Privacy Program Consultant

About The Position

Requirements

• Bachelor's degree in computer science, data science, healthcare administration, or related field is required.
• Three (3) years experience in developing and overseeing privacy programs.
• To include compliance, governance, risk management, and/or internal audit management.

Nice To Haves

• A certification in one or more of the following: Privacy Management (CIPM), Information Privacy Professional (CIPP), Healthcare Privacy Compliance (CHCP), or Certification as AI Governance Professional (AIGP).
• Working knowledge of one or more of the following: Fair Information Practice Principles, NIST privacy framework, privacy by design, privacy by default, and data mapping.

Responsibilities

• Work with the SCPO to create policies that align with applicable state and federal laws and regulations and FIPPs principles.
• Recommend to and coordinate with agency personnel best practices in the development and implementation of privacy policies, procedures, training, and guidelines that promote the privacy, security, integrity, confidentiality, and reliability of PII.
• Support agencies on the administration of privacy risk management framework(s) (currently, NIST privacy frameworks) to objectively determine an agency’s privacy program maturity and to assist in the development of strategies, plans, policies and metrics that meet the agencies’ overall privacy risk management priorities.
• Coordinate with Department of Information Technology and agency staff to promote effective communication and coordination as it relates to implementation of DoIT privacy policies, federal and State laws, and regulations.
• Coordinate with designated agencies to perform privacy impact assessments (PIAs) on a regular basis that measure the effectiveness of an agency’s privacy controls.
• Support agency completion of PIAs and improvement plan development, as necessary, prior to the implementation of new technologies or systems that process PII, whenever current system changes affect how PII is processed, new PII elements are processed, and other changes as may be identified.
• Provide reports related to agency implementation of corrective action plans resulting from PIA performance.
• Coordinate and develop aggregated reports regarding an agency’s privacy risk, such as but not limited to, the identification and assessment of privacy risk, privacy incident and breach management, implementation of privacy enhancing technologies and mechanisms, and PII inventory management.

Benefits

• Contractual employees who work for an agency covered under the State Employee and Retiree Health and Welfare Benefits Program, have a current employment contract and work 30 or more hours a week (or on average 130 hours per month) may be eligible for subsidized health benefits coverage for themselves and their dependents.
• As a contractual employee, you will be responsible for paying 25% of the premiums for your medical and prescription coverage, including any eligible dependents you have enrolled.
• The State of Maryland will subsidize the remaining 75% of the cost for these benefits.
• You can also elect to enroll in dental coverage, accidental death and dismemberment insurance, and life insurance, but will be responsible to pay the full premium for these benefits.
• Leave may be granted to a contractual employee at a rate of one hour for every 30 hours worked, not to exceed 40 hours per calendar year.