Investigator & Compliance Review Officer – Information Systems Security, Yukon Information and Privacy Commissioner, Whitehorse, Yukon, Canada

The Information and Privacy Commissioner, Ombudsman and Public Interest Disclosure Commissioner in Whitehorse, Yukon, Canada, is seeking to fill the full-time permanent position of Investigator and Compliance Review Officer – Information Systems Security.

A key responsibility of this position will be to review privacy impact assessments involving complex information systems and privacy breaches to ensure public bodies subject to the Access to Information and Protection of Privacy Act (ATIPPA) and custodians subject to the Health Information Privacy and Management Act (HIPMA) are in compliance. This position will also be responsible for conducting investigations into allegations of unfairness under the Ombudsman Act, violations of the access to information and protection of privacy requirements in the ATIPPA and the HIPMA, and disclosures of wrongdoing or reprisals under the Public Interest Disclosure of Wrongdoing Act.

Primary Accountabilities:

  • Leading investigations and compliance review activities involving information security.
  • Evaluate Privacy Impact Assessments (PIA’s) submitted by Public Bodies for compliance and ensuring best practices. Knowledge of information systems and security risks is an essential component of these evolutions.
  • Conducting research, developing guidance, advisories, reports and providing advice regarding the impact of technological developments on privacy and security in Yukon.
  • Providing information security and technological advice to other team members on their investigations and compliance review activities as needed.
  • Consulting with numerous bodies and individuals across Canada to perform effectively.
  • Works with the Information and Privacy Commissioner on initiatives (local and national) undertaken by custodians and public bodies that impact the privacy and security of personal and health information.
  • Working with the Information and Privacy Commissioner on improving the security of the office’s data management systems.
  • Acting as the chief information security officer for the office.

Essential Qualifications:

The Investigator and Compliance Review Officer (ISS) must have valid Information security management certification such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CSSP), Certified Information Security Manager (CISM). Preference will be given to candidates having any of the following additional certifications:

  • Information security certifications such as Offensive Security Certified Professional (OSCP), GIAC Certified Penetration Tester (GPEN).
  • Privacy certification as a CIPP (Certified Information Privacy Professional), CIPM (Certified Information Privacy Manager), IAPP (Information Access and Protection of Privacy) Certificate, CIAPP (Canadian Institute of Access and Privacy Professionals) Certification, or equivalent.

Desired Knowledge, Skills, and Experience:

The ideal candidate should have, and may be assessed on their:

  • Up to date knowledge about and a keen interest in emerging developments and technologies on the confluence of technology and privacy/fairness such as privacy preserving techniques, genomic medicine, cryptography, AI, digital identity, government e-services, cloud computing, cryptocurrency etc. Certified Cloud Security Professional (CCSP) designation.
  • Developing or reviewing privacy impact assessments and security threat risk assessments on complex information systems.
  • Investigating causes of privacy breaches or in privacy breach management involving information systems.
  • Providing management advice.
  • Developing guidance, advisories, and other resources for compliance purposes.
  • Conducting outreach activities (presentations, workshops, interviews, etc.).
  • Interpreting and applying ombudsman, access, (health) privacy, and/or public interest disclosure legislation.
  • Working in an information security management and/or privacy management role in the public and/or private sector.
  • Conducting investigations, analyzing information, drawing conclusions, and writing investigation reports or letters (as applicable).
  • Writing and communicating effectively.
  • Fostering and maintaining professional working relationships, working within a team and independently, and
  • Experience conducting audits.

Application Submission Information:

For additional information and to apply, visit Candidates must be legally eligible to work in Canada.