Privacy Specialist

at  Customer Value Partners Inc

Overview:
CVP is an award-winning healthcare and next-gen technology consulting firm recognized for excellence and innovation in the solutions we have provided our clients across healthcare, national security, and the public sector.
We are seeking a Privacy Specialist to join our team of experts tasked with securing the critical networks and systems our clients depend on.

Responsibilities:

• Assist in the management of privacy and security-related policies
• Assist with compliance risk management activities – such as developing auditing, monitoring, and oversight processes related to identified risks
• Assist with interpreting and implementing policy initiatives
• Assist with responses to data calls and audits
• Assist with risk assessments and audits to determine compliance with governmental regulations
• Attend regular meetings (formal and informal) to relay progress and establish priorities
• Builds and maintains client and stakeholder relationships
• Collaborate and interface with project stakeholders, including end users, organizational offices, and implementation partners on privacy-related matters
• Collect and maintain data needed to meet organizational privacy reporting
• Complete projects/deliverables on time and with quality
• Conduct scheduled, ad hoc, and special reviews and assessments of privacy programs and efforts to ensure compliance with appropriate, laws, regulations, and policy standards and requirements
• Create required Privacy documentation in support of the security authorization process
• Develop and maintain procedural, technical, and training support documents for the Privacy documentation review processes
• Develop and maintain a tracking system for various types of documentation related to compliance with relevant privacy and electronic standards promulgated under the Health Insurance Portability and Accountability Act (HIPAA), federal and state (as applicable) laws, and agreements the organization may have with other parties
• Develop and present briefings on project status to organization leadership
• Develop and update the organization’s Privacy Policy handbook based on guidance from the Chief Privacy Officer, Office of Management & Budget (OMB) memoranda, NIST guidance documents, and US-CERT requirements
• Develop training materials, identify target audiences to foster awareness and understanding of and promoting adherence to privacy compliance requirements.
• Efficiently track and investigate privacy matters
• Ensure systematic compliance audits are undertaken and findings are reported and acted upon
• Facilitate meetings and conference calls with multiple parties and keep appropriate stakeholders properly informed about privacy matters
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the organization’s privacy program
• Investigate issues, perform a root cause analysis and risk assessment, and make recommendations regarding mitigating and corrective actions.
• Liaison with all key organizational areas, in particular any development teams, to ensure data privacy issues are considered at the outset of new projects, products and initiatives
• Maintain current knowledge of applicable federal and state privacy laws and regulations.
• Monitor compliance with federal and state laws, regulations, and company privacy policies
• Monitor the industry landscape to keep visibility on evolutions, trends, and best practices related to Data Privacy.
• Prepare reports, related analyses, and other summaries related to the impact of new and existing compliance requirements, with recommendations to assist management in ensuring compliance and improving internal controls
• Provide PII Incident response expertise and management support to the Privacy Office in cooperation with the Security Operations Center (SOC).
• Provide support in researching, developing, modifying, maintaining and producing required Privacy presentations or training materials and other documents to ensure the privacy program compliance with applicable laws and regulations
• Provide regular status reports on the status of PIAs/PTAs currently under review
• Recognize a possible security violation and take appropriate action to report the incident, as required
• Recommend and implement changes to PIA/PTA process templates, processes, training, and support material based on periodic federal guidance changes
• Research, analyze, and evaluate changes in applicable statutes, rules, regulations, and other compliance standards via relevant government websites, compliance associations, and industry publications
• Respond to requests for guidance and information on compliance requirements including the internal process for conflict-of-interest reporting, analysis, and management and document retention and destruction policies
• Review and track Privacy Impact Assessments (PIA) and Privacy Threshold Analysis (PTA) documents to completion in accordance with current standard operating procedures (SOP)
• Supervise or manage protective or corrective measures when a privacy-related incident or vulnerability is discovered
• Support the reviews of current Privacy Plans and assess how the plans must be updated to align with the organization’s and OCIO’s strategic plans and the cybersecurity framework
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken
• Track legislation that may impact the organization’s privacy program

Qualifications:

