State Chief Privacy Officer (SCPO)
EXEC AIDE VII
Recruitment #23-007648-0001
Department | Governor's Office |
---|---|
Date Opened | 3/8/2023 09:00:00 AM |
Filing Deadline | 4/6/2023 11:59:00 PM |
Salary | $106,849.00 - $165,780.00/year, commensurate with experience. |
Employment Type |
Full-Time
|
HR Analyst | Leah Lastner |
Work Location |
Anne Arundel
|
Introduction
GRADE
LOCATION OF POSITION
POSITION DUTIES
General Purpose: The SPCO is
responsible for developing and leading the State’s privacy program and
initiatives that enable the Governor and executive branch of Maryland state government
to effectively comply with legal, regulatory, and ethical obligations with
respect to privacy and associated data protection matters. The position is
responsible for monitoring program compliance, investigation and tracking of
incidents and breaches, and ensuring citizens’ rights. In all cases the
candidate will follow federal and state laws and will work closely and
collaboratively with leaders and stakeholders throughout the executive branch.
Responsibilities:
●
Provide the Governor and his staff
with advice, recommendations, and consultation about data privacy;
●
Supervise and direct efforts of
State units to protect and secure personally identifiable information and other
types of confidential or sensitive information;
●
Develop and manage the implementation of State
information privacy policies that are:
○
Comprehensive, coordinated, and
continuous; and
○
Balance the State’s need for
information collection and:
■
risks to the public; and
■
the costs of collection;
●
Establish privacy requirements to
be incorporated into agreements to share data;
●
Create and maintain inventories of
sources of and systems containing personally identifiable information held by
the State;
●
Oversee the conduct of privacy
impact assessments; and
●
Assist State units with:
○
Identifying, matching, and merging
corresponding personally identifiable information;
○
Drafting agreements and contracts
for sharing, processing, storing, accessing, transmitting, or disposing of
personally identifiable information;
○
Responding to audits of privacy
and security of personally identifiable information;
○
Reducing:
■
duplicative requests for
personally identifiable information; and
■
the amount of personally
identifiable information collected and retained to only that necessary for the
proper performance of the State unit’s authorized functions;
○
Properly accounting for and
budgeting the costs and resources needed to protect and securely dispose of
personally identifiable information; and
○
Providing training to State unit
employees about State information privacy policies;
●
Direct units in the construction
of privacy programs consistent with standards
●
Participate in the development
process of major IT development projects that will contemplate either
personally identifiable information and/or personal health information
●
Build a strategic and
comprehensive privacy program that defines, develops, maintains, and implements
policies and processes that enable consistent, effective privacy practices that
minimize risk and ensure the confidentiality of protected information, paper
and/or electronic, across all media types. Ensures privacy forms, policies,
standards, and procedures are up-to-date;
●
Work with each State unit and the
State Chief Information Security Officer (SCISO) to establish governance for
the privacy program;
●
Collaborate with the SCISO to
ensure alignment between security and privacy compliance programs, including
policies, practices, investigations, and acts as a liaison to the information
systems department;
●
Establish, with the SCISO, an
ongoing process to track, investigate, and report inappropriate access and
disclosure of protected information. Monitor patterns of improper access and/or
disclosure of protected information;
●
Perform or oversee initial and
periodic information privacy risk assessment/analysis, mitigation, and
remediation;
●
Develop, deliver, and oversee
initial and ongoing privacy training to the workforce;
●
Work cooperatively with applicable
State units in overseeing customer rights to inspect, amend, and restrict
access to protected information when appropriate;
●
Assist with breach determination
and advise agency Chief Privacy Officers on notification processes under
applicable State breach rules and requirements;
●
Establish and administer a process
for investigating and acting on privacy and security complaints;
●
Maintain current knowledge of
applicable federal and state privacy laws and accreditation standards;
●
Work with organization
administration, legal counsel, and other relevant parties to represent the
organization’s information and interests with external parties (state or local
government bodies) who undertake to adopt or amend privacy legislation,
regulation, or standards;
●
Serve as an information privacy
resource to the executive branch regarding the release of information and all
departments for all privacy-related issues.
●
Provide overall vision for and
collaborative leadership of the executive branch’s privacy and associated data
protection governance and compliance initiatives.
●
Represent the Privacy function on
appropriate cross-executive branch management committees and initiatives.
