working with AI (e.g., machine learning, NLP)

1 years

years

Nice to Have

Work Experience

Duration - Demonstrated knowledge and experience with the contents and application of the Alberta...

Demonstrated knowledge and experience with the contents and application of the Alberta Health Information Act, including but not limited to supporting the development of related artifacts such as Privacy Impact Assessment (PIA), Security Threat Risk Assessment (STRA), Business Impact Assessment (BIA).

10 years

years

Duration - Experience coordinating information management, privacy impact, security risk...

Experience coordinating information management, privacy impact, security risk assessments and compliance within IT projects

10 years

years

Duration - Experience developing training materials.

Experience developing training materials.

5 years

years

Duration - Experience developing training plans.

Experience developing training plans.

3 years

years

Duration - Experience with change management.

Experience with change management.

5 years

years

Duration - Experience with information management concepts, privacy, and security issues relating...

Experience with information management concepts, privacy, and security issues relating to ATIA (Access to Information Act) and POPA (Protection of Privacy Act) - previously known as FOIP

10 years

years

Duration - Experience with the development of information management or related types of policies...

Experience with the development of information management or related types of policies, standards and practices.

5 years

years

Duration - Hands-on experience implementing data security and privacy controls, including policies..

Hands-on experience implementing data security and privacy controls, including policies, de-identification/anonymization, and data audits.

3 years

years

Duration - Work experience with Responsible AI principles...

Work experience with Responsible AI principles (e.g., fairness, bias detection, explainability) and conducting risk assessments with mitigation recommendations for senior leadership.

1 years

years