San Jose, CA
- Builds and applies a strong working knowledge of the County’s mission and objectives, including the County’s privacy strategy and program, as well as knowledge of compliance and privacy concepts and practices (strategies, internal controls, information analysis, reporting, including trending and communication);
- Maintains an awareness of and monitoring advancements in information privacy technologies;
- Conducts privacy-related risk assessments (e.g., Assessment to support privacy integration through Privacy-by-Design, Privacy Impact Assessments), support incident response activities, and assist with integrating privacy into the software development life cycle (SDLC), data sharing projects, and other processes;
- Conducts basic usability evaluations to assess the usability and user acceptance of privacy-related features and processes;
- Identifies, develops, and aligns techniques to aggregate, anonymize, or de-identify data, and understand the limits of de-identification;
- Develops and communicates mitigation actions and design recommendations.
- Coordinates with developers, system owners, and others on remediation activities and alternate solutions to protect data and reduce risk;
- Develops technical solutions to help mitigate privacy vulnerabilities;
- Assists with documenting and assessing privacy risks associated with applications (and solutions in general) that are scheduled to be integrated in information systems; ranking and prioritizing these risks; and following up with developers and other stakeholders on remediation;
- Assists with vetting vendors and help to make sure that adequate privacy protections are embedded in solutions and processes;
- Help to ensure information systems designs adequately incorporate privacy controls around choice, consent, collection, notice, use, retention, and disposal, and third party disclosures where applicable;
- Performs research and advise Privacy Office management on applicable technology privacy trends, best practices, and risks;
- Integrates perspectives that span product design, software development, cyber security, human computer interaction, as well as business and legal considerations; and leverage team members when necessary;
- Works with team members and Privacy Office management to define and incorporate technology related privacy controls into the organization’s processes, initiatives, and development of information systems;
- Engages with cross-functional teams to investigate incidents that involved sensitive or personal information;
- Supports the development of technical privacy training and communication programs to educate and update employees on privacy requirements, best practices, and expectations;
- Lends expertise to enhance effectiveness of privacy enhancing technology (PET) controls;
- Assists and provides expertise to the organization’s departments to better identify and classify data and manage information throughout the information life cycle;
- Serves as a liaison to technical bodies for privacy related matters.
Training and Experience:
Sufficient education, training, and experience to demonstrate the possession and direct application of the following knowledge and abilities.
- The knowledge and abilities required to perform this function are attained through training and experience equivalent to possession of a bachelor’s degree from an accredited college in Information Systems, Computer Science, Communications, Information Privacy, Privacy Law, Data Management, or a related field.
- Two (2) years of experience in the privacy, legal, technology, compliance or information security fields, one (1) of which must have been working with medium to large scale information privacy or security projects.
- Relevant experience with a governmental entity and understanding or interpreting privacy regulations is desirable, but not required.
May be required to work irregular hours on occasion (e.g., due to a data breach or disaster event).
- Privacy engineering and design principles, practices, terminology, trends, and usage utilized by large complex organizations;
- Privacy-by-Design, best practices, terminology, and current trends in privacy;
- Knowledge of two or more of the following privacy laws or standards, such as: Fair Information Practice Principles (FIPPs), HIPAA/HITECH, PCI, FCRA, GLBA, FACTA, ISO, GAAP, SOC II, FERPA, COPPA, CCPA, NIST privacy and security standards and guidance, California data breach or other privacy related laws, or other relevant privacy frameworks;
- Information privacy or security forensic tools or privacy enhancing technologies;
- Technical understanding of information systems development, implementation, and maintenance;
- Experience with PII inventory, information classification, and privacy threat modelling;
- Experience in conducting privacy impact assessments (PIA);
- Optional: Wireless / mobile communications technologies and privacy issues, and wireless IT security systems, cloud technology and privacy concerns;
- Preferred, but not required, privacy certifications, such as: CIPP/US, CIPT.
- Support PIA activities and recommend technical solutions that provide the proper level of privacy protection over personal and sensitive information;
- Troubleshoot basic privacy and security problems and identify and recommend alternative solutions;
- Work and communicate effectively, both orally and in writing for technical and non-technical audiences;
- Write and produce presentations exceptionally well;
- Establish and maintain effective working relationships within the team and across departments;
- Operationalize and proactively assist in the implementation of privacy solutions;
- Collaborate with other technical professionals;
- Prepare detailed technical reports, analyses, and other documentation;
- Maintain a positive attitude and work calmly and effectively in a dynamic environment;
- Synthesize information and communicate privacy concepts to technical and non-technical audience;
- Apply information privacy principles to business processes and information systems from a technical perspective.
- Administer network and computing devices/systems that enforce security policies and audit controls in Windows environment
- Formulate security architecture recommendations and design security services
- Implement technical solutions to contractual requirements per organizational policies
- Assist in responses to external audits, penetration tests and vulnerability assessments
- Recommend and coordinate the application of fixes, patches, disaster recovery procedures in the event of a security breach
- Research emerging technologies in support of security enhancement and development efforts
- Conduct risk assessments, penetration tests and diagnose internet/extranet security, intrusion attempts, and cyber-crime response
- Solid familiarity with application and network security.
- Must be able to perform hands-on support for a wide range of security technologies including, but not limited to: SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, and data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, LDAP, forensics software, security incident response, Identity Management (IdM)
SKILLS & KNOWLEDGE
- Experience in working with compliance and regulatory program requirements.
- Experience analyzing network, event and security logs, and/or IDS alert logs.
- Proven project management and organizational skills, specifically managing multiple concurrent projects
- Knowledge of risk assessment processes within the systems and software development lifecycle – able to perform risk assessments, select controls, provide guidance on control implementation, and provide oversight on maintaining those controls
- Excellent analytical, problem solving and decision making skills, applied with a solution-focused attitude
- Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
- Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism
- Excellent teamwork skills