Privacy Manager - Mayor's Office of Data & Innovation

About The Position

Requirements

• Bachelor’s degree from an accredited college or university in Public Administration, Public Policy, Information Technology, Law, Cybersecurity, or a closely related field, plus three (3) years of professional experience in data privacy, compliance, risk management, or data management OR an equivalent combination of related education and experience.
• Must possess or be able to obtain a professional privacy certification (e.g., CIPP/US, CIPT, or CIPM) and complete privacy-related trainings/workshops offered by the Utah State Office of Data Privacy within one (1) year of hire.
• In addition to the required certification and training, the candidate must be familiar with the GDPA and Utah Government Records Access and Management Act (GRAMA) requirements.
• Due to the nature of this position, the successful applicant must pass a required background check through fingerprinting and enrollment in the continuous RAP Back (Record of Arrest and Prosecution Back) program in accordance with current County Human Resources policy requirements.

Responsibilities

• Manages Countywide privacy functions and responsibilities in accordance with the Utah Government Data Privacy Act (GDPA).
• Establishes and maintains Countywide privacy policies, standards, procedures, and templates to ensure compliance with federal and state laws (including GDPA, GRAMA, HIPAA, PCI, CJIS Compliance, and other related data and privacy governance laws).
• Supports and coordinates responsible data sharing activities within the County and with external partners in alignment with applicable laws, policies, and standards.
• Prepares strategies and implementation plans to catalog County data, identify high-risk processing activities, and document data sharing, selling, and purchasing activities.
• Partners with agency data coordinators to ensure privacy, transparency, and ethical data use are systematically integrated into agency operations, data sharing practices, program evaluations, and technology solutions.
• Designs and delivers privacy training programs for County employees to ensure compliance with the GDPA and to foster a culture of data stewardship.
• Establishes and manages Countywide processes to ensure privacy notices are issued and kept current for all programs and services that collect or use personal data, including website privacy notices.
• Ensures third-party contracts include and enforce provisions requiring compliance with Utah’s GDPA for any vendor with access to County personal data.
• Develops protocols for individual or legal guardians of an individual to request access, amendments or corrections, and data explanations upon request.
• Establishes guidelines and procedures to ensure the information of “at-risk employees” is protected.
• Performs regular audits of data handling practices and access controls to ensure adherence to the "minimum necessary" principle.
• Conducts and oversees Privacy Impact Assessments (PIA) for new systems, programs, or third-party vendor contracts to identify and mitigate privacy risks.
• Works closely with the County’s Records Officer to ensure appropriate records series, data classifications, and data retention schedules are maintained.
• Collaborates with Information Technology (IT), the IT Security Team, and the Cyber Security Incident Response Team (CSIRT) to investigate, document, and remediate potential data breaches or unauthorized disclosures, and coordinate breach notifications when required.
• Coordinates with various working groups under the Technology Advisory Board (TAB) to ensure privacy compliance.
• Monitors changes in state and federal privacy laws and provides recommendations to the Director, Mayor’s Executive Team, and the County regarding policy updates.
• Serves as a point of contact for public inquiries regarding how the County collects, uses, and protects resident data.

Benefits

• Retirement options for hybrid pension/401(k) or 401(k) only with a 10% contribution
• Medical coverage, including a 100% county-paid premium option, Dental and Vision coverage, including coverage for adult designees
• Health Savings account with a county contribution up to $1200/year, Flexible Spending Account
• 100% county-paid Long-Term Disability and Short-Term Disability option
• Professional Development, including professional membership fees paid
• Tuition Reimbursement
• On-site medical clinic and gym; pet insurance, auto and home insurance, and discounts at County facilities.