Assurit is currently seeking an experienced Privacy Analyst to support one of our contracts!
- Develop Privacy Program Control Assessment Procedures
The National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, includes as Appendix J a privacy control catalog. The CPO shall identify those privacy controls included in Appendix J that are privacy program management controls. The privacy program management controls identified by the CPO will generally be implemented at the agency level, independent of any specific information system, and essential for privacy program management.The Privacy Analyst, in coordination with the CPO, will be responsible for developing of a set of control assessment procedures that are tailored to each identified privacy program management control. The assessment procedures should be developed in accordance with the standards defined in NIST SP 800-53A and should consist of a set of assessment objectives, each with an associated set of potential assessment methods and assessment objects. The Privacy Analyst will be responsible for providing the CPO the final, agreed upon set of assessment procedures in an agreed upon format.
- Assess Privacy Program Controls
The Privacy Analyst, in coordination with the CPO, will be responsible for developing a privacy assessment plan that includes the objectives for the privacy control assessments and includes a detailed roadmap of how to conduct the assessments. At a minimum, the plan will include the privacy program controls (and any control enhancements) that will be assessed and the assessment procedures, including the assessment methods and objects, to be used during assessment.The Privacy Analyst will then use the plan to conduct a comprehensive assessment, in both depth and coverage, of the privacy program controls identified in the assessment plan. The assessment of privacy program controls may require, among other things, examining privacy policies, plans, and procedures; interviewing agency officials; and, testing privacy controls. In addition, the assessment may require reviewing applicable requirements in law and policy to determine whether the client’s privacy program controls are implemented in accordance with applicable requirements.
The assessment will be comprehensive and conducted with sufficient rigor to ensure that the controls are implemented and free of obvious errors and whether there are further increased grounds for confidence that the controls are implemented correctly and operating as intended on an ongoing and consistent basis, and that there is support for continuous improvement in the effectiveness of the controls.
The Privacy Analyst will document the findings of the assessment, including recommendations for correcting deficiencies in the controls, in an assessment report that will provided to the CPO. The assessment report will include an executive summary providing an abbreviated version of the assessment report that includes a synopsis of the assessment, findings, and recommendations for addressing deficiencies in the controls.
- Develop Privacy Control Assessment Procedures
The Privacy Analyst, in coordination with the CPO, will be responsible for developing of a set of control assessment procedures that are tailored to each identified system-level, hybrid, and common privacy control. The assessment procedures should be developed in accordance with the standards defined in NIST SP 800-53A and should consist of a set of assessment objectives, each with an associated set of potential assessment methods and assessment objects. The Privacy Analyst will be responsible for providing the CPO the final, agreed upon set of assessment procedures in an agreed upon format.
A bachelor’s degree and/or four (4) years of equivalent experience testing or evaluating information security privacy controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the requirements for an information system or organization; a functional understanding of Federal privacy laws and policies; and, the ability to work independently, make compelling oral and written presentations to staff at all organizational levels, and lead cross- functional workgroups.
Working at Assurit
Assurit is an award winning, certified small business headquartered in Fairfax, VA. We offer a highly competitive compensation and benefits package inclusive of medical and dental coverage, as well as paid time off.
Founded in 2013, Assurit has become a trusted provider of cybersecurity expertise to customers across federal, state and local governments, as well as the commercial sector. We are an employee-centric organization that focuses on the growth and development of our greatest asset – our people. We believe that if our Team is trained and educated, we will always be able to deliver our promise of customer success. If you enjoy work environments focused on continuous learning and growth, Assurit will be a great fit for you.
Whether you saw a specific job opening of ours or are simply interested in learning more about building your career at Assurit, feel free to reach out to us directly and submit your resume to email@example.com. Based on your request, the appropriate individual within our organization will get back to you within 2 business days.
Assurit is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
To apply for this job email your details to firstname.lastname@example.org