user avatar

Privacy and Controlled Unclassified Information Lead

Koniag Government Services

Posted today

Job Requirements

Washington, DC
Public Trust Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries

Job Description

Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a Privacy and Controlled Unclassified Information Lead to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.

We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.

Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Privacy and Controlled Unclassified Information (CUI) Lead to support the U.S. Small Business Administration (SBA). The ideal candidate is a seasoned privacy and information protection professional with deep expertise in federal privacy law, CUI program management, and the development and implementation of comprehensive privacy and information protection frameworks within federal government environments. This individual will serve as the primary subject matter expert (SME) for all privacy and CUI program activities at the SBA, providing strategic guidance, technical leadership, and hands-on program management to ensure the agency's full compliance with applicable federal privacy regulations, CUI requirements, and data protection obligations.

The Privacy and CUI Lead will serve as the senior expert responsible for leading and managing SBA's privacy and CUI programs, ensuring the agency's information handling practices, policies, and technical controls align with federal privacy laws, CUI regulations, and applicable NIST guidelines.

Principal responsibilities will include but are not limited to:
  • Serve as the primary subject matter expert (SME) and program lead for SBA's privacy and CUI programs, providing strategic direction, technical guidance, and hands-on leadership to ensure the agency's full compliance with all applicable federal privacy laws, CUI regulations, and information protection requirements.
  • Lead the development, implementation, and continuous improvement of SBA's CUI program in accordance with 32 CFR Part 2002, the National Archives and Records Administration (NARA) CUI Registry, applicable executive orders, and federal directives governing the identification, marking, handling, safeguarding, dissemination, and disposition of CUI across SBA's enterprise.
  • Oversee the identification, categorization, marking, handling, safeguarding, and disposition of CUI across SBA's enterprise environment, ensuring all personnel, contractors, and systems that create, process, store, or transmit CUI comply with established CUI program requirements and applicable federal standards.
  • Lead the development, implementation, and continuous improvement of SBA's privacy program in accordance with the Privacy Act of 1974, the E-Government Act of 2002, OMB Circular A-130, applicable OMB privacy memoranda, and NIST SP 800-122 and related privacy frameworks and guidelines.
  • Develop, review, and maintain all privacy program documentation, including Privacy Impact Assessments (PIAs), System of Records Notices (SORNs), Privacy Threshold Analyses (PTAs), privacy policies, procedures, and program plans, ensuring accuracy, completeness, currency, and full alignment with applicable federal requirements.
  • Collaborate with SBA IT teams, system owners, program offices, procurement officials, and legal counsel to embed privacy and CUI requirements into system design, development, procurement, data sharing, and operational processes throughout the system development lifecycle (SDLC) and acquisition lifecycle.
  • Design, develop, and deliver comprehensive privacy and CUI awareness training programs, briefings, job aids, and educational materials for SBA personnel at all levels, including leadership, program staff, IT personnel, and contractors, fostering a strong culture of privacy and information protection across the agency.
  • Plan and conduct privacy and CUI compliance assessments and audits across SBA's enterprise, identifying compliance gaps, risks, and areas of non-compliance, and developing detailed corrective action plans and remediation recommendations to address identified deficiencies.
  • Support the integration of privacy and CUI requirements into SBA's NIST Risk Management Framework (RMF) and Authorization to Operate (ATO) processes, ensuring privacy controls are appropriately selected, implemented, assessed, and documented in accordance with NIST SP 800-53 and related guidelines.
  • Monitor and analyze changes to federal privacy laws, regulations, executive orders, and OMB guidance, assessing their impact on SBA's privacy and CUI programs and proactively leading the implementation of required program updates, policy revisions, and operational changes.
  • Investigate and manage privacy incidents and CUI breaches, coordinating with SBA's incident response team, legal counsel, senior leadership, and relevant oversight bodies to contain incidents, assess impact, fulfill breach notification requirements, and implement corrective measures to prevent recurrence.
  • Develop and maintain comprehensive privacy and CUI program metrics, dashboards, and reporting mechanisms to track program performance, compliance status, incident trends, and risk levels, providing regular updates, reports, and briefings to SBA leadership and stakeholders.
  • Serve as SBA's primary liaison with external stakeholders, including NARA, OMB, DHS, and other federal agencies, on privacy and CUI program matters, representing the agency's interests and ensuring alignment with governmentwide privacy and CUI program initiatives and mandates.
  • Lead the development and maintenance of SBA's enterprise data inventory and data flow documentation, ensuring accurate identification, mapping, and classification of personally identifiable information (PII), sensitive PII (SPII), and CUI across SBA's systems, business processes, and data sharing arrangements.
  • Provide expert guidance and advisory support on privacy and CUI considerations related to emerging technologies, cloud adoption, artificial intelligence, data analytics, data sharing agreements, third-party vendor relationships, and other evolving areas of risk to SBA's information protection posture.

Education and Experience:

Required:
  • Bachelor's degree in Information Management, Cybersecurity, Law, Public Administration, Information Technology, or a related field from an accredited college or university.
  • 8+ years of progressive experience in privacy program management, CUI program management, information assurance, or a closely related field, with at least 3 years in a lead or senior role managing federal privacy and/or CUI programs.
  • Demonstrated experience managing federal privacy and/or CUI programs within a federal government agency or in direct support of a federal government customer.
  • In-depth knowledge of federal privacy laws, regulations, and guidance, including the Privacy Act of 1974, E-Government Act of 2002, OMB Circular A-130, and applicable OMB privacy memoranda and directives.
  • Comprehensive knowledge of CUI program requirements, including 32 CFR Part 2002, the NARA CUI Registry, and applicable executive orders and federal directives governing CUI program implementation within federal agencies.
  • One or more of the following certifications:
  • Certified Information Privacy Professional/Government (CIPP/G)
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Privacy Technologist (CIPT)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)

Desired:
  • Master's degree in Law, Information Management, Public Administration, Cybersecurity, or a related field.
  • 10+ years of experience in federal privacy and/or CUI program management, with demonstrated experience supporting a federal civilian agency of similar size and complexity to the SBA.
  • Juris Doctor (JD) or paralegal certification with a focus on privacy law, federal regulatory compliance, or information governance.

