Compliance and Privacy Specialist

Location: Rockville MD

Work Type: Hybrid Work (Minimum 2 days onsite may extend based on client meetings delivery needs and proposal support)

Job Title: Compliance and Privacy Specialist

Clearance: Public Trust

Job Summary: LCG is seeking multiple Compliance and Privacy Specialist supports Clients Information Security and Privacy Program by performing hands-on privacy compliance activities that align with federal mandates including FISMA the Privacy Act of 1974 and related HHS policy requirements. The role focuses on maintaining accurate PII system inventory supporting Privacy Impact Assessments (PIAs) and Privacy Threshold Analyses (PTAs) assisting with SORN lifecycle activities coordinating privacy-related evidence for audits/data calls and ensuring privacy requirements are integrated into operational and system workflowsespecially for FedRAMP cloud environments

Key Responsibilities

Support Client privacy program operations (SAOP support)

• Provide privacy subject matter support to Clients Senior Agency Official for Privacy (SAOP) to help implement organization-wide approaches for privacy risk management.
• Maintain a privacy program posture that protects sensitive information and aligns with federal privacy compliance requirements and Client operational needs.

Maintain and update the agency PII system inventory (system-of-records visibility)

• Identify and maintain an accurate inventory of Client systems that contain Personally Identifiable Information (PII) including which systems require PIAs under the E-Government Act and which systems require SORNs under the Privacy Act.
• Coordinate with System Owners/ISSO stakeholders to validate inventory accuracy when applications are onboarded modified migrated or decommissioned (including third-party hosted systems).
• Record inventory updates within tracking systems and governance repositories (e.g. RSA Archer or agency-defined tools) ensuring traceability for audit readiness.

Support PTA/PIA development review publication tracking and lifecycle compliance

• Develop Privacy Threshold Analyses (PTAs) and/or PIAs within required timelines for new IT projects major changes or system modernization activities.
• Ensure PIAs are reviewed and updated on a defined cadence (e.g. reviewed/updated every 3 years) coordinating with system stakeholders to refresh system descriptions data flows and privacy risks.
• Ensure PIAs required for public posting are available via Client public sites in accordance with OMB policy requirements.
• Track PIA/PTA status approvals and dependencies using privacy tracking logs/compliance trackers and generate status summaries for leadership or privacy governance reviews.

Support SORN creation modification and decommission process

• Establish and execute documented processes supporting creation and decommissioning of Systems of Records Notices (SORNs) including tracking when systems move into/out of system of records applicability.
• Support review/development of SORNs as directed by the CIO/SAOP ensuring accuracy of record categories routine uses and data handling practices.
• Track status of SORNs requiring publication and confirm alignment to Federal Register publication requirements when applicable.

Align privacy compliance to FISMA system compliance SA&A artifacts (cross-functional ISSO support)

• Provide cross-functional ISSO-style support by ensuring privacy requirements are reflected in security documentation and governance artifacts (e.g. security categorization impacts boundary considerations and required privacy controls).
• Support the overall Client Cybersecurity and Privacy program compliance posture that responds to federal statutory and departmental mandates (FISMA/HHS policies).

Coordinate vulnerability management inputs that impact privacy risk and compliance tracking

• Support coordination of vulnerability management activities by consuming scanning tool outputs (e.g. vulnerability scan reports compliance scan results change reports) to identify risks that could elevate privacy exposure.
• Track privacy-relevant weaknesses and remediation actions as part of enterprise POA&M management and continuous monitoring practices.

Align privacy requirements to FedRAMP cloud systems and third-party hosted services

• Validate privacy compliance requirements for systems operating in FedRAMP-approved cloud environments by ensuring privacy documentation reflects the hosting model (shared responsibility) vendor roles and system data handling flows.
• Support Client efforts to maintain accurate listings of third-party hosted systems and coordinate privacy evidence collection for those vendors when needed.

Support audits and federal data calls by producing privacy evidence packages

• Determine gather examine and analyze artifacts and evidence requested by internal/external audits and data calls (e.g. OIG GAO HHS OCIO).
• Provide privacy evidence support such as: current PIA inventories SORN status tracking PII inventory lists approval records publication evidence and compliance tracker extracts.
• Document responses in sufficient detail to enable independent review and ensure audit defensibility.

Ensure privacy requirements are integrated into operational workflows (governance-by-design)

• Embed privacy checks into IT governance workflows such as change management IT clearance packages and system lifecycle activitiesensuring privacy is addressed early (requirements) and continuously (monitoring).
• Support enterprise change management by analyzing proposed system changes for privacy/security impact prior to implementation providing actionable recommendations to stakeholders.

Requirements

Education: Bachelors degree in one of the following (or related discipline) (Cybersecurity / Information Assurance / Information Systems / Information Technology/ Computer Science / Computer Engineering / Public Policy / Public Administration (helpful for privacy governance federal compliance roles))

Certification: CompTIA Security is helpful/preferred

Experience:

• Minimum - 3 years supporting federal compliance/security environments with demonstrated exposure to FISMA and federal privacy requirements (Privacy Act).
• Experience drafting and maintaining PTAs/PIAs including system descriptions data elements data sharing access controls retention/disposal and privacy risk analysis.
• Experience supporting SORN workflows (creation updates decommissioning) and tracking publication requirements.
• Experience supporting privacy evidence collection for audits/data calls and producing defensible response packages.
• Familiarity supporting privacy compliance in FedRAMP cloud environments and vendor-hosted systems.
• Strong working knowledge of:
  • Privacy Act of 1974 requirements and federal privacy compliance expectations
  • HIPAA familiarity (especially where systems may support health-related data or protected information) (from your role capability table)
  • FISMA compliance concepts and system governance support
• Ability to operate as a cross-functional compliance resource partnering with ISSOs system owners engineers and program leadership.
• Strong documentation discipline: able to produce defensible audit-ready evidence and maintain clean trackers/logs.

Tools Set / Platforms

• RSA Archer (GRC tracking inventory and compliance evidence management)
• Privacy tracking logs / compliance trackers (PIA/SORN lifecycle and privacy evidence)
• Security scanning tool outputs (e.g. vulnerability/compliance scan reports used for remediation coordination and risk tracking)

Compensation and Benefits

The projected compensation range for this position is $60000 to $120000 per year benchmarked in the Washington D.C. metropolitan area. Salary at LCG is determined by various factors including but not limited to role location education/training skills certifications and experience.

LCG offers a competitive and comprehensive benefits package including medical dental and vision insurance life and disability insurance retirement plan contributions paid leave federal holidays professional development opportunities and lifestyle benefits.

Devoted to Fair and Inclusive Practices

All qualified applicants will receive consideration for employment without regard to sex race ethnicity age national origin citizenship religion physical or mental disability medical condition genetic information pregnancy family structure marital status ancestry domestic partner status sexual orientation gender identity or expression veteran or military status or any other basis prohibited by law.

If you are interested in applying for employment with LCG and need special assistance or an accommodation to apply for a posted position contact Human Resources at

Securing Your Data

Beware of fraudulent job offers using LCGs name. LCG will never request payment-related details or advance payment during the application process. Legitimate communication will only come from or email addresses.