United States – Must Work East Coast Hours
Up to 10% Travel
Primary Purpose and Goal of Role
The privacy officer shall oversee all ongoing activities related to the development, implementation, and maintenance of the practice/organization's privacy policies in accordance with applicable federal and state laws .
- Provide subject matter expertise in privacy and security process analysis, including incident response reporting and resolution.
- Work with senior-level management, providing program implementation support, and making recommendations for process improvement both verbally and in writing.
- Effectively communicate to a variety of audiences and develop compelling recommendations and supporting documentation.
- Other duties as assigned.
- Develop, update, and/or review RMF documentation
- Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies
- Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes
- Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
- Assess system compliance against NIST, DoD, and DHA security requirements to include the NIST 800-53 controls and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
- Produce evidence as necessary to support compliance status of NIST, DoD, and DHA security requirements
- Work with system administrators, engineers, and ISSM to create or update system/site policies, procedures, and process guides
- Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories
- Analyze vulnerability scans of information systems and assist in remediation task
- Bachelor’s degree in Cybersecurity, Information Technology, or related field required; Master’s degree preferred
- Professional certification in an information security domain such as DoD 8570-compliant (CompTIA Security+ certified)
- minimum 3+ years of experience in a privacy, data protection, and/or information security compliance role.
- 2+ years’ experience in a consulting environment with a federal client–facing focus.
- 2+ years’ experience directly related to privacy and security operations, including enforcement of the Privacy Act and Federal Information Management Security Act.
- Demonstrated experience assessing risk and advising on organizational controls. Compliance or auditing experience also advantageous.
- Must have at least one of the following professional certifications: CIPP/US, CIPP/E, CIPT, CIPM, CIPP/C, CISSP.
- Excellent working knowledge of privacy and data protection laws, including the EU GDPR, UK GDPR, CCPA/CPRA and HIPAA.
- Experience in conducting risk assessments and making recommendations to remediate risk.
- Experience using various privacy compliance platforms
- Excellent written and verbal communication skills.
- Ability to deliver clear, practical, and pragmatic written and oral communications.
- Excellent interpersonal and organizational skills.
- Strong critical thinking skills.
- Authorized to work in United States without the need for visa sponsorship now or in the future
- Experience supporting privacy incident response in medium organizations.
- Experience communicating privacy risks and mitigations to system owners and administrators.
- Experience developing and documenting business process improvement documentation, gap analyses, and risk management artifacts.
- Experience supporting training and stakeholder outreach for privacy compliance activities.
- Experience building relationships with senior-level federal officials and performing subsequent stakeholder management.
- Ability to complete individual tasks effectively, work in a team environment, and be proactive with little guidance.
- Ability to think critically and analyze a wide variety of complex problems.
- Ability to perform roles and responsibilities.
- Detailed understanding of emerging privacy trends, tools, and legislative developments.
- Experience implementing Privacy by Design into information systems.
- Experience with office automation tools such as Microsoft O365, including SharePoint and Teams.
- Demonstrated experience with Risk Management Framework (experience under DHA a plus)
- Demonstrated efficiency and experience in RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, system/site policies, procedures, and processes, architecture diagrams, and hardware/software inventories
- Experience in assessing systems using NIST 800-53 and/or DISA STIGs and SRGs
- Excellent customer service and organization skills
- Excellent oral and written communication skills
- Familiarity with NIST publications
Quzara LLC is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring based on sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law.