Analyst, Security and Privacy

Closure Date: February 22, 2026, 12:00 AM CST

Position #:

Union: Out of Scope

Bargaining Unit: OOS - 3sHealth T&C

City/Town: Regina

Facility: 3sHealth

Department: Information Management Services

Type: Full-time regular

Hours of Work: 1 week rotation 

Salary: Pay Band: 5 ($76,638 - $99,629)

Position Summary

The Analyst, Security and Privacy provides expert leadership in privacy, cybersecurity, and data governance across 3sHealth. This role ensures information is managed securely, lawfully, and in alignment with HIPA, LAFOIP, and recognized security frameworks. Working closely with Information Technology, project teams, and health system partners, the Analyst leads risk assessments, policy development, training, and incident response to reduce risk and support safe, effective service delivery.

Key Areas of Accountability

Privacy Governance & Compliance

• Lead organization‑wide privacy compliance in accordance with HIPA and LAFOIP, including policy interpretation, training, and monitoring.

• Design and deliver organization‑wide privacy training and awareness initiatives.

• Lead or coordinate Privacy Impact Assessments (PIAs), audits, and risk assessments for new or changed services and systems.

• Follow 3shealth Incident response process.

• Maintain inventories and data maps of personal and personal health information, documenting data flows and safeguards.

Cybersecurity Risk Management

• Lead or facilitate threat and risk assessments (TRAs) and gap analyses, recommending risk mitigation strategies.

• Partner with, internal and external stakeholders to ensure privacy and security safeguards are implemented through appropriate technical and administrative controls.

• Develop, maintain, and update cybersecurity policies, standards, and procedures aligned with industry best practices and health‑sector requirements.

• Coordinate and support privacy and cybersecurity incident response, including containment, root‑cause analysis, notifications, and lessons learned.

• Design and deliver cybersecurity awareness and targeted training for staff and leadership.

Information Management & Data Governance

• Develop and maintain data management processes, metrics, and reporting to monitor service performance and regulatory compliance.

• Review and update policies, agreements, and contracts (e.g., MSAs, data‑sharing agreements) to ensure privacy and security requirements are met.

• Provide expert input to project teams on requirements, design decisions, and control selection to embed privacy and security by design.

Other duties as assigned.

Qualifications

Education

• University degree in Computer Science, Information Systems, Business Administration, or a related field; equivalent combinations of education and experience considered.

• Information Access and Protection of Privacy Certificate or equivalent privacy education is an asset.

Experience

• 5–8+ years of progressive experience in Information Management, Privacy, Cybersecurity, or related IM/IT roles.

• Demonstrated experience conducting PIAs, TRAs, audits, and compliance reviews.

• Experience leading or supporting privacy investigations, incident response, and reporting to oversight bodies.

• Privacy and Security certifications are an asset.

• Lean or continuous improvement certification is an asset.

Knowledge, Skills & Abilities

• Advanced knowledge of HIPA, LAFOIP, and privacy best practices for health information.

• Strong understanding of cybersecurity principles, including risk assessment, control design, data classification, encryption, secure transfer, and retention/disposal.

• Ability to interpret legislation and policy and communicate clear, practical guidance verbally and in writing.

• Strong analytical and critical thinking skills, with the ability to synthesize complex information for decision‑makers.

• Effective facilitation and stakeholder management skills, including the ability to build consensus and manage conflict.

• Proficiency with Microsoft 365 and collaboration tools, with comfort in data analysis and reporting.

Working Conditions

• Office-based environment with extensive computer uses and periods of visual concentration; infrequent travel may be required.

• Dynamic environment with multiple priorities and deadlines; requires resilience, diplomacy, and tact in sensitive situations.