CHIEF COMPLIANCE AND PRIVACY OFFICER

The Chief Privacy and Compliance Officer is responsible for developing, implementing and maintaining the State's coordinated security COMPLIANCE AND PRIVACY program that promotes the identification and protection of personal identifying or otherwise confidential information within state systems in accordance with Statewide Policies and Standards.

This position supports the State Chief Information Security Officer and Deputy State CISO and contributes to the direction and overall strategy of Statewide Information Security for the State of Arizona.

The position of Chief Privacy and Compliance Officer also acts as the state's HIPAA coordinator.

Develop, implement, maintain, and lead the State's Information Security Compliance program which promotes and ensures the adherence of State budget units and service providers to Statewide Information Security Policies, Standards, Procedures, and applicable regulatory requirements. This includes reviewing budget units policies, standards, PIJ and RFP submissions, and security assurance plans as necessary. Work with legal counsel, procurement, and budget unit representation to ensure both existing and new services comply with security requirements and regulations

Develop, implement, maintain, and lead the State's coordinated Privacy Program that promotes the protection of personal identifying information and other confidential information collected, used, and maintained by the state and its agencies for business operations. Work with legal counsel, procurement, and budget unit representation to ensure both existing and new services comply with privacy requirements and regulations

Develop, implement, and lead the State's coordinated Vulnerability Management Program. Assist budget units with identifying vulnerabilities, and associated information security AND PRIVACY protection risks and provide direction on risk mitigation strategies, methods, and procedures for the State
Develop, implement, and lead the coordinated statewide Security Awareness Training Program in collaboration with training teams, HR, and other divisions and budget units as required

Monitor and report compliance of each State budget unit with the Statewide Information Security and Privacy Protection Policies and Standards in coordination with the Office of the Auditor General

Act as the HIPAA coordinator for the State, and coordinates breach notifications resulting from major data breaches within the State, including but not limited to the annual required reporting to HHS

Other duties as assigned as related to the position

Knowledge:

K0001: Knowledge of computer networking concepts and protocols, and network security methodologies

K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)

K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity AND PRIVACY

K0004: Knowledge of cybersecurity AND PRIVACY principles

K0005: Knowledge of cyber threats and vulnerabilities

K0006: Knowledge of specific operational impacts of cybersecurity lapses

K0008: Knowledge of applicable business processes and operations of customer organizations

K0066: Knowledge of Privacy Impact Assessments

K0168: Knowledge of applicable laws, statutes, Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures

K0615: Knowledge of privacy disclosure statements based on current laws

Skills:

S0176: Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures

S0354: Skill in creating policies that reflect the business's core cybersecurity AND PRIVACY objectives

S0355: Skill in reviewing vendor agreements and evaluating vendor cybersecurity AND PRIVACY practices

S0356: Skill in communicating with all levels of management including executive State leadership members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience)

S0250: Skill in preparing plans and related correspondence

Ability:

Ability to serve as a senior member of a team and can form, manage and lead teams or units of varying skills

A0024: Ability to develop clear directions and instructional materials

 A0033: Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities

 A0034: Ability to develop, update, and/or maintain standard operating procedures (SOPs)

A0104: Ability to select the appropriate implant to achieve operational goals

A0105: Ability to tailor technical and planning information to a customer's level of understanding

A0110: Ability to monitor advancements in information security AND PRIVACY laws to ensure organizational adaptation and compliance

A0111: Ability to work across departments and business units to implement organization's privacy principles and programs, and align privacy objectives with security objectives

A0112: Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance

A0113: Ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action

A0114: Ability to develop or procure curricula that speaks to the topic at the appropriate level for the target

A0115: Ability to work across departments and business units to implement organization's cybersecurity AND PRIVACY principles and programs, and align privacy objectives with security objectives

A0125: Ability to author a privacy disclosure statement based on current laws

Work with various teams and senior management to ensure awareness of "best practices" on privacy and data security issues

Bachelor's degree and 8 years of extensive technical experience in Information Security Systems (or equivalent experience)

Professional certifications in Information Security and Networking Systems (hardware and software) are highly desirable, as well as an in-depth knowledge and understanding of specific information information protection standards (NIST, HIPAA, PCI, IRS, etc. as appropriate

 Employees who drive on state business are subject to driver's license record checks, must maintain acceptable driving records and must complete any required driver training (see Arizona Administrative Code R2-10-207.12.)

 Requires possession of and ability to retain a current, valid state-issued driver's license appropriate to the assignment

Proof of U.S. Citizenship Required

The State of Arizona offers a comprehensive benefits package to include:

Optional employee benefits include short-term disability insurance, deferred compensation plans, and supplemental life insurance

Life insurance and long-term disability insurance

Vacation with 10 paid holidays per year

Health and dental insurance

Retirement plan

Sick leave

For a complete list of benefits provided by The State of Arizona, please visit our benefits page

Positions in this classification participate in the Arizona State Retirement System (ASRS)

Note that enrollment eligibility will become effective after 27 weeks of employment

If you have any questions please feel free to contact Ariel Gonzalez at agonzalez@az.gov for assistance