Privacy/Policy Analyst (IMC00551)

The privacy/policy analyst will support, and provide expertise on, a successful cybersecurity and privacy program for a government customer. The privacy/policy analyst will assist in identifying, analyzing, and interpreting privacy, disclosure, policy, and oversight-related rules and regulations, as well as participating in outreach programs and stakeholder partnerships that enhance and support privacy and disclosure related activities. The analyst will provide the necessary level of professional and technical assistance to support the department’s privacy mission.

Duties/Responsibilities: This position will include, but is not limited to, the following tasks:

• Prepare Privacy Threshold Analyses, System of Records Notices (SORNs), Privacy Impact Assessments (PIAs), and Privacy Act statements to analyze new or proposed changes to existing technology, sharing agreements, and programs to identify privacy risks and provide possible mitigation strategies.
• Perform assessments and analyses of projects and studies that require analysis of interrelated issues such as legal compliance, policy compliance, and regulatory compliance.
• Review documents provided by other government agencies, universities, and companies that support the agency’s mission goals for privacy risks and issues that support the agency’s mission goals and provide comments and edits as appropriate.
• Conduct detailed analyses of broad administrative programs and processes and make recommendations accordingly for improvement in the effectiveness and efficiency of work operations and organizational needs related to privacy and the Freedom of Information Act (FOIA).
• Respond to personally identifiable information (PII), privacy, and security incidents and breaches and inform and advise the privacy officer and leadership as appropriate.
• Assist the privacy officer with special studies of programs, functions, and work processes and present findings, alternatives, and recommendations via briefings, reports, or project papers orally and/or in writing.
• Attend meetings with staff, other government agency privacy and disclosure staff, and companies supporting or developing products and services for the agency. Summarize meeting notes and interpret outcomes and objectives.
• Other duties as assigned.

Basic Required Qualifications and Skills:  Note: These are mandatory items that all candidates must have when making application to IMC for this position. Please ensure that your submission addresses each of these requirement items. Candidates without these required elements will not be considered.

• Bachelor’s degree and two years of relevant privacy experience (or three years of relevant privacy experience in lieu of a degree).
• At start date, must possess one of the following professional certifications in ACTIVE status:
  • CompTIA Security + CE, CAP, CISM, CISSP, or GSLC.
• Knowledge of NIST and FISMA guidelines.
• Familiarity with OMB guidance materials as they relate to privacy data.
• Familiarity with the Privacy Rule (HIPAA) or other state and federal privacy laws and regulations.
• Excellent communication skills, both written and oral.
• Ability to establish priorities and work independently.
• Ability to analyze privacy requirements and implementation within the organization.
• Ability to maintain confidentiality of highly sensitive information.
• Competence in resolving problems/conflicts in a diplomatic and tactful manner; exercising discretion in handling confidential information.
• Experience implementing compliance requirements in a matrixed environment using complex information systems.
• Experience working in the Government or other highly regulated environment.
• Experience working with PII and Protected Health Information (PHI).
• General understanding of The Clinger–Cohen Act of 1996, state and federal guidelines regarding privacy, and concepts of Government privacy laws/standards.
• Pursuant to a government contract, this specific position requires U.S. Citizenship.
• Must possess or be able to obtain a federal background investigation of Tier 2 Critical Non-Sensitive (Form SF 85P).

Desired Qualifications and Skills:  It is desirable that the candidate has the following qualifications:

• Certified Information Privacy Professional (CIPP).
• ISSO experience.
• Project Management skills.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Experience in planning, analyzing, and coordinating activities and establishing priorities.
• Experience in HHS as a Government employee or contractor.