Privacy and Security Analyst

Privacy and Security Analyst, BC Health Workday

Role Summary

In accordance with the Purpose, Vision, Values and Coast Salish Teachings, and strategic directions of PHSA, safety, including both patient and employee safety, is a priority and a responsibility shared by everyone at PHSA. As such, the requirement to continuously improve quality and safety is inherent in all aspects of this position.

The BC Health Workday Program is a provincial initiative with seven participating BC health organizations (FHA, IHA, ISLH, NHA, PHC, PHSA and VCHA). The program began in 2023 to implement a Human Capital Management System (HCMS) software solution as part of the BC Health Human Resources Strategy to transform HR services. Designed by Workday Canada, the new provincial platform will replace existing HR and payroll systems in the health organizations with a single, unified technical system that will standardize and modernize HR and payroll services. It is a significant transformation in BC and is vital to the sustainability of BC's health system.

Reporting to the Manager, Quality, Risk and Issue Management, the Privacy and Security Analyst develops and enforces program-wide privacy and security standards, conducts risk assessments, privacy impact assessments, security reviews, and technical audits, and provides expert guidance to PMO teams and Health Organizations on governance, internal controls, and security-by-design. The role leads incident investigations, coordinates audit preparedness, and supports secure data conversion and integrations within the Workday environment, working collaboratively with internal and external partners to maintain consistent and effective security practices.

This role combines privacy expertise with risk and security analysis to anticipate and mitigate vulnerabilities, ensure regulatory and policy compliance, and establish consistent practices across all Health Organizations participating in the program.

Key Accountabilities

• Develops and maintains program-wide privacy and security standards, ensuring alignment with BC Health policy, Workday system requirements, and recognized industry frameworks (e.g., IIA, ISACA, NIST, ISO
• Provides subject matter expertise on privacy and information security, serving as a resource for PMO, Workday implementation teams, and Health Organizations.
• Advises on governance, internal controls, and security-by-design principles.
• Conducts risk assessments, privacy impact assessments (PIAs), security reviews, and technical audits of program processes and deliverables.
• Analyzes findings and develops practical recommendations to address identified risks and exposures.
• Supports audit preparedness by ensuring documentation, evidence, and system configurations meet regulatory and industry expectations.
• Coordinates responses to audit and compliance inquiries related to privacy and security.
• Investigates and facilitates the resolution of potential privacy or security incidents, including unauthorized access attempts or breaches.
• Works collaboratively with the PMO, Health Organizations, and external partners to manage incident response.
• Provides guidance for secure data conversion, integrations, and reporting within the Workday environment.
• Ensures appropriate privacy and security controls are embedded during design, testing, and deployment.
• Collaborates with other PMO functions (Risk, Compliance, Testing, Legal, and Change Management) to ensure integrated assurance, minimize duplication, and strengthen the program's control posture.
• Engages with Health Organization privacy and security representatives, provincial oversight bodies, and external auditors to maintain consistent practices, share outcomes and key learnings, and support alignment across the province.
• Monitors emerging privacy and security threats, advises program leadership of implications, and recommends enhancements to improve security posture and resilience.

Qualifications

• A level of education, training, and experience equivalent to a Bachelor's Degree in Computer Science, Information Security, Risk Management, or a related discipline and five to seven (5-7) years' of recent related experience in information security, privacy, or risk analysis within large, complex organizations. Professional certifications such as CISSP, CISA, CISM, or other recognized security credentials and experience supporting ERP or major system transformation initiatives in healthcare or the public sector is considered a strong asset.
• Strong knowledge of information security technologies (firewalls, intrusion detection/prevention, audit logging, SIEM tools, antivirus solutions) combined with an understanding of privacy frameworks and health information regulations.
• Ability to conduct PIAs, risk assessments, and security audits, and to translate complex findings into clear, actionable recommendations.
• Applies strong knowledge of information security concepts and security technologies.
• Uses exceptional written communication skills and analytical abilities to conduct assessments, document and analyze finding and prepare related recommendations
• Proactive, detail-oriented, and collaborative, with the ability to anticipate risks, embed privacy and security readiness into program practices, and protect the integrity of the BC Health Workday Program.
• Advanced skills in data interpretation and trend analysis to identify patterns in security logs, privacy incidents, or audit findings and translate them into actionable insights.
• Strong knowledge of privacy legislation (e.g., FIPPA, PIPA, PHIPA, HIPAA) and ability to ensure program compliance in handling HR, payroll, and health data.
• Understanding of data sharing across organizations including custodianship, access controls, and compliance with privacy legislation when sensitive employee or business data is exchanged.
• Demonstrated ability to conduct financial or operational diligence reviews with department leaders to ensure risk controls and privacy/security requirements are fully embedded in program delivery.
• Experience supporting governance bodies and oversight committees by presenting clear risk, privacy, and compliance analysis to executive partners.

What we bring

Every PHSA employee enables the best possible patient care for our patients and their families. Whether you are providing direct care, conducting research, or making it possible for others to do their work, you impact the lives of British Columbians today and in the future. That's why we're focused on your care too – offering health, wellness, development programs to support you – at work and at home.

• Join one of BC's largest employers with province-wide programs, services and operations – offering vast opportunities for growth, development, and recognition programs that honour the commitment and contribution of all employees.
• Access to professional development opportunities through our in-house training programs, including +2,000 courses, such as our San'yas Indigenous Cultural Safety Training course, or Core Linx for Leadership roles.
• Enjoy a comprehensive benefits package, including municipal pension plan, and psychological health & safety programs and holistic wellness resources.
• Annual statutory holidays (13) with generous vacation entitlement and accruement.
• PHSA is a remote work friendly employer, welcoming flexible work options to support our people (eligibility may vary, depending on position).
• Access to WorkPerks, a premium discount program offering a wide range of local and national discounts on electronics, entertainment, dining, travel, wellness, apparel, and more.

Job Type:
Temporary, Full-Time

Wage:
$74, $107,264.00

The starting salary for this position would be determined with consideration of the successful candidate's relevant education and experience and would be in alignment with the provincial compensation reference plan.

Location:
1775 Willingdon Ave, Burnaby BC V5C6E3 (Hybrid)

Closing date:
Open Until Posting is Filled

Hours of Work:
08:30 to 16:30, Mon - Fri

Requisition # HCMS_E06311