Apply now Job No: 520829
Work Type: Full-time
Location: PHOENIX
Categories: Program Management, Management/Supervisor
Grade: 29
This position will remain open until filled
The Chief Privacy and Compliance Officer is responsible for developing, implementing and maintaining the State's coordinated security COMPLIANCE AND PRIVACY program that promotes the identification and protection of personal identifying or otherwise confidential information within state systems in accordance with Statewide Policies and Standards.
This position supports the State Chief Information Security Officer and Deputy State CISO and contributes to the direction and overall strategy of Statewide Information Security for the State of Arizona.
The position of Chief Privacy and Compliance Officer also acts as the state's HIPAA coordinator.
Develop, implement, maintain, and lead the State's Information Security Compliance program which promotes and ensures the adherence of State budget units and service providers to Statewide Information Security Policies, Standards, Procedures, and applicable regulatory requirements. This includes reviewing budget units policies, standards, PIJ and RFP submissions, and security assurance plans as necessary. Work with legal counsel, procurement, and budget unit representation to ensure both existing and new services comply with security requirements and regulations
Develop, implement, maintain, and lead the State's coordinated Privacy Program that promotes the protection of personal identifying information and other confidential information collected, used, and maintained by the state and its agencies for business operations. Work with legal counsel, procurement, and budget unit representation to ensure both existing and new services comply with privacy requirements and regulations
Develop, implement, and lead the State's coordinated Vulnerability Management Program. Assist budget units with identifying vulnerabilities, and associated information security AND PRIVACY protection risks and provide direction on risk mitigation strategies, methods, and procedures for the State
Develop, implement, and lead the coordinated statewide Security Awareness Training Program in collaboration with training teams, HR, and other divisions and budget units as required
Monitor and report compliance of each State budget unit with the Statewide Information Security and Privacy Protection Policies and Standards in coordination with the Office of the Auditor General
Act as the HIPAA coordinator for the State, and coordinates breach notifications resulting from major data breaches within the State, including but not limited to the annual required reporting to HHS
Other duties as assigned as related to the position
Knowledge:
K0001: Knowledge of computer networking concepts and protocols, and network security methodologies
K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity AND PRIVACY
K0004: Knowledge of cybersecurity AND PRIVACY principles
K0005: Knowledge of cyber threats and vulnerabilities
K0006: Knowledge of specific operational impacts of cybersecurity lapses
K0008: Knowledge of applicable business processes and operations of customer organizations
K0066: Knowledge of Privacy Impact Assessments
K0168: Knowledge of applicable laws, statutes, Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures
K0615: Knowledge of privacy disclosure statements based on current laws
Skills:
S0176: Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures
S0354: Skill in creating policies that reflect the business's core cybersecurity AND PRIVACY objectives
S0355: Skill in reviewing vendor agreements and evaluating vendor cybersecurity AND PRIVACY practices
S0356: Skill in communicating with all levels of management including executive State leadership members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience)
S0250: Skill in preparing plans and related correspondence
Ability:
Ability to serve as a senior member of a team and can form, manage and lead teams or units of varying skills
A0024: Ability to develop clear directions and instructional materials
A0033: Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities
A0034: Ability to develop, update, and/or maintain standard operating procedures (SOPs)
A0104: Ability to select the appropriate implant to achieve operational goals
A0105: Ability to tailor technical and planning information to a customer's level of understanding
A0110: Ability to monitor advancements in information security AND PRIVACY laws to ensure organizational adaptation and compliance
A0111: Ability to work across departments and business units to implement organization's privacy principles and programs, and align privacy objectives with security objectives
A0112: Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance
A0113: Ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action
A0114: Ability to develop or procure curricula that speaks to the topic at the appropriate level for the target
A0115: Ability to work across departments and business units to implement organization's cybersecurity AND PRIVACY principles and programs, and align privacy objectives with security objectives
A0125: Ability to author a privacy disclosure statement based on current laws
Work with various teams and senior management to ensure awareness of "best practices" on privacy and data security issues
Bachelor's degree and 8 years of extensive technical experience in Information Security Systems (or equivalent experience)
Professional certifications in Information Security and Networking Systems (hardware and software) are highly desirable, as well as an in-depth knowledge and understanding of specific information information protection standards (NIST, HIPAA, PCI, IRS, etc. as appropriate
Employees who drive on state business are subject to driver's license record checks, must maintain acceptable driving records and must complete any required driver training (see Arizona Administrative Code R2-10-207.12.)
Requires possession of and ability to retain a current, valid state-issued driver's license appropriate to the assignment
Proof of U.S. Citizenship Required
The State of Arizona offers a comprehensive benefits package to include:
Optional employee benefits include short-term disability insurance, deferred compensation plans, and supplemental life insurance
Life insurance and long-term disability insurance
Vacation with 10 paid holidays per year
Health and dental insurance
Retirement plan
Sick leave
For a complete list of benefits provided by The State of Arizona, please visit our benefits page
Positions in this classification participate in the Arizona State Retirement System (ASRS)
Note that enrollment eligibility will become effective after 27 weeks of employment
If you have any questions please feel free to contact Ariel Gonzalez at agonzalez@az.gov for assistance
Advertised: 12 Sep 2023 US Mountain Standard Time
Applications close:
Back to search results Apply now Refer a friend