The Chief Privacy Officer reports to General Counsel and will serve as the Chief Privacy Officer for Strategic Technology Solutions in the Department of Finance & Administration. This role will oversee all ongoing activities related to the development, implementation, maintenance, and adherence to the State's policies and procedures covering privacy and access. This position will work closely with several lines of business to develop, define, and manage the overall data privacy policy at an enterprise level and statewide.
How You Make a Difference In This Role
See below Key Responsibilities.
Key Responsibilities
Be the subject matter expert (SME) to all Department Privacy Officers as it relates to industry data privacy controls around regulatory data and serve as information privacy consultant for all departments and appropriate entities. 2. Work with STS Business Domain leaders reviewing ongoing activities related to the development, implementation, maintenance of, and adherence to the State's policies and procedures covering the privacy of, and access to, State information in compliance with federal and State laws. (i.e., HIPAA, FTI, PCI, SSA, FERPA, CJIS, FISMA), as well as ensure all regulatory controls are properly monitored and data exchange agreements are in place. 3. Coordinate data breach investigation, response, and notification procedures with the Chief Information Security Officer (CISO) and related team and ensure internal State parties are notified as appropriate. 4. Prepare and assist with presenting clear, accurate, and timely reports on privacy and data protection risks, risk mitigation measures, and compliance activities to key stakeholders and senior management. 5. Provide advice and instructions on how to conduct Privacy Impact Assessments (PIAs), as well as review all incoming PIAs. 6. Review all system-related information security plans throughout the State's network to ensure alignment between security and privacy practices, and act as a liaison to all departments' information technology teams. 7. Work with contract and procurement teams to ensure proper data security language has been properly depicted in all contracts, RFPs, RFIs, and vendor contracts and periodically review and update as needed with proper approvals. 8. Maintain a comprehensive and current knowledge of both F&A Department operations and privacy laws, as well as communicating details of the Department's privacy policy to staff in collaboration with Office of Evidence and Impact data privacy attorney. 9. Provide guidance and assist in the identification, implementation, and maintenance of State information privacy policies and procedures in coordination with the Departments' management, administration, and legal counsels. 10. Assist, direct, deliver, or ensure delivery of initial and on-going privacy training and orientation to all employees, and professional staff, contractors, alliances, business associates, and other appropriate third parties in regard to data privacy. 11. Advise on the impact of data protection efforts. 12. Lead the data classification and data inventory effort in collaboration with the STS CEDA team. 13. Other duties as assigned.
Minimum Qualifications
Law degree required, and licensed and in good standing to practice law in Tennessee. Degree in business, information technology or related field recommended. Relevant professional privacy or information technology experience may be considered as a substitute. 2. 5-10 years legal experience, privacy, information technology, and business management experience preferred. 3. Familiarity and experience with data privacy, security, and processing operations in government preferred. 4. Expert knowledge of data protection laws and practices, including HIPAA, PCI, FTI, FERPA, CJIS, SSA, FISMA. 5. CIPP/US, CIPM, CHC or other recognized privacy or compliance certification. 6. Strong incident response experience including regulatory breach notifications and reporting experience. 7. Familiarity with computer security systems. 8. Excellent inter-personal and presentation skills. 9. Excellent verbal and written communication skills. 10. Organizational skills with attention to detail. 11. Ability to handle confidential information. 12. Ethical, with the ability to remain impartial and report all noncompliance. 13. Successful background check completion, including CJIS and FTI fingerprint checks.
Pursuant to the State of Tennessee's Workplace Discrimination and Harassment policy, the State is firmly committed to the principle of fair and equal employment opportunities for its citizens and strives to protect the rights and opportunities of all people to seek, obtain, and hold employment without being subjected to illegal discrimination and harassment in the workplace. It is the State's policy to provide an environment free of discrimination and harassment of an individual because of that person's race, color, national origin, age (40 and over), sex, pregnancy, religion, creed, disability, veteran's status or any other category protected by state and/or federal civil rights laws.
Seniority level
Executive
Employment type
Full-time
Job function
Finance and Sales
Industries
Government Administration
Referrals increase your chances of interviewing at State of Tennessee by 2x