Description & Requirements
Essential Duties and Responsibilities:
- Maintain a working knowledge of US federal and state privacy laws for the company
- Maintain awareness of global privacy laws that apply to the company and how they impact the company’s privacy compliance posture
- Review proposals/solicitations to identify privacy risks and mitigations; communicate effectively with stakeholders
- Review contracts, subcontracts, licensing agreements, etc. and identify privacy requirements, risks, and contract mitigations
- Working knowledge and ability to identify required federal/state/global privacy controls for management review
- Draft privacy impact assessment for management review with assistance from senior team members
- Draft public facing privacy statements with assistance from senior team members
- Develop an understanding of Maximus operations, systems and systems integration
- Investigate and document the risk resulting from assigned privacy incidents, including applying legal analysis to make breach determination under all applicable standards, determine root causes, recommend sanctions, identify potential process improvements, including training recommendations.
- Participate in the breach notification process with internal and external stakeholders
- Review proposals and contract actions processed for the company prior to signature or negotiation, and ensure that all factors have been considered and all necessary information has been gathered.
- Periodically create, review, and/or revise Privacy Work Instructions and project-specific templates and other documents
- Conduct on-site and virtual project privacy audits to determine privacy compliance
- Identify and implement efficient methods for assessing privacy incidents and identifying and mitigating privacy risks in proposals and contracts
- Draft and review documents including Business Associate Agreements (“BAAs”), subcontractor, vendor agreements and other documents for privacy compliance
- Develop and provide privacy training for internal stakeholders as needed
- Provide guidance to internal stakeholders on privacy-related inquiries.
- Bachelor's degree in relevant field of study and 5+ years of relevant professional experience required, or equivalent combination of education and experience.
- JD from an accredited law school and admission to one or more State Bars is required.
- Current IAPP certification (required within six months of hire)
- Working knowledge of privacy laws and regulations (e.g., HIPAA, Privacy Act, GLBA, FCRA, GDPR, state consumer privacy rights laws and state breach notification laws)
- Ability to interact successfully with senior leaders (internal and external to the organization).
- Strong work ethic with a “can do” attitude.
- Self-starter, quick study and ability to manage deadlines.
- Able to work independently and in a team environment
- Executive presence and strong interpersonal skills.
- Experience interfacing with a wide variety of key stakeholders; a strong collaborator and team oriented.