Required Skills and Competencies:
  • Exceptional communication skills in English - both written and oral - with the ability to clearly and effectively communicate complex privacy, CUI, and regulatory compliance concepts to diverse audiences, including technical staff, program managers, procurement officials, legal counsel, and senior agency leadership.
  • Deep expertise in federal privacy law and regulation, including the Privacy Act of 1974, the E-Government Act of 2002, OMB Circular A-130, and applicable OMB privacy memoranda, guidance documents, and federal privacy policy directives.
  • Comprehensive knowledge of CUI program requirements, including 32 CFR Part 2002, the NARA CUI Registry, CUI marking and handling standards, CUI registry categories and subcategories, and the implementation and management of CUI programs within federal agencies.
  • Strong experience developing, reviewing, and maintaining federal privacy program documentation, including PIAs, SORNs, PTAs, privacy policies, procedures, and privacy program plans, ensuring accuracy, completeness, and alignment with applicable federal requirements.
  • Proficiency in applying NIST privacy frameworks and guidelines, including NIST SP 800-53 (Privacy Controls), NIST SP 800-122, and the NIST Privacy Framework, to the design, implementation, and assessment of federal agency privacy programs.
  • Experience supporting the NIST RMF and ATO process, including the selection, implementation, assessment, and documentation of privacy controls within system authorization packages in accordance with NIST SP 800-53 and NIST SP 800-53A.
  • Demonstrated ability to design and deliver effective privacy and CUI awareness training, briefings, and educational programs tailored to diverse federal agency audiences at all organizational levels.
  • Experience planning and conducting privacy and CUI compliance assessments and audits, identifying compliance gaps and risks, and developing actionable corrective action plans and remediation strategies.
  • Strong understanding of personally identifiable information (PII), sensitive PII (SPII), and CUI concepts, data classification requirements, and best practices for the protection of personal information and controlled information within federal systems and business processes.
  • Experience investigating and managing privacy incidents and CUI breaches, including breach impact assessment, breach notification requirements, coordination with agency legal counsel and oversight bodies, and post-incident corrective action implementation.
  • Knowledge of data governance principles and demonstrated experience developing and maintaining enterprise data inventories, data flow diagrams, and information asset registers documenting PII, SPII, and CUI across complex federal IT environments.
  • Familiarity with cloud computing security and privacy considerations, including the privacy and CUI implications of cloud service adoption, FedRAMP authorized environments, and cloud-hosted data management practices.
  • Strong organizational and program management skills, with the ability to manage multiple concurrent priorities, competing deadlines, and diverse stakeholder relationships effectively in a dynamic federal government environment.
  • Ability to obtain and maintain a Public Trust Clearance.

Desired Skills and Competencies:
  • Prior experience supporting SBA or other federal civilian agency privacy and CUI programs, with demonstrated knowledge of SBA's mission, organizational structure, data assets, and information protection requirements.
  • Experience with privacy engineering concepts and the practical application of privacy by design principles in the development, procurement, and deployment of federal IT systems and applications.
  • Familiarity with emerging federal data protection legislation, executive orders, and OMB guidance related to artificial intelligence, automated decision-making, data sharing, and emerging technology privacy considerations and their implications for federal agency privacy programs.
  • Knowledge of federal records management principles and their intersection with privacy and CUI program requirements, including experience applying NARA records management guidance, federal records schedules, and records disposition requirements.
  • Experience developing, reviewing, and managing data sharing agreements, memoranda of understanding (MOUs), computer matching agreements (CMAs), and other data sharing instruments involving PII, SPII, or CUI.
  • Familiarity with SBA mission-specific data types, including small business program data, loan and financial assistance data, and disaster assistance data, and their associated privacy and CUI classification implications
  • Experience supporting federal agency responses to Freedom of Information Act (FOIA) requests and managing the intersection of FOIA processing with Privacy Act protections and CUI handling requirements
  • Knowledge of international privacy frameworks, including the General Data Protection Regulation (GDPR) and other international data protection regimes, and their potential applicability to SBA's international program activities and data sharing arrangements
  • Certified Information Privacy Professional/United States (CIPP/US) certification.
  • Experience implementing and managing privacy and CUI compliance monitoring capabilities, including data loss prevention (DLP) technologies, information rights management (IRM) solutions, and data classification tools within a federal IT environment.
  • Familiarity with the intersection of privacy and CUI requirements with supply chain risk management (SCRM) obligations, including the assessment of vendor privacy and CUI handling practices during federal acquisition and procurement processes.

Our Equal Employment Opportunity Policy

The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.

The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.

Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.

Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
group id: 10201473
Find Koniag Government Services on Social Media
Recruiters
user avatar
About Us
Koniag Government Services (KGS) supports the values and traditions of our Native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services, and Operational Management to Federal Government Agencies. We apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and Native communities. Through our wholly-owned subsidiary companies, including SBA Certified 8(a) and HUBZone companies, we provide exceptional service to our Government clients with a committed focus on: Community Mission. Solution Oriented. Exceptional People.

Koniag Government Services Jobs


Clearance Level
Public Trust