Careers
Analyst, Security and Privacy |
|
|---|---|
| Posted Date | Feb 09, 2026 |
| Closing Date | Feb 22, 2026 |
| Department | Information Management |
| Location | Regina, Saskatchewan |
| Job Type | Permanent Full Time |
| Hours of Work | 37.5 hours per one week rotation |
| Salary | Pay Band 5, with a range from $76,638 to $99,629 |
| Expected Start Date | Mar 09, 2026 |
| Number of Positions | 1 |
Job Summary
The Senior Information Management Analyst provides expert leadership in privacy, cybersecurity, and data governance across 3sHealth. This role ensures information is managed securely, lawfully, and in alignment with the Health Information Privacy Act (HIPA), the Local Authority Freedom of Information and Privacy Act (LAFOIP), and recognized security frameworks. Working closely with information technology (IT), project teams, and health-system partners, the Analyst leads risk assessments, policy development, training, and incident response to reduce risk and support safe, effective service delivery.
Key Areas of Accountability
Privacy governance and compliance
- Lead organization wide privacy compliance in accordance with HIPA and LAFOIP, including policy interpretation, training, and monitoring.
- Design and deliver organization wide privacy training and awareness initiatives.
- Lead or coordinate Privacy Impact Assessments (PIAs), audits, and risk assessments for new or changed services and systems.
- Follow 3sHealth incident response process.
- Maintain inventories and data maps of personal and personal health information, documenting data flows and safeguards.
Cybersecurity risk management
- Lead or facilitate threat and risk assessments (TRAs) and gap analyses, recommending risk mitigation strategies.
- Partner with internal and external stakeholders to ensure privacy and security safeguards are implemented through appropriate technical and administrative controls.
- Develop, maintain, and update cybersecurity policies, standards, and procedures aligned with industry best practices and health sector requirements.
- Coordinate and support privacy and cybersecurity incident response, including containment, root cause analysis, notifications, and lessons learned.
- Design and deliver cybersecurity awareness and targeted training for staff and leadership.
Information management and data governance
- Develop and maintain data management processes, metrics, and reporting to monitor service performance and regulatory compliance.
- Review and update policies, agreements, and contracts (e.g., MSAs, data sharing agreements) to ensure privacy and security requirements are met.
- Provide expert input to project teams on requirements, design decisions, and control selection to embed privacy and security by design.
Other duties as assigned.
This position requires an office-based environment with extensive computer uses and periods of visual concentration. Infrequent travel may be required.
Information Management is a dynamic environment with multiple priorities and deadlines, requiring resilience, diplomacy, and tact in sensitive situations.
Required Qualifications
- University degree in computer science, information systems, business administration, or a related field; equivalent combinations of education and experience considered.
- Information Access and Protection of Privacy Certificate or equivalent privacy education is an asset.
Knowledge, Skills, and Abilities
- Advanced knowledge of HIPA, LAFOIP, and privacy best practices for health information.
- Strong understanding of cybersecurity principles, including risk assessment, control design, data classification, encryption, secure transfer, and retention/disposal.
- Ability to interpret legislation and policy and communicate clear, practical guidance verbally and in writing.
- Strong analytical and critical thinking skills, with the ability to synthesize complex information for decision makers.
- Effective facilitation and stakeholder management skills, including the ability to build consensus and manage conflict.
- Proficiency with Microsoft 365 and collaboration tools, with comfort in data analysis and reporting.
Experience
- Five to eight (or more) years of progressive experience in information management, privacy, cybersecurity, or related information management (IM)/IT roles.
- Demonstrated experience conducting PIAs, TRAs, audits, and compliance reviews.
- Experience leading or supporting privacy investigations, incident response, and reporting to oversight bodies.
- Privacy and security certifications are an asset.
- Lean or continuous improvement certification is an asset.
How to Apply
To be considered for this position, all applicants must submit a cover letter and resume. Prior to being offered the position with 3sHealth, the selected candidate will be required to complete a criminal record check. We thank all applicants, however, only those selected for an interview will be contacted.
To apply, please click the button below.