• 4-year college degree in Computer Science or related field and 2 years’ experience or 5 years’ experience in lieu of a college degree
• Experience demonstrating strong analytical, troubleshooting and problem-solving skills for cybersecurity
• Excellent communication skills, both written and oral
• Knowledge of NIST and FISMA guidelines

DESIRED SKILLS

• Certified Information Privacy Professional (CIPP)
• Project Management skills

• Assist in the management of privacy and security-related policies
• Assist with compliance risk management activities – such as developing auditing, monitoring, and oversight processes related to identified risks
• Assist with interpreting and implementing policy initiatives
• Assist with responses to data calls and audits
• Assist with risk assessments and audits to determine compliance with governmental regulations
• Attend regular meetings (formal and informal) to relay progress and establish priorities
• Builds and maintains client and stakeholder relationships
• Collaborate and interface with project stakeholders, including end users, organizational offices, and implementation partners on privacy-related matters
• Collect and maintain data needed to meet organizational privacy reporting
• Complete projects/deliverables on time and with quality
• Conduct scheduled, ad hoc, and special reviews and assessments of privacy programs and efforts to ensure compliance with appropriate, laws, regulations, and policy standards and requirements
• Create required Privacy documentation in support of the security authorization process
• Develop and maintain procedural, technical, and training support documents for the Privacy documentation review processes
• Develop and maintain a tracking system for various types of documentation related to compliance with relevant privacy and electronic standards promulgated under the Health Insurance Portability and Accountability Act (HIPAA), federal and state (as applicable) laws, and agreements the organization may have with other parties
• Develop and present briefings on project status to organization leadership
• Develop and update the organization’s Privacy Policy handbook based on guidance from the Chief Privacy Officer, Office of Management & Budget (OMB) memoranda, NIST guidance documents, and US-CERT requirements
• Develop training materials, identify target audiences to foster awareness and understanding of and promoting adherence to privacy compliance requirements.
• Efficiently track and investigate privacy matters
• Ensure systematic compliance audits are undertaken and findings are reported and acted upon
• Facilitate meetings and conference calls with multiple parties and keep appropriate stakeholders properly informed about privacy matters
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the organization’s privacy program
• Investigate issues, perform a root cause analysis and risk assessment, and make recommendations regarding mitigating and corrective actions.
• Liaison with all key organizational areas, in particular any development teams, to ensure data privacy issues are considered at the outset of new projects, products and initiatives
• Maintain current knowledge of applicable federal and state privacy laws and regulations.
• Monitor compliance with federal and state laws, regulations, and company privacy policies
• Monitor the industry landscape to keep visibility on evolutions, trends, and best practices related to Data Privacy.
• Prepare reports, related analyses, and other summaries related to the impact of new and existing compliance requirements, with recommendations to assist management in ensuring compliance and improving internal controls
• Provide PII Incident response expertise and management support to the Privacy Office in cooperation with the Security Operations Center (SOC).
• Provide support in researching, developing, modifying, maintaining and producing required Privacy presentations or training materials and other documents to ensure the privacy program compliance with applicable laws and regulations
• Provide regular status reports on the status of PIAs/PTAs currently under review
• Recognize a possible security violation and take appropriate action to report the incident, as required
• Recommend and implement changes to PIA/PTA process templates, processes, training, and support material based on periodic federal guidance changes
• Research, analyze, and evaluate changes in applicable statutes, rules, regulations, and other compliance standards via relevant government websites, compliance associations, and industry publications
• Respond to requests for guidance and information on compliance requirements including the internal process for conflict-of-interest reporting, analysis, and management and document retention and destruction policies
• Review and track Privacy Impact Assessments (PIA) and Privacy Threshold Analysis (PTA) documents to completion in accordance with current standard operating procedures (SOP)
• Supervise or manage protective or corrective measures when a privacy-related incident or vulnerability is discovered
• Support the reviews of current Privacy Plans and assess how the plans must be updated to align with the organization’s and OCIO’s strategic plans and the cybersecurity framework
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken
• Track legislation that may impact the organization’s privacy progra