Privacy and Security Analyst, BC Health Workday

Privacy and Security Analyst, BC Health Workday

Role Summary

In accordance with the Purpose, Vision, Values and Coast Salish Teachings, and strategic directions of PHSA, safety, including both patient and employee safety, is a priority and a responsibility shared by everyone at PHSA. As such, the requirement to continuously improve quality and safety is inherent in all aspects of this position.  
 
The BC Health Workday Program is a provincial initiative with seven participating BC health organizations (FHA, IHA, ISLH, NHA, PHC, PHSA and VCHA). The program began in 2023 to implement a Human Capital Management System (HCMS) software solution as part of the BC Health Human Resources Strategy to transform HR services. Designed by Workday Canada, the new provincial platform will replace existing HR and payroll systems in the health organizations with a single, unified technical system that will standardize and modernize HR and payroll services. It is a significant transformation in BC and is vital to the sustainability of BC’s health system. 
 
Reporting to the Manager, Quality, Risk and Issue Management, the Privacy and Security Analyst develops and enforces program-wide privacy and security standards, conducts risk assessments, privacy impact assessments, security reviews, and technical audits, and provides expert guidance to PMO teams and Health Organizations on governance, internal controls, and security-by-design. The role leads incident investigations, coordinates audit preparedness, and supports secure data conversion and integrations within the Workday environment, working collaboratively with internal and external partners to maintain consistent and effective security practices.   
 
This role combines privacy expertise with risk and security analysis to anticipate and mitigate vulnerabilities, ensure regulatory and policy compliance, and establish consistent practices across all Health Organizations participating in the program. 

Key Accountabilities

• Develops and maintains program-wide privacy and security standards, ensuring alignment with BC Health policy, Workday system requirements, and recognized industry frameworks (e.g., IIA, ISACA, NIST, ISO 27000). 
• Provides subject matter expertise on privacy and information security, serving as a resource for PMO, Workday implementation teams, and Health Organizations.
• Advises on governance, internal controls, and security-by-design principles. 
• Conducts risk assessments, privacy impact assessments (PIAs), security reviews, and technical audits of program processes and deliverables.
• Analyzes findings and develops practical recommendations to address identified risks and exposures. 
• Supports audit preparedness by ensuring documentation, evidence, and system configurations meet regulatory and industry expectations.
• Coordinates responses to audit and compliance inquiries related to privacy and security. 
• Investigates and facilitates the resolution of potential privacy or security incidents, including unauthorized access attempts or breaches.
• Works collaboratively with the PMO, Health Organizations, and external partners to manage incident response. 
• Provides guidance for secure data conversion, integrations, and reporting within the Workday environment.
• Ensures appropriate privacy and security controls are embedded during design, testing, and deployment. 
• Collaborates with other PMO functions (Risk, Compliance, Testing, Legal, and Change Management) to ensure integrated assurance, minimize duplication, and strengthen the program’s control posture. 
• Engages with Health Organization privacy and security representatives, provincial oversight bodies, and external auditors to maintain consistent practices, share outcomes and key learnings, and support alignment across the province. 
• Monitors emerging privacy and security threats, advises program leadership of implications, and recommends enhancements to improve security posture and resilience. 

Qualifications

• A level of education, training, and experience equivalent to a Bachelor’s Degree in Computer Science, Information Security, Risk Management, or a related discipline and five to seven (5-7) years’ of recent related experience in information security, privacy, or risk analysis within large, complex organizations. Professional certifications such as CISSP, CISA, CISM, or other recognized security credentials and experience supporting ERP or major system transformation initiatives in healthcare or the public sector is considered a strong asset. 
• Strong knowledge of information security technologies (firewalls, intrusion detection/prevention, audit logging, SIEM tools, antivirus solutions) combined with an understanding of privacy frameworks and health information regulations.  
• Ability to conduct PIAs, risk assessments, and security audits, and to translate complex findings into clear, actionable recommendations. 
• Applies strong knowledge of information security concepts and security technologies. 
• Uses exceptional written communication skills and analytical abilities to conduct assessments, document and analyze finding and prepare related recommendations  
• Proactive, detail-oriented, and collaborative, with the ability to anticipate risks, embed privacy and security readiness into program practices, and protect the integrity of the BC Health Workday Program. 
• Advanced skills in data interpretation and trend analysis to identify patterns in security logs, privacy incidents, or audit findings and translate them into actionable insights. 
• Strong knowledge of privacy legislation (e.g., FIPPA, PIPA, PHIPA, HIPAA) and ability to ensure program compliance in handling HR, payroll, and health data. 
• Understanding of data sharing across organizations including custodianship, access controls, and compliance with privacy legislation when sensitive employee or business data is exchanged. 
• Demonstrated ability to conduct financial or operational diligence reviews with department leaders to ensure risk controls and privacy/security requirements are fully embedded in program delivery. 
• Experience supporting governance bodies and oversight committees by presenting clear risk, privacy, and compliance analysis to executive partners. 

