Job Description
This position is responsible for ensuring that an organization complies with privacy laws, regulations, and best practices related to data protection. The Privacy Specialist will develop, review, and maintain privacy documentation, including Privacy Impact Assessments (PIAs) and System of Records Notices (SORNs).
Compliance Management:
- Ensure adherence to privacy laws, including the Privacy Act of 1974, E-Government Act of 2002, Office of Management and Budget (OMB) privacy policies, and NIST guidelines.
- Regularly review and update organizational privacy policies to maintain compliance with federal standards.
Privacy Documentation:
- Develop, update, and guide the accurate creation and publication of PIAs, ensuring proper assessment and mitigation of privacy risks.
- Work closely with system owners and relevant stakeholders to understand privacy risks and develop strategies to address them.
Tracking & Reporting
- Track and maintain the status of privacy compliance activities, including the publication of SORNs, PIAs, and privacy plans in Xacta and other compliance management tools.
- Provide clear, timely updates and reports on privacy compliance efforts, risks, and status to the Privacy Program Manager and other key stakeholders
Engagement & Communication:
- Actively participate in privacy-related meetings, offering updates on compliance activities, providing support for privacy reviews, and addressing any assignments related to privacy initiatives.
- Build and maintain strong working relationships with internal and external stakeholders to support and advance the organization’s privacy program.
Training & Awareness:
- Facilitate privacy training programs, ensuring staff are aware of privacy regulations, best practices, and their responsibilities.
- Maintain and update training materials, and track participation and compliance activities through internal systems.
Risk Assessment & Privacy Controls:
- Assess privacy controls as part of the customer’s risk management framework, working closely with system owners to identify and implement necessary privacy measures.
- Provide recommendations and implement privacy controls to mitigate identified privacy risks effectively
System Privacy Plan Development:
- Guide system owners through the development, updating, and maintenance of system privacy plans to align with organizational policies
- Ensure that system privacy plans are comprehensive, current, and compliant with relevant laws and regulations.
SORNs Development & Oversight:
- Oversee the accurate creation and publication of SORNs, working with system owners to gather the necessary information and ensuring compliance with federal privacy policies.
- Monitor and track SORN publications and updates, addressing any issues or questions related to system records.
Requirements
- Bachelor’s degree in Public Policy, Information Systems, Law, or a related field.
- 2+ years of experience in privacy compliance, policy analysis, or a related role within a federal or technical environment.
- Knowledge of federal privacy laws, including the Privacy Act, E-Government Act, and OMB privacy policies.
- Familiarity with NIST guidelines and federal risk management frameworks.
- Strong written and verbal communication skills, with experience drafting policy documents and training materials.
- Detail-oriented with strong analytical and problem-solving skills.
- Ability to work independently and collaboratively in a fast-paced environment.
- Proficiency in privacy compliance tools (e.g., Xacta) and Microsoft Office Suite.
Preferred Qualifications:
- Experience with privacy compliance in a government or contractor setting.
- Certified Information Privacy Professional (CIPP) or similar certification.
- Experience with facilitating and delivering privacy-related training programs.
Recommended Jobs
The Foundation for Government Accountability
National Head Start Association
Stand Up America
Office of Assemblymember Torres