Manager, Privacy Advisory and Strategic Initiatives
Full Time
Portland, OR 97239
Posted
Job description
Department Overview:
As an organization devoted to the health and well-being of people in Oregon and beyond, OHSU requires its employees to be fully vaccinated against COVID-19.
This position is responsible for providing leadership and supervision to the OHSU Information Privacy and Security Privacy Advisory and Strategic Initiatives team that consists of IPS Privacy Compliance Privacy Specialists, Privacy Risk Specialist Sr. and Privacy Associates. The Manager, Privacy Advisory and Strategic Initiatives serves as the central resource and coordinator for privacy advisory services and related privacy projects for all OHSU missions. This position will focus on 1) staff recruitment, development, retention and accountability; 2) management of privacy impact assessments and development of mitigation plans in collaboration with key stakeholders; (3) development and implementation of a proactive privacy facility review and compliance monitoring program; and (4) assisting the development and implementation of strategic privacy initiatives in response to regulatory changes or identified internal risks.
The Manager, Privacy Advisory and Strategic Initiatives is a leadership position in the Office of the Chief Privacy Officer and is responsible for working with the OHSU community to facilitate institutional compliance with the policies, procedures, regulations, and guidelines pertaining to information privacy and security. The Information Privacy & Security office (IPS) assists OHSU in protecting the security, confidentiality, and integrity of OHSU restricted information, including protected health information (PHI). This position may assist with remediating identified risks based on substantiated policy violations, compliance and privacy issues, grievances, and matters that impact business decisions that hold a high degree of organizational risk. In this role, the position may coordinate with Human Resources, Risk Management, and Legal on highly sensitive and confidential matters.
Specific areas of responsibility for the Manager, Information Privacy and Security Services include:
- Assisting Associate Chief Privacy Officer (Advisory Services) with strategic planning and building alignment/buy-in for the strategy.
- Providing direct supervision for a team of IPS Privacy Compliance Privacy Specialists, Privacy Risk Specialist Sr. and Privacy Associates.
- Developing, implementing and maintaining appropriate procedures for the various privacy roles comprising the privacy advisory and strategic initiatives team.
- Overseeing privacy impact assessments and advisory responses to privacy and security policy and procedure inquiries.
- Developing and implementing a proactive privacy facility review and compliance monitoring program to identify and resolve privacy and security risks.
- Setting clear performance expectations for staff and performing employee performance reviews including periodic check-ins.
- Developing, implementing and tracking appropriate metrics to enhance privacy program effectiveness.
- Conducting staff meetings and provide training opportunities.
- Serving as an expert resource for information privacy and security inquiries
- Assisting Associate Chief Privacy Officer (Advisory Services) with identifying and deploying strategic responses to identified risks and regulatory changes.
- Serving as IPS management representation on assignments to both internal and external constituencies.
Successful leadership attributes for this position include:
- A collaborator and consensus builder capable of maintaining and cultivating successful working relationships with internal and external stakeholders. A person who proactively establishes/ develops strong partnerships with key stakeholders across the organization.
- A leader with exceptional interpersonal, verbal and written communication skills, who manages work groups by inspiring and advising team members, facilitating goal accomplishment. Has effective time management skills, the ability to prioritize projects for self and teams, evaluates performance of self and others to ensure success.
- A well-organized professional with the ability to manage a variety of complex projects while charting a course of action that effectively and efficiently assists the organization and department in fulfilling goals and objectives.
Staff Management
- Manages the privacy advisory and strategic initiatives team comprised of IPS Privacy Compliance Privacy Specialists, Privacy Risk Specialist Sr. and Privacy Associates.
- Provides oversight of employees that includes timely and ongoing performance feedback and annual appraisals, coupled with mentoring opportunities, as well as ensuring employee position descriptions are maintained annually.
- Ensures staff members are adequately trained to perform job functions by identifying areas for professional and skills development required by staff and arranging appropriate and timely training opportunities
- Sets clear goals and expectations and holds staff accountable for deliverables.
- Schedules and conducts regular staff meetings to communicate the goals and objectives for the team, as well as updating the team on ITG and OHSU current activities.
