Compliance & Privacy Officer

Praxis Spinal Cord Institute is a Canadian-based not-for-profit organization that leads global collaboration in spinal cord injury research, innovation and care. We advance ground-breaking ideas that can be put into practice, making lives better. We actively engage people with spinal cord injury and other world-class experts to work together to identify and solve the most urgent challenges to make exceptional improvements in the health of people with spinal cord injury. Praxis is proudly accredited by Imagine Canada and was named one of Canada’s Top 100 Charities by Maclean’s and Money Sense magazines, achieving an A+ rating.

Through a diverse workforce, Praxis is committed to excellence in research, innovation and care for people living with spinal cord injury. Praxis recognizes that a diverse workforce, comprised of individuals with an array of identities, abilities, backgrounds, cultures, skills, perspectives and experiences is vital to creativity, growth and innovation and our success in making an impact on quality of life. We support our commitment by fostering an inclusive workplace which is fair, equitable, supportive, welcoming and respectful, allowing us to continue to transform health outcomes.

**JOB SUMMARY**

The Compliance & Privacy Officer ensures that Praxis’ business practices related to general organizational compliance and quality meet legislative, regulatory and contractual requirements, international standards and best practices.

This position is responsible for fostering a culture of compliance and quality with the support of management and working with all employees to ensure overall compliance and quality. It is also responsible for following up on all findings and corrective and preventative action items as required, and works with external parties in any compliance reviews or investigations as necessary.

The Compliance & Privacy Officer is required to stay up-to-date with both internal and external changes in business activities, technology, legislative, regulatory and contractual requirements, and best practices to ensure organizational adaptation and compliance, and to provide updates and escalate critical issues/concerns, as required.

**JOB ACCOUNTABILITIES**

**Compliance**
- Developing, maintaining, and monitoring a quality program to improve general organizational compliance and quality.
- Developing, implementing, monitoring, and improving the general quality program as necessary, including:

- Developing and updating general organizational policies and procedures [e.g., processes regarding the management of policies, SOPs and forms, documentation of training, information security (non-technical), conflicts of interest, whistleblowing, Canadian Anti-Spam Legislation (CASL), policy and procedure deviations, and complaints]; and
- Providing training and reminders to all employees and applicable third parties.
- Providing support to improve the compliance and quality of process owners’ specific and critical activities, as required. This includes but is not limited to coordinating and documenting information security incidents and reviewing and revising board and departmental policies and SOPs.
- Support with contracts and agreements inclusive of advising on contractual requirements, drafting, reviewing and updating templates;
- Monitoring compliance with Imagine Canada’s Standards Program, and writing and submitting reports annually in order to maintain accreditation; and
- Performing internal reviews of Praxis’ critical activities upon request of senior management.

**Privacy**
- Maintains a privacy management program that is accountable and abides by Canadian federal, provincial and territorial legislation and regulations, international standards and best practices to ensure compliance with:

- Privacy legislation for all jurisdictions within which Praxis currently operates and could possibly operate in the future; and
- Praxis’ contractual requirements.
- Monitoring privacy compliance, assessing effectiveness and revising program controls as necessary, including but not limited to
- Developing and updating the privacy policy and related Standard Operating Procedures (SOPs);
- Developing and providing orientation and refresher privacy training and awareness to all employees and applicable third parties or providing them with alternative training;
- Developing, updating and reviewing Data Sharing Agreement (or similar);
- Performing internal privacy reviews/audits; and
- Ensuring risk assessments are performed where necessary, i.e. third-party vetting, privacy impact assessments (PIAs).

**Other Primary Duties**
- Coordinating and following up on external PIAs, audits and inspections;
- Managing privacy breaches, inquiries, and complaints;
- Supporting programs and systems at the direction of the Director of Accountability & Impact and in collaboration with other internal stakeholders to enhance the effectiveness of risk mitigation for all business functions, as required;