System Privacy Analyst Details

Excel Technologies - Arlington, VA

Employment Type : Full-Time

Excel Technologies, LLC is a woman-owned small business established in 2003. We provide high-quality service and personalized attention in system and software architecture and engineering, information systems, and organizational resiliency. We are a client and employee-centric firm that embraces innovative approaches to solving the toughest problems faced by our clients. We're looking for individuals who bring a passion to client service, a commitment to mission, a sense of the possible, and a strong desire to grow as we grow.


Our mission is simple: We are committed to serving the American people by supporting the work our government does on behalf of the nation. We'll bring you a great group of colleagues, a robust infrastructure, a flexible benefits package, and a highly innovative, employee-centric, company culture if you bring us the following (if you have most, but not all, please feel free to apply!).


If interested in this position and for fastest consideration, please provide a recently updated resume showcasing your skills against the following position requirements.

Candidate will need to be clearable by FDIC and a US Citizen


Privacy Control Assessor


KEY FUNCTIONS

  • The primary focus will be helping master the processes for the incumbent , to include tracking work throughout all parts of the privacy life cycle (PIAs, PTA, SORNS, Privacy risk assessment, etc.), supporting customer work flows, aiding with the breach response process, and bringing order, structure and repeatable process to the program. In other words, more privacy admin up front with a strong focus on detail-oriented. Finding efficiencies in the performed tasks, automating, and identifying areas of improvement to integrate consideration of privacy risk into all workflows. In a later phase the officer will work on the larger strategic focus, helping to re-envision the overall operation and mature it to best in class in privacy.
  • The position is full time remote through late 2021, with customer evaluating if position could be part-time remote.
  • The position is considered mid level position with 3+ years of relevant experience required.

SELECTED RESPONSIBILITIES

  • Implement specific privacy countermeasures for systems and/or applications.
  • Perform privacy reviews, identify gaps in privacy architecture, and develop a privacy risk management plan.
  • Plan and recommend modifications or adjustments based on exercise results or system environment.
  • Assess the effectiveness of privacy controls.
  • Assess all the configuration management (change configuration/release management) processes
  • Implement system privacy measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
  • Implement and maintain FDIC organization-wide privacy policies and procedures
  • Performs ongoing privacy compliance monitoring activities.
  • Analyze and report organizational privacy posture trends.
  • Analyze and report system privacy posture trends.
  • Apply privacy policies to meet privacy objectives of the system.
  • Ensure all systems privacy operations and maintenance activities are properly documented and updated as necessary.
  • Ensure that privacy-enabled products or other compensating privacy control technologies reduce identified risk to an acceptable level.
  • Properly document all systems privacy implementation, operations, and maintenance activities and update as necessary.
  • Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
  • Verify minimum privacy requirements are in place for all applications.
  • Provides privacy recommendations to leadership based on significant threats and vulnerabilities.
  • Work with stakeholders to resolve computer privacy incidents and vulnerability compliance.
  • Monitor systems development and operations for privacy compliance
  • Identify potential company compliance gaps and/or areas of risk to ensure full compliance with privacy regulations

QUALIFICATIONS SKILLS


  • Skill in assessing privacy impact on system’s designs.
  • Skill in evaluating the adequacy of privacy compliant designs.
  • Skill in recognizing privacy vulnerabilities in information systems.
  • Skill to apply privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication).

REQUIRED ABILITIES

  • Ability to apply privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Ability to share meaningful insights about the context of an organization’s privacy threat environment that improve its risk management posture.
  • Ability to ask clarifying questions.
  • Ability to collaborate effectively with others.
  • Ability to participate as a member of planning teams, coordination groups, and task forces as necessary.

REQUIRED KNOWLEDGE

  • Knowledge of privacy and cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of privacy related laws, policies, procedures, and governance relevant for critical infrastructures.
  • Knowledge of impact of privacy objectives, security objectives, and operational objectives, on network design processes and trade-offs.
  • Knowledge of privacy vulnerably within the system
  • Knowledge of privacy principles.(NIST 800-122, NISTIR-8062)
  • Knowledge of information technology (IT) risk management policies, requirements, and procedures.
  • Knowledge of privacy and security management.
  • Knowledge of an organization's information and data classification program and procedures to avoid privacy and information compromise.
  • Knowledge of Personally Identifiable Information (PII) data privacy standards.
  • Knowledge of cyber threats and general privacy vulnerabilities.
  • Knowledge of laws, regulations, policies, and ethics as they relate to privacy
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

REQUIREMENTS


  • 3 to six years of experience and the equivalent of a BS/BA
  • Direct privacy experience or certifications may substitute for the academic credentials.
  • US Citizenship mandatory

Posted on : 3 years ago