Privacy Risk Assessor - Military veterans preferred

Description:

Job Title: Privacy Risk Assessor

Department: Operations - Services

Reports To: RavenTek Program Manager

Location: Remote

Schedule: Monday - Friday

Hours: Full-time, 40-hours/week

FLSA Status: Exempt

Clearance: Ability to obtain a Public Trust

Position Summary

The Privacy Risk Assessor position will support the U.S. Securities and Exchange Commission (SEC), providing support to other Units and Offices within the SEC to ensure the success of the program's mission. The performance of the Privacy Risk Assessor position is key to RavenTek's performance on the SEC program, and therefore RavenTek's mission to support the customer.

Essential Duties and Responsibilities

• Apply strong consulting skills, privacy expertise, and cybersecurity knowledge to support clients in managing privacy risks, strengthening privacy posture, and preparing for future needs.
• Assess compliance and maturity of Federal privacy programs against Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) privacy requirements and standards.
• Conduct privacy controls assessments (PCA) for new and modified systems and projects utilizing NIST guidance.
• Develop and maintain plans of action and milestones (POA&Ms) and supporting documentation to complete a Security Assessment & Authorization (SA&A) package.
• Develop privacy continuous monitoring plans and implementation strategies.
• Review and support the development of privacy compliance documentation, including Privacy Threshold Analysis (PTAs) and Privacy Impact Assessments (PIAs).
• Develop and monitor the implementation of policy and procedures to support information and privacy security goals and operations.
• Develop changes in policy or strategy to support new initiatives or required changes.
• Manage information security implications within the organization as directed by leadership.
• Apply specific functional knowledge, working/general industry knowledge.
• Develop or contribute to solutions to a variety of problems of moderate scope and complexity.
• Work independently with some guidance; may review or guide activities of more junior employees.
• Provide Monthly Status Report (MSR) to RavenTek Program Manager by deadline provided.
• Enter actual time worked, once complete, at the end of the day, or no later than 10:00 a.m. the following workday, and submit timesheets at the end of each pay period.
• Monitor and respond to RavenTek email a minimum of 3 times per week.
• Other duties as assigned.

Qualifications, Knowledge, and Critical Skills

• Possession of excellent verbal and written communication skills and interpersonal skills, including developing collegial relationships with colleagues at all levels.
• Possession of excellent analytical skills, including attention to detail.
• Ability to work in a team environment in a positive manner.
• Can maintain a high level of professionalism in a fast-paced work environment.
• Be able to work both independently and under supervision.

Education & Work Experience

• Bachelor's degree and 2-4+ years of directly related experience or master's degree and 0-2+ years directly related experience.
• Years of experience or certifications may be accepted in lieu of degree.
• 5+ years of experience working in a professional environment.
• 2+ years of experience with supporting federal privacy programs.
• Experience with assessing maturity and compliance of privacy programs using different frameworks and standards.
• Experience managing and leading others.
• Experience with developing business process recommendations and implementation roadmaps.
• Experience with implementing privacy requirements from the OMB and NIST.
• Experience developing compliance documentation, including System Privacy Plans, PTAs, PIAs, and System of Record Notices (SORNs).
• Experience with various Governance, Risk, and Compliance (GRC) tools for monitoring and tracking privacy controls.
• Experience with advising senior level staff of privacy concerns or risks identified in new initiatives, programs, projects, or systems and proposing mitigation strategies to address those concerns or risks.
• Experience with collaborating and giving presentations to diverse stakeholders, including business focused teams, legal, and security teams at all organizational levels.

Certifications, Licenses

• CISA, CIPP/US, CIPP/G, CIPT, CIPM or CDPSE Certification is preferred.

Special Requirements

• Subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Work Environment

Employee will be working indoors in an office environment. Potential moderate temperature fluctuations. Typical indoor and computer related noise level, and typical office, paper, and equipment related dust. Exposure to video display terminals occurs on a regular basis.

Physical Demands

Employee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk, see and hear. Most positions require the ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Regular and predictable attendance is essential.

ADA: RavenTek will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990.

EEO/AA: RavenTek does not discriminate on the basis of race, color, national origin, sex, religion, age, disability, sexual orientation, gender identity, veteran status, height, weight, or marital status in employment or the provision of services and is an equal access/equal opportunity/affirmative action employer.

This job description will be reviewed periodically as duties and responsibilities change with business necessity. Essential and marginal job functions are subject to modification. This job description is not intended to be an all-inclusive list of duties and standards of the position.

Requirements:

PI239066280