Privacy Specialist

Strategic Analysis, Inc. is an Equal Opportunity Employer.





Privacy Specialist (#26-095)

Job Code:26-095
Location:Washington, D.C.
FT/PT Status:Full Time
Required Clearance:Public Trust

Strategic Analysis, Inc. (SA) Is rapidly seeking a Privacy Specialist to support the Advanced Research Projects Agency for Health (ARPA-H)

Roles and Responsibilities:



• Collaborating with agency staff to complete and implement Privacy Threshold Analyses (PTA), Third Party Website and Application Privacy Impact Assessments (TPWAs), Privacy Impact Assessments (PIAs), and Internal PIAs in accordance with Departmental and federal requirements.

• Advising staff when and how to complete a PIA, PTA, or TPWA, including but not limited to determining the appropriate legal authorities and identifying the appropriate System of Records Notice (SORN) requirements.

• Reviewing draft PTAs, PIAs, and TPWAs for adequacy and accuracy prior to submission to the agency Senior Official for Privacy (SOP) for review and approval by the respective Federal department’s Senior Agency Official for Privacy (SAOP).

• Revising PTAs, PIAs, and TPWAs in response to SOP and SAOP feedback in coordination with the information system owners and other stakeholders.

• Resubmitting PTAs, TPWAs, and PIAs to the SOP and SAOP after completing requested revisions, if necessary, as needed to obtain approval for agency systems, websites, and information collections.

• Maintaining an up-to-date PTA, PIA, and TPWA inventory; supporting compliance with reporting requirements.

• Ensuring privacy issues/risks are addressed and agency processes comply with all relevant legal requirements regarding privacy and unauthorized access to personally identifiable information.

• Entering appropriate PIA activities and compliance documentation into the Cybersecurity Assessment Management (CSAM) tool.

• Facilitating the development and writing of new SORNs as well as SORN modifications to include coordinating the submission of the new or modified SORN to the Federal Register to obtain approval for the respective agency.

• Assisting staff identify when a new SORN needs to be written or an existing SORN needs to be modified

• Maintaining an up-to-date repository of agency SORNs

• Establishing, implementing, and administering appropriate privacy controls to manage privacy risks associated with agency IT systems and makes recommendations regarding the authorization of the IT system.

• Facilitating the development, editorial, and drafting process centered on document management, deadlines, and workflow, and the approval processes related to privacy compliance documents, and experience preparing guidance/instruction for privacy compliance procedures and operations.

• Evaluating agency IT investments for privacy risks to ensure that privacy requirements (and associated privacy controls), as well as any associated costs, are explicitly identified and included, with respect to any IT resources that will be used to create, collect, use, process, store, maintain, disseminate, disclose, or dispose of PII.

• Compiling any required privacy documentation and reviewing acquisition packages through each procurement phase to verify that privacy requirements have been fulfilled. Ensuring agency procurement documentation includes the appropriate privacy language and requirements.

• Collaborating with partners (e.g., (e.g., Information Systems Security Officer, Project Manager, Contracting Officer, or Contracting Officer Representative) to identify PII and determine Client risk level.

• Analyzing and reviewing privacy and policy issues that may include changes, conflicts, and projected impact upon program office ability to manage privacy concerns.

• Interacting with system/program owners and officials and other federal agencies to identify and correct issues related to privacy and to conduct business process reviews to identity vulnerabilities that could result in a breach of personally identifiable information.

• Establishing protocols for responding to Privacy incidents and breaches. Preparing for and responding to breaches of Personally Identifiable Information (PII).

Requirements:



• Extensive experience interpreting and applying federal privacy laws, regulations, and policies within a government context.

• Demonstrated expertise in privacy program management, risk assessment, and incident response.

• Strong analytical, communication, and stakeholder engagement skills.

• Proven ability to collaborate effectively with diverse stakeholders at all organizational levels, including senior leadership, peers, and administrative staff.

• Strong political savvy; effectively navigates complex organizational environments and builds productive relationships.

• Agility and adaptability; comfortable managing shifting priorities, adjusting work schedules as needed, and responding to evolving organizational and privacy needs.

• Reliability; maintains a consistent record of punctuality, dependability, and follow-through with assignments and responsibilities.

• Proper handling of personally identifiable information (PII); exercises the highest standards of care in handling sensitive information, ensuring compliance with federal privacy regulations and internal policies.

• Excellent customer service and interpersonal skills; provides courteous, responsive, and professional service to both internal and external stakeholders, helping to foster a positive and collaborative work environment.

• Effective communicator: conveys complex privacy regulations and information clearly, both orally and in writing, tailored to diverse audiences.

• Integrity; upholds ethical standards, confidentiality, and honesty in all work-related matters.

• Team player: collaborates productively with colleagues at all levels to achieve organizational goals and promote best practices.

Education: Bachelor's degree

Location: Remote delivery possible but some ad-hoc travel is anticipated

Clearance: Ability to obtain HHS Public Trust.

Strategic Analysis, Inc. is an Equal Opportunity employer and is committed to non-discrimination in employment. All qualified applicants will receive consideration for employment without regard to race, color, religions, sex (including pregnancy, sexual orientation, or gender identity), national origin, disability (physical or mental), age (40 or older), protected veteran status, genetic information (including family medical history) or any other characteristic protected by law. This policy includes but is not limited to the following employment actions: recruitment, hiring, firing, promotion, demotion, compensation, fringe benefits, training, mentoring and sponsorship programs.