What we bring

Every PHSA employee enables the best possible patient care for our patients and their families. Whether you are providing direct care, conducting research, or making it possible for others to do their work, you impact the lives of British Columbians today and in the future. That’s why we’re focused on your care too – offering health, wellness, development programs to support you – at work and at home.

• Join one of BC’s largest employers with province-wide programs, services and operations – offering vast opportunities for growth, development, and recognition programs that honour the commitment and contribution of all employees.
• Access to professional development opportunities through our in-house training programs, including +2,000 courses, such as our San’yas Indigenous Cultural Safety Training course, or Core Linx for Leadership roles.
• Enjoy a comprehensive benefits package, including municipal pension plan, and psychological health & safety programs and holistic wellness resources.
• Annual statutory holidays (13) with generous vacation entitlement and accruement.
• PHSA is a remote work friendly employer, welcoming flexible work options to support our people (eligibility may vary, depending on position).
• Access to WorkPerks, a premium discount program offering a wide range of local and national discounts on electronics, entertainment, dining, travel, wellness, apparel, and more.

Job Type: Temporary, Full-Time
Wage:  $74,618.00 - $107,264.00
The starting salary for this position would be determined with consideration of the successful candidate’s relevant education and experience and would be in alignment with the provincial compensation reference plan.
Location: 1775 Willingdon Ave, Burnaby BC V5C6E3 (Hybrid)
Closing date: Open Until Posting is Filled
Hours of Work: 08:30 to 16:30, Mon - Fri
Requisition # HCMS_E06311

What we do  

The Provincial Health Services Authority (PHSA) plans, manages and evaluates specialized health services with the BC health authorities to provide equitable and cost-effective health care for people throughout the province. Our values reflect our commitment to excellence and include: Respect people – Be compassionate – Dare to innovate – Create equity – Be courageous.  

Learn more about PHSA and our programs: jobs.phsa.ca/programs-and-services 

PHSA is committed to anti-racism and equity in our hiring and employment practices. With learning and compassion, we are addressing existing inequities and barriers throughout our systems. PHSA is seeking to create a diverse workforce and to establish an inclusive and culturally safe environment. We invite applications and enquiries from all people, particularly those belonging to the historically, systemically, and/or persistently excluded groups identified under the B.C. Human Rights Code. 

One of PHSA’s North Star priorities is to eradicate Indigenous-specific racism, which includes ongoing commitments to Indigenous recruitment and employee experience as well as dismantling barriers to health care employment at every level. We welcome Indigenous individuals to apply and/or contact the Sanya’k̓ula Team (Indigenous Recruitment & Employee Experience) for support at indigenous.employment@phsa.ca. 

Indigenous-specific anti-racism initiatives are rooted in addressing the unique forms of discrimination, historical and ongoing injustices, and exclusion faced by Indigenous peoples. These initiatives align with an Indigenous rights-based approach, recognizing the inherent rights and title of BC First Nations and self-determination of all First Nations, Inuit and Métis communities. PHSA is mandated to uphold legislative obligations and provincial commitments found in the foundational documents  including the Truth & Reconciliation Commission’s Calls to Action (2015), In Plain Sight (2020), BC's Declaration on the Rights of Indigenous Peoples Act (2019), United Nations Declaration on the Rights of Indigenous Peoples (UNDRIP), Reclaiming Power and Place Missing and Murdered Indigenous Women & Girls Calls for Justice (2019), the Declaration Act Action Plan and Remembering Keegan: A First Nations Case Study.