Yesterday
Public Trust
Mid Level Career (5+ yrs experience)
IT - Security
Job Description: Privacy Analyst
The Privacy Analyst is responsible for ensuring that all privacy-related documents are delivered to the Privacy team. This includes Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Control Assessment Worksheet (CAW), Annual Review Certificate (ARC), System of Records Notice (SORN), and Executive Summary (ES). The Privacy Analyst will consult with the System Owner SO and ISSO to ensure that privacy-related information is properly represented on all privacy-related documents. They will also ensure that all privacy-related documents are reviewed and updated on an annual basis in preparation for system ATO.
The Privacy Analyst will use checklists and procedures to ensure that accurate information is provided by the contractor, SOs, or ISSOs during the reviews of the PTAs, PIAs, CAWs, SORNs, and ARCs. They will update PTAs, PIAs, SORNs, and CAWs as needed based on comments, recommendations, or concerns from PAO, SO, CISO, BCPO, AO, and CO-AO. They will also update PTAs, PIAs, SORNs, and CAWs as needed based on comments from DOC CRB meetings.
The Privacy Analyst will attend and participate in weekly collaboration meetings with the Privacy Team, providing written and verbal input, recommendations, and status for Privacy-related actions as requested by the Government. Each system is tracked, and status is updated in Rally (web-based tool) for collaboration and team visibility.
Skills & Experience
Knowledge of federal privacy laws and regulations, including the Privacy Act of 1974, E-Government Act of 2002, Fair Information Practice Principles (FIPPs), and OMB Memoranda like M-17-12.
Understanding of Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) processes, including the steps involved in conducting each, the templates and tools used by federal agencies.
Ability to identify what constitutes Personally Identifiable Information (PII) and the different categories of PII.
Familiarity with data security controls and how they can be implemented to mitigate privacy risks.
Analytical skills to assess the privacy risks associated with programs, systems, and data collection practices.
Excellent writing skills to clearly communicate complex privacy issues in PTAs, PIAs, and other reports, tailoring them for both technical and non-technical audiences.
Effective communication skills to collaborate with stakeholders across different departments within the agency, including system teams/owners, program managers, and legal counsel.
Project management skills to manage the PTA and PIA processes, meeting deadlines, and keeping stakeholders informed.
Required Experience/Education:
5+ Years of relevant experience
Bachelors Degree in Information Technology, Information Security (Cybersecurity), Public Administration/Policy, or Law (with a focus on privacy law)
Hold a current cybersecurity certification:
CompTIA Advanced Security Practitioner (CASP+)
EC-Council Certified Chief Information Security Officer (CCISO)
GIAC Systems and Network Auditor (GSNA)
GIAC Information Security Professional (GISP)
GIAC Security Leadership Certification (GSLC)
GIAC Security Essentials (GSEC)
ISACA Certified Information System Auditor (CISA)
ISACA Certified Information Security Manager (CISM)
ISC2 Certified in Governance, Risk and Compliance (CGRC) (Formerly CAP)
ISC2 Certified Information System Security Professional (CISSP)
ISC2 System Security Certified Practitioner (SCP)
Preferred Certification: Certified Information Privacy Professional (CIPP) certification.
Must be able to obtain a Public Trust Clearance
The Privacy Analyst is responsible for ensuring that all privacy-related documents are delivered to the Privacy team. This includes Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Control Assessment Worksheet (CAW), Annual Review Certificate (ARC), System of Records Notice (SORN), and Executive Summary (ES). The Privacy Analyst will consult with the System Owner SO and ISSO to ensure that privacy-related information is properly represented on all privacy-related documents. They will also ensure that all privacy-related documents are reviewed and updated on an annual basis in preparation for system ATO.
The Privacy Analyst will use checklists and procedures to ensure that accurate information is provided by the contractor, SOs, or ISSOs during the reviews of the PTAs, PIAs, CAWs, SORNs, and ARCs. They will update PTAs, PIAs, SORNs, and CAWs as needed based on comments, recommendations, or concerns from PAO, SO, CISO, BCPO, AO, and CO-AO. They will also update PTAs, PIAs, SORNs, and CAWs as needed based on comments from DOC CRB meetings.
The Privacy Analyst will attend and participate in weekly collaboration meetings with the Privacy Team, providing written and verbal input, recommendations, and status for Privacy-related actions as requested by the Government. Each system is tracked, and status is updated in Rally (web-based tool) for collaboration and team visibility.
Skills & Experience
Knowledge of federal privacy laws and regulations, including the Privacy Act of 1974, E-Government Act of 2002, Fair Information Practice Principles (FIPPs), and OMB Memoranda like M-17-12.
Understanding of Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) processes, including the steps involved in conducting each, the templates and tools used by federal agencies.
Ability to identify what constitutes Personally Identifiable Information (PII) and the different categories of PII.
Familiarity with data security controls and how they can be implemented to mitigate privacy risks.
Analytical skills to assess the privacy risks associated with programs, systems, and data collection practices.
Excellent writing skills to clearly communicate complex privacy issues in PTAs, PIAs, and other reports, tailoring them for both technical and non-technical audiences.
Effective communication skills to collaborate with stakeholders across different departments within the agency, including system teams/owners, program managers, and legal counsel.
Project management skills to manage the PTA and PIA processes, meeting deadlines, and keeping stakeholders informed.
Required Experience/Education:
5+ Years of relevant experience
Bachelors Degree in Information Technology, Information Security (Cybersecurity), Public Administration/Policy, or Law (with a focus on privacy law)
Hold a current cybersecurity certification:
CompTIA Advanced Security Practitioner (CASP+)
EC-Council Certified Chief Information Security Officer (CCISO)
GIAC Systems and Network Auditor (GSNA)
GIAC Information Security Professional (GISP)
GIAC Security Leadership Certification (GSLC)
GIAC Security Essentials (GSEC)
ISACA Certified Information System Auditor (CISA)
ISACA Certified Information Security Manager (CISM)
ISC2 Certified in Governance, Risk and Compliance (CGRC) (Formerly CAP)
ISC2 Certified Information System Security Professional (CISSP)
ISC2 System Security Certified Practitioner (SCP)
Preferred Certification: Certified Information Privacy Professional (CIPP) certification.
Must be able to obtain a Public Trust Clearance
group id: 90994518