- Establishes and requires compliance with standards for work intake, processing and documentation.
- Through staff, ensures all assigned tasks are timely completed and appropriate feedback provided.
Privacy advisories/projects/inquiries/compliance monitoring
- Use expert knowledge of federal, state, local, and OHSU statutes, regulations, guidance, Code of Conduct, investigatory best practices, confidentiality, and policies and procedures to effectively:
- Receive privacy inquiries from stakeholders and assign to the appropriate team member.
- Provide guidance on the direction or scope of privacy projects and general inquiries.
- Monitor the status and progress of projects/inquiries to timely response to stakeholders.
- Provide periodic updates on the status of privacy projects/inquiries to the Associate Chief Privacy Officer (Privacy Advisory).
- Review team deliverables (reports or other documentation) to stakeholders and ensure that the deliverables are written in a comprehensive and appropriate fashion according to IPS procedures.
- Develop, implement and maintain appropriate procedures for IPS Privacy Compliance Privacy Specialists, Privacy Risk Specialist Sr. and Privacy Associates.
Policies and procedures
- Participate in development of policies and procedures in partnership as needed.
- Identify deficiencies and advise on how to achieve compliance with regulatory requirements in an efficient manner.
- Conduct ongoing review of policies and procedures, working with leadership to ensure correction and re-education as necessary.
Continuous Quality Improvement
- Participate in the continuous quality improvement in partnership with leadership, including monitoring and improving customer service, compliance with regulations, electronic systems, and productivity.
- Work with leadership, OHSU community, and other appropriate OHSU units in development and enhancement of information privacy and security at OHSU.
- Identify weaknesses and deficiencies, and provide input to leadership on how to enhance the quality and efficiency of the work performed.
Education:
Bachelor’s degree.
Experience:
- 5 years’ experience in state and federal regulations that impact academic health and science institutions, particularly as applied to Information Privacy and Security or related functions.
- 1 year of experience leading or managing a team of privacy professionals or other skilled professionals
Job Related Knowledge, Skills and Abilities (Competencies):
- Ability to interact in a positive, productive manner with staff, faculty, and leadership (demonstrating sensitivity, tact, and professionalism).
- Advanced knowledge of compliance, federal and state laws, regulations, and guidance related to information privacy and security monitoring and investigations.
- Ability to analyze information and construct an action plan to resolve issues.
- Proficiency with responding to privacy inquiries such requests to restrict use/disclosure of PHI and requests for an accounting of disclosures.
- Demonstrated leadership and formal/informal influence skills.
- Ability to effectively work both independently and in a team environment.
- Exceptional organizational abilities, oral and written communication skills, and interpersonal skills.
- Ability to operate and communicate effectively while meeting multiple deadlines and completing projects simultaneously.
- Advanced proficiency with electronic systems and software.
- Ability to operate in a highly stressful environment, demonstrating good judgment and creative/original thinking to address the demands of the OHSU community.
- Proven knowledge of formal information security and privacy standards, techniques and methodologies.
Experience:
- Minimum of two years of experience managing individuals or leading a team.
- At least one year of managing a team of information privacy professionals or an information privacy program.
Please note: Effective Oct. 18, 2021, all OHSU employees are required to be fully vaccinated against COVID-19 unless they have an approved medical or religious exception. If you are hired by OHSU after Oct. 18, you will need to be fully vaccinated (or obtain an approved exception) prior to starting work, and need to provide proof of vaccination (or approved exception) within 10 days of starting work.
All are welcome: Oregon Health & Science University values a diverse and culturally competent workforce. We are proud of our commitment to being an equal opportunity, affirmative action organization that does not discriminate against applicants on the basis of any protected class status, including disability status and protected veteran status. Individuals with diverse backgrounds and those who promote diversity and a culture of inclusion are encouraged to apply. To request reasonable accommodation contact the Affirmative Action and Equal Opportunity Department at 503-494-5148 or aaeo@ohsu.edu.
As an organization devoted to the health and well-being of people in Oregon and beyond, OHSU requires its employees to be fully vaccinated against COVID-19.
gatheringourvoice.org is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, gatheringourvoice.org provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, gatheringourvoice.org is the ideal place to find your next job.