Address
Form of workThe Department of Government Operations (DGO) seeks a Director of Information Privacy and Security to play a critical role in ensuring the protection of the privacy rights of individuals whose data we process. If you are a self-motivated individual with a passion for Information Privacy and security; a strong understanding of GRAMA requirements and regulations; and excellent communication, collaboration, and leadership skills, we encourage you to apply for this exciting opportunity.
Principal Duties
The Director of Information Privacy and Security is responsible for overseeing and ensuring the implementation of an effective Information Privacy and security program as a component of existing records management programs within DGO and its divisions.
Key Responsibilities:
Work closely with the Chief Privacy Officer (CPO), Chief Information Security Officer (CISO), State Archivist, and DGO Chief Administrative Officers to lead the DGO adoption and implementation of a model record management program and its associated privacy and security risk management functions that will be outlined in the CPO's Strategic Privacy Plan.
Champion and spearhead the establishment of an Information Privacy and security focused culture within DGO that is citizen focused while prioritizing and balancing the constitutional rights of privacy and transparency in relation to data that is collected and maintained by DGO.
Work closely with the DTS IT Director of DGO to ensure privacy and security risks are managed in all IT systems that may process state data.
Assess and identify areas for improvement to ensure that all divisions are in compliance with the Government Records Access and Management Act (GRAMA) requirements in regards to maintaining a records management program that protects the privacy rights of individuals whose data we process.
Coordinate with key stakeholders, including the State Archivist, CISO, and CPO on statewide records, privacy, and security initiatives.
Develop and implement DGO-wide Information Privacy and security policies and procedures that adhere to state and federal laws and regulations, industry standards, and best practices.
Participate in state agency privacy and security governance groups.
Chair the DGO records management and privacy governance groups to ensure proper governance and coordination with DGO CAOs, records officers, privacy officers, and security officers.
Develop and implement a continuous and active records management program that ensures the rights of privacy and security are maintained throughout the record management lifecycle.
Ensure all DGO divisions complete key privacy and security risk management functions, including completion of security and privacy assessments.
Play a key role in the record risk management processes of 3rd parties that process DGO records to ensure records are properly managed throughout the entire record management lifecycle. This may include contract reviews, privacy and security assessments, and collection of attestations of compliance.
Work with DGO divisions to ensure that all employees are trained in Information Privacy and security policies and procedures.
Track and ensure completion of security awareness training by DGO employees and contractors.
Work with the DGO legal counsel to ensure that all policies and procedures adhere to state and federal laws and regulations, industry standards, and best practices.
Provide guidance and support to DGO divisions on matters related to Information Privacy and security.
Stay current on best practices and emerging trends in Information Privacy and security.
Participate in industry conferences and events to stay current on industry trends and emerging technologies.
The Best Qualified Candidate
The best candidate will have:
8+ years of experience in Information Privacy and security, with a focus on records management.
Strong understanding of GRAMA requirements and regulations.
Experience with one or more core privacy functions, such creating privacy policies, performing and maintaining privacy risk assessments, designing privacy enhancing features in the SDLC process, and finding and implementing remediation efforts via plans of action and milestones.
Industry certifications in Information Privacy and security (e.g., CIPM, CISSP, CIPP) are a plus.
Excellent communication and collaboration skills, with the ability to work effectively with a variety of stakeholders.
Strong analytical and problem-solving skills with the ability to identify areas for improvement and implement solutions.
Strong leadership skills with the ability to chair governance groups and provide guidance and support to DGO divisions.
Ability to work independently and manage multiple priorities in a fast-paced environment.
This is the perfect position for someone who enjoys complex projects and wants a seat at the table to help make policy and decisions for the future of our department! You will be working closely with the State of Utah Chief Privacy Officer and State Archivist to implement records management, privacy, and security practices that will be a model for other state agencies.
In addition, this position allows you to work from anywhere in Utah 3 days each week, with 2 days in our Taylorsville office, and provides our amazing benefits package on day one, and the opportunity to build relationships with key players in the department and state government.
The Department
The Department of Administrative Services, the Department of Human Resource Management, and the Department of Technology Services have combined into one organization - the newDepartment of Government Operations. Our goal is to support and enable other state agencies to fulfill their core missions.
- Risks found in typical office setting which is adequately lighted, heated and ventilated, e.g., safe use of office equipment, avoiding trips and falls, observing fire regulations, etc
- Typically, the employee may sit comfortably to perform the work; however there may be some walking, standing, bending, carrying light items, driving an automobile, etc. Special physical demands are not required to perform the work.
