The Office of Management and Enterprise Services (OMES) is a trusted, credible partner that empowers employees to provide valued business expertise allowing customers to focus on their missions across state government. OMES provides financial, property, purchasing, human resources and information technology services to all state agencies, and assists the Governor’s Office on budgetary policy matters.
Our mission is supporting our partners through unified business services. The OMES mission requires a highly-qualified workforce committed to making government run in the most efficient, innovative manner possible. Achieving that mission takes team-oriented, solutions-driven professionals who understand the importance of partnering to achieve success.
OMES is seeking a full time Director of Privacy and Data Management. This is an unclassified position in state government. OMES offers a comprehensive Benefits Package, including a generous benefit allowance to offset the cost of insurance premiums for employees and their eligible dependents. For more information about the benefit allowance [click here].The annual salary for this position is based on education and experience.
This position is a key, client-focused role responsible providing oversight, direction, and management of our privacy and data management programs. The Director of Privacy and Data Management should be passionate about customer service, data and technology as well as eager to make a difference in the cybersecurity industry. This position will be charged to develop, maintain and govern privacy and data policies relating to cybersecurity, ensure all policies and standards are aligned to state business requirements, information technology strategy, privacy/legal/regulatory requirements and leading industry standard frameworks including the preliminary draft of the National Institute of Standards and Technology (NIST) Privacy Framework and ISO 27701.
• Plan, organize, and direct all operations and activities of the Privacy and Data Management programs
• Develop clear internal policies specifying the types and intended uses for collected data, working to identify how such information will be utilized.
• Guide stakeholders to navigate agency-specific privacy challenges associated with the collection, storage, processing and sharing of vast amounts of sensitive personal information.
• Aid stakeholders in putting protections in place, addressing privacy compliance and cybersecurity risks in complex IT service arrangements and outsourced platforms.
• Draft privacy policies and strive to implement privacy by design principles, wherever possible.
• Advise on critical privacy and security considerations that accompany the design and implementation of services throughout data life cycles.
• Conduct information asset inventories, data classification and data mapping to help stakeholders develop privacy and data security and tailored Incident Response Plans (IRPs) that comply with federal and state laws and industry best practices and provide roadmaps for satisfying regulatory compliance obligations in the event of a breach.
• Lead, motivate and manage technical teams.
• Oversee the collection, storage, management, quality and protection of data.
• Implement data privacy policies and comply with data protection regulations.
• Develop data strategies, systems and models to drive business and policy value from available data stores.
• Effectively communicate the status, value, and importance of data collection to executive members and staff.
• Assist agencies in preparing for third-party assessments and audits by creating information governance plans.
• Augment existing breach response strategies with additional data and privacy management best practices, and lead stakeholders in navigating the relevant state and federal breach notification requirements, when necessary.
Physical Demands and Work Environment
This position works in a comfortable office setting with a computer for a large percentage of the workday. The noise level in the work environment is usually mild. Occasional travel may be required.
Requirements include five years of experience in an information technology field, including two years in a supervisory, team lead, or project manager capacity, PLUS an additional two years of professional supervisory or administrative experience; or an equivalent combination of education and experience, substituting 12 semester hours in computer science or management information systems course work for each year of the required non-supervisory, leadership or management experience.