Privacy Program Manager

About The Position

Requirements

• Bachelor’s degree and JD highly recommended
• Certified Information Privacy Professional (CIPP) certification preferred
• 7+ years or more of experience supporting the federal sector working on compliance matters, and developing and implementing privacy policy
• 3 years or more leading and proven track record of maturing a privacy program
• Experience operationalizing privacy laws and requirements such as the Privacy Act of, E-Government Act, and privacy controls in Appendix J of SP 800.53 Revision 5, and privacy policies set forth by the Office of Management and Budget.
• Experience with developing privacy content for security and privacy annual and role-based training
• Excellent capability in development of executive briefings, strategic recommendations, and roadmaps
• Prior hands-on experience with data management, information governance, and policy development
• Prior experience analyzing IT solutions as compared to requirements
• Excellent communication skills and attention to detail
• Ability to develop effective and visually appealing executive briefings
• Self-starter with ability to manage own schedule and work independently to meet deadlines
• Experience working in teams on tasks to deliver a single-work product together
• Desire to work to grow skills and knowledge
• Must pass a background investigation for Public Trust level clearance

Nice To Haves

• Experience implementing the NIST Privacy Framework
• Experience with building a catalog and inventory of existing PII holdings that enables an agency to implement data security best practices
• Strong advisory skills

Responsibilities

• Develop, review, and maintain privacy policies and standard operating procedures to ensure it complies with federal laws (e.g., Privacy Act, E-Government Act), NIST guidance, FISMA requirements, and Commission policies.
• Develop review and maintain Privacy Threshold Assessments (PTAs) for all applicable Commission utilized systems.
• Develop, review, and maintain Privacy Impact Assessments (PIAs) for all applicable Commission utilized systems.
• Prepare responses to OMB information requests, data calls, and requests from other entities as required.
• Assist program offices with the development of System of Record Notices (SORN) for all applicable systems and review for privacy compliance sufficiency.
• Support the annual FISMA audit by developing, reviewing, and preparing responses for the Senior Agency Official for Privacy and reporting results in the DHS Cyber Scope application.
• Develop, review, and implement a process to support the reduction of unnecessary use of Social Security Numbers (SSNs) and Personally Identifiable Information (PII).
• Develop, maintain, and update privacy content and web policies on the Commission’s external and internal privacy webpages
• Provide privacy training to ensure Commission employees understand their responsibilities required by federal mandates.
• Provide privacy incident response support for all identified incidents including but not limited to drafting communication emails, drafting responses to federal entities, and drafting notification letters to impacted staff.
• Support the implementation of new privacy security tools as deemed appropriate.
• Review and respond to FedRAMP compliance documentation.
• Provide consultation to inquiries from senior leadership and other staff.
• Work collaboratively with the Information Assurance Team to test and evaluate privacy controls, to ensure the privacy controls are appropriately scoped and implemented correctly.
• Responsible for addressing privacy controls not implemented and documented in a system’s Privacy Plan of Action & Milestone (POA&M).
• Review Change Requests submissions that pertain to requested changes in the FERC Test Environment and Production Network as an IT Technical Review Board team member.

Benefits

• Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.