●
Responsible for reviews, updates,
and development as necessary of the executive branch’s privacy and data
protection policies and procedures, working closely with the Offices of the
Governor’s Legal Counsel, Chief Information Officer, Chief Information Security
Officer, Chief Data Officer and all other appropriate stakeholders.
●
Advise the executive branch’s
Information Technology, Data Management, and Human Resources functions on the
privacy risks and considerations implicated by the executive branch’s adoption
of new initiatives, processes or technologies, including the preparation, or
overseeing the preparation, of privacy impact assessments where appropriate.
●
In cooperation with Information
Security, Data Management and other stakeholders, develop and implement an
executive branch-wide privacy and associated data protection training and
awareness program that fits the executive branch’s unique structure and culture
and that coordinates closely with the executive branch-wide Information
Security and Data Management training and awareness program.
●
Provide support for incidents with
potential data privacy implications, working closely with the Chief Data
Officer, Chief Information Officer, HR (where appropriate), Public Relations,
Office of Governor’s Legal Counsel, and other relevant stakeholders.
●
Develop and implement directly a
program to monitor privacy and data protection regulatory developments of
significance to the executive branch, and to highlight key such developments to
the Governor along with recommendations for needed actions in response.
●
Prepare and present reports on the
operation and progress of privacy and associated data protection compliance and
risk management efforts on a regular basis as requested for the Governor and
his cabinet.
MINIMUM QUALIFICATIONS
The successful
candidate will have many or preferably all of the following qualifications and
experience:
●
Comprehensive knowledge and
understanding of data privacy and data protection laws and concepts.
●
Experience in drafting and
deployment of policies and procedures, as well as workforce awareness and
training.
●
Experience designing and advising
data incident investigations.
●
An advanced degree (e.g. Master’s,
JD, or PhD) in a relevant field, with at least 5 years of experience in
relevant areas.
●
Experience or skills in related
areas such as information technology, information security, legal ethics,
negotiations.
●
A Certified Information Privacy
Professional (CIPP) or Certified Information Privacy Manager (CIPM)
certification from the International Association of Privacy Professionals
(IAPP)
In addition to the
years of experience, a successful candidate will also have demonstrated:
●
A collaborative leadership style
that engages others, earns trust, and influences the entire organization. The
successful candidate will feel comfortable with, and energized by, the prospect
of communicating and gaining acceptance for their ideas and programs across a
complex and diverse governance organization.
●
A track record of demonstrating
and successfully applying the following characteristics:
●
Excellent ability to simplify
information and concepts, to formulate options and recommendations, and to
communicate with all levels of management and workforce to achieve objectives.
●
Steady and resolute manner that
inspires confidence and trust.
●
States and maintains position
backed by facts, while working through differences and alternative views in a
respectful and commercial-minded manner.
●
Effective listener - probes,
surfaces, and shares new ideas and ways of doing things.
●
High energy, highly resilient, and
resourceful.
●
A “self-starter” motivated by the
achievement of the firm, the team, and themselves – in that order.
●
Organized, with the ability to
manage and prioritize multiple priorities and work projects.
●
A team player, with the ability to
organize, assign, and track completion of work by direct and indirect team
members.
●
Flexible and adaptable, even while
maintaining a keen focus on objectives.
●
Leads by example – hands on role
model.
●
Highest personal standards of
integrity.
BENEFITS
FURTHER INSTRUCTIONS
To apply, please submit your resume to Allisa Mason at allisa.mason@maryland.gov by the deadline, April 6th, 2023 at 11:59PM.
For questions regarding this recruitment, please contact the DBM Recruitment and Examination Division at Application.Help@maryland.gov or 410-767-4850, MD TTY Relay Service 1-800-735-2258.
We thank our Veterans for their service to our country.
People with disabilities and bilingual candidates are encouraged to apply.
The State of Maryland is committed to diversity among its staff, and recognizes that its continued success requires the highest commitment to obtaining and retaining a diverse staff that provides the best quality services to supporters and constituents. The State of Maryland is an equal opportunity employer and it is our policy to recruit, hire, train, promote and administer any and all personnel actions without regard to sex, race, age, color, creed, national origin, religion, economic status, sexual orientation, veteran status, gender identity or expression, ethnic identity or disability, or any other legally protected basis. The State of Maryland is committed to providing reasonable accommodations to individuals with disabilities in the hiring process and on the job, as required by applicable law. The State of Maryland will not tolerate any unlawful discrimination and any such conduct is strictly prohibited.