HHS Privacy SMEPrivacy Analyst

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: 15 hours ago

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Privacy SME/Privacy Analyst to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Privacy Law Cybersecurity Information Systems Public Policy or related field.
Minimum 58 years of experience supporting federal privacy programs.
Demonstrated experience with Privacy Act of 1974 E-Government Act and OMB Circular A-130.
Hands-on experience developing and reviewing PTAs PIAs and privacy governance documentation.
Knowledge of NIST SP 800-53 privacy controls and integration with RMF processes.
Experience supporting privacy incident response and breach risk assessments.
Strong written and verbal communication skills with ability to translate complex requirements.
CIPP/US CIPM CISSP or CISM certification (preferred)

Duties:

Advise and provide privacy policy guidance to the COR HRSA leadership system owners ISSOs and program staff.
Review and analyze new and existing HHS OMB and federal privacy policies and assess impacts to HRSA systems and programs.
Support development review and maintenance of Privacy Impact Assessments (PIAs) and Privacy Threshold Analyses (PTAs).
Coordinate with ISSOs and system owners to identify privacy risks and ensure appropriate mitigation strategies.
Support the HRSA Privacy Act Officer in ensuring compliance with Privacy Act requirements and regulations.
Develop update and maintain HRSA privacy policies procedures plans and governance documentation.
Plan develop and conduct privacy awareness and role-based training; develop templates and guidance materials.
Educate HRSA Offices and Bureaus on proper handling safeguarding and dissemination of Personally Identifiable Information (PII).
Respond to privacy incidents and conduct risk-of-harm assessments in coordination with SOC legal and leadership.
Assess privacy controls as part of the Security Control Assessment (SCA) and RMF processes.
Maintain awareness of emerging privacy risks technologies and regulatory changes.
Prepare privacy-related briefings reports and documentation for leadership auditors and oversight bodies.
Participate in meetings working groups and data calls related to privacy management activities.

Required Experience:

Senior IC

Bachelors degree in Privacy Law Cybersecurity Information Systems Public Policy or related field.
Minimum 58 years of experience supporting federal privacy programs.
Demonstrated experience with Privacy Act of 1974 E-Government Act and OMB Circular A-130.
Hands-on experience developing and reviewing PTAs PIAs and privacy governance documentation.
Knowledge of NIST SP 800-53 privacy controls and integration with RMF processes.
Experience supporting privacy incident response and breach risk assessments.
Strong written and verbal communication skills with ability to translate complex requirements.
CIPP/US CIPM CISSP or CISM certification (preferred)

Duties:

Advise and provide privacy policy guidance to the COR HRSA leadership system owners ISSOs and program staff.
Review and analyze new and existing HHS OMB and federal privacy policies and assess impacts to HRSA systems and programs.
Support development review and maintenance of Privacy Impact Assessments (PIAs) and Privacy Threshold Analyses (PTAs).
Coordinate with ISSOs and system owners to identify privacy risks and ensure appropriate mitigation strategies.
Support the HRSA Privacy Act Officer in ensuring compliance with Privacy Act requirements and regulations.
Develop update and maintain HRSA privacy policies procedures plans and governance documentation.
Plan develop and conduct privacy awareness and role-based training; develop templates and guidance materials.
Educate HRSA Offices and Bureaus on proper handling safeguarding and dissemination of Personally Identifiable Information (PII).
Respond to privacy incidents and conduct risk-of-harm assessments in coordination with SOC legal and leadership.
Assess privacy controls as part of the Security Control Assessment (SCA) and RMF processes.
Maintain awareness of emerging privacy risks technologies and regulatory changes.
Prepare privacy-related briefings reports and documentation for leadership auditors and oversight bodies.
Participate in meetings working groups and data calls related to privacy management activities.