KnoxvilleRecruiter Since 2001
the smart solution for Knoxville jobs

Risk and Privacy Officer

Company: Consolidated Nuclear Security
Location: Oak Ridge
Posted on: January 15, 2022

Job Description:

Location: Amarillo, TX or Oak Ridge, TN
Job Title: Risk and Privacy Officer
Career Level: Advisor
Organization: Business Applications (51130508)
Job Specialty: Service TransitionWhat You'll DoThe Privacy Officer (PO) shall oversee all ongoing activities related to the development, implementation, and maintenance of the organization's privacy policies following applicable federal and state laws and is responsible for the organization's privacy program including but not limited to daily operations of the program, development, implementation, and maintenance of policies and procedures. They are responsible for monitoring program compliance, investigation and tracking of incidents and breaches, and ensuring customer's rights. In all cases, following federal and state laws.

  • Builds a strategic and comprehensive privacy program that defines, develops, maintains, and implements policies and processes that enable consistent, effective privacy practices that minimize risk and ensure the confidentiality of protected information, paper and/or electronic, across all media types. Ensures privacy forms, policies, standards, and procedures are up-to-date
  • Works with senior organization management, security, and corporate compliance officer to establish governance for the privacy program
  • Serves in a leadership role for privacy compliance
  • Collaborate with the information security officer to ensure alignment between security and privacy compliance programs, including policies, practices, investigations, and acts as a liaison to the information systems department
  • Establishes, with the information security officer, an ongoing process to track, investigate, and report inappropriate access and disclosure of protected information. Monitor patterns of improper access and/or disclosure of protected information
  • Develops, delivers, and oversees initial and ongoing privacy training to the workforce
  • Works cooperatively with the information management director and other applicable organization units in overseeing customer rights to inspect, amend, and restrict access to protected information when appropriate
  • Manages all required breach determination and notification processes under applicable State breach rules and requirements
  • Establishes and administers a process for investigating and acting on privacy and security complaints
  • Maintains current knowledge of applicable federal and state privacy laws and accreditation standards
  • Works with organization administration, legal counsel, and other relevant parties to represent the organization's information and interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standards
  • Serves as information privacy resource to the organization regarding the release of information and all departments for all privacy-related issues
  • Act as the primary Interface with the CNS Enterprise Risk Management Program (ERM)
  • Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation, and remediation with the Enterprise Risk Management team
  • Maintain the IS&S risk register
  • Work with ERM to identify risks and opportunities on other organization's risk registers that contain an IT or Cyber component
  • Ensures all internal and external data exchanges adhere to the company's policies and procedures.
  • Support privacy incident management and inquiries
  • Responsible for development, approval and maintenance of the National Nuclear Security Administration (NNSA) Privacy Impact Assessments (PIA)
  • Responsible for implementing requirements of DOE Order 206.1 "Department of Energy Privacy Program"What You Can Expect
    • Meaningful work and unique opportunities to support missions vital to national and global security
    • Top-notch, dedicated colleagues
    • Generous pay and benefits with a stable organization
    • Career advancement and professional development programs
    • Work-life balance fostered through flexible work options and wellness initiativesMinimum Job RequirementsBachelor's Degree with a minimum of 12 years of relevant experience OR Master's degree with a minimum of 10 years of relevant experience OR a PhD with a minimum of 7 years of relevant experience.
      Twenty or more years of education and/or relevant experience may be considered to satisfy educational and years-of-experience requirements for this posting.
      • 5+ years managing cross-functional, complex teams, delivering major IT projects and supporting a large customer base
      • Ability to work autonomously, strong decision making, time management, communication, and customer service skills
      • Strong operational background with demonstrated ability to support mission critical operations, improve system availability, and manage within a highly regulated compliance environment
      • Strong written and oral communication skills
      • Ability to be on-site, at Y-12 Monday-Friday during core business hours to support operational and management activities. Job may require on call support in the event of an operational or cyber security incident.
      • Ability to travel (6+ weeks per year) to off-site locations to support DOE/NNSA mission requirementsPreferred Job Requirements
        • Advanced Degree in information technology, engineering, or related field
        • Certified Information Privacy Professional (CIPP) with regional specializations like the US, Canada, Europe, and Asia
        • Certified Information Privacy Manager (CIPM)
        • Certified Information Privacy Technologist (CIPT)
        • Certified in Healthcare Privacy and Security (CHPS)
        • Certified in Healthcare Privacy Compliance (CHPC)
        • Certified Information Systems Security Professional (CISSP)
        • ITIL, and/or PMP certifications desired but not required
        • Familiarity with DOE/NNSA Cyber Security program and requirements
        • Past management experience within DOE/NNSA or other national security federal programs such as DoD or the Intelligence community
        • Familiarity with business process re-engineering to include Six Sigma and/or Lean techniques
        • Specific knowledge of Federal cyber security and risk management requirements with an emphasis on NIST Special Publications (i.e. 800-53)
          NotesThe minimum education and experience for the lowest career level in the job posting range are listed under Minimum Job Requirements. Successful candidates hired into a higher career level than the minimum in the range must meet the requirements listed in the job leveling charts for the career level into which they are being hired.
          If a range of Career Levels is posted, i.e., Senior Associate to Senior Specialist, internal applicants already in one of the Career Levels would come across at their current Career Level. Internal applicants currently in a lower level Career Level would move to the lowest posted Career Level.
          Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required.
          Position may require entry into Materials Access Areas (MAA) and participation in the Human Reliability Program (HRP). If HRP is required, candidate must complete a counterintelligence-scope polygraph, pursuant to 10CFR 709. Medical requirements may apply.
          COVID Vaccine: The COVID vaccine is mandatory for all CNS employees unless granted an exemption because of a disability or a sincerely held religious belief. This requirement will apply to those working on-site, those teleworking, and all new hires.
          CNS is a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical, drug screening and background investigation. As an employee, you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to being randomly selected for drug testing without advance notification.CNS is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity, age, religion, national origin, ancestry, genetic information, disability or veteran status.

Keywords: Consolidated Nuclear Security, Knoxville , Risk and Privacy Officer, Other , Oak Ridge, Tennessee

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Tennessee jobs by following @recnetTN on Twitter!

Knoxville RSS job feeds