Policy and Organizational Compliance Advisor

at  Elna medical

Job Location: Montreal ELNA HQ (Ideally located in Montreal. Will also explore candidates living in GTA or Edmonton)
Job Type: Full-Time Permanent
Schedule: M-F, Hybrid (2-3 days in office, 2-3 days from home weekly)
Languages: Must be fluent in both English and French

JOB PURPOSE:

ELNA Medical is committed to protecting the privacy of patients’ personal health information and promoting a culture of privacy and confidentiality. ELNA Medical Group is seeking an experienced Policy and Organizational Compliance Advisor to lead ELNA’s efforts in safeguarding sensitive data and adhering to all applicable privacy laws and regulations, both domestically and internationally.
The Advisor assists the Privacy Officer with the implementation, monitoring and auditing of the privacy program in a complex, national healthcare ecosystem, promoting privacy practices and standards and providing formal and informal analysis and guidance.
The Advisor must be able to confidently provide guidance based on law, best practice, and working knowledge of business requirements. The Advisor must have sufficient technical knowledge and comprehension of analytical tools to identify risks and gaps as new information is presented. The Advisor must be able to effectively communicate requirements and gaps to the Privacy Officer and relevant stakeholders.

PRINCIPAL RESPONSIBILITIES:

Privacy Program Leadership

• Oversee ELNA’s privacy program, ensuring alignment with evolving legal and regulatory requirements.
• Develop and implement privacy policies and procedures that adhere to applicable laws and standards.
• Conduct Privacy Impact Assessments (PIAs) to identify and mitigate potential privacy risks.
• Collaborate with cross-functional teams (operational, HR, IT, security) to embed Privacy by Design principles.
• Utilize data mapping and discovery tools to identify and classify personal information within the organization’s systems.

Compliance & Risk Management

• Identify, develop, and implement business policies and processes that maintain or improve enterprise privacy compliance.
• Review and update existing documentation of IT controls, business processes, policies, and procedures.
• Monitor compliance with privacy and security laws and regulations, conducting regular audits and assessments.
• Investigate and respond to privacy complaints, confidentiality incidents, and data subject access rights requests, ensuring timely resolution and reporting.
• Participate in the due diligence process for potential acquisitions, providing a company risk assessment.
• Collaborate with the security team to ensure alignment between privacy and security initiatives.
• Develop and maintain data processing agreements and other privacy-related contracts with third-party vendors and partners.

Training & Awareness

• Oversee privacy and security training and awareness programs for employees and stakeholders.
• Maintain the Learning Management System (LMS) with relevant training material and audit employee annual compliance.
• Develop engaging and informative privacy awareness materials and campaigns for employees and patients.

Collaboration & Communication

• Serve as the primary point of contact for privacy-related inquiries.
• Proactively monitor and analyze emerging privacy trends, technologies, and best practices.
• Provide strategic advice and guidance to senior management on privacy matters.
• Respond to requests for information pertaining to privacy
• Assist IT Team in achieving security goals and standards (ISO 27001, SOC II, NIST).