Senior Cyber Privacy Governance Analyst - Remote

Responsible for day-to-day support and optimization of software applications, including builds, upgrades, and system enhancements. Analyzes business / clinical needs, evaluate software releases and/or new products, and gives recommendations to optimize processes and decrease expenses. Possesses in-depth business / clinical and application knowledge and experience. Performs and documents workflow assessments to determine functional requirements for optimal utilization of applications. Develops system test plans and performs testing of software upgrades and patches. Maintains a record of test progress and test results. Responsible for problem, incident, and change management and service requests. Provides daily on-call support to the customer base for application-related issues. Works within a cross-functional team and with end-users to achieve application integration to meet business / clinical needs. Responsible for the communication of software issues, requirements, upgrades, and enhancements. Oversees smaller-sized projects or components of projects. Coordinates implementation or project planning around software application releases. Possesses a key certification(s) or other credential(s) which is determined central to the systems or applications supported. An Experienced Professional applies practical knowledge of job areas typically obtained through advanced education and work experience. Responsibilities typically include: • Works independently with general supervision. • Problems faced are difficult but typically not complex. • May influence others within the job area through explanation of facts, policies, and practices. Experience in lieu of Bachelor’s Degree 3 years of relevant experience with a degree 5+ years of relevant experience without a degree

Senior Cyber Privacy Governance Analyst

Description

Under direction of Sr Manager, Cyber & Privacy Governance, to identify potential privacy weaknesses and vulnerabilities and recommend privacy controls to mitigate vulnerabilities and reduce overall privacy risks; to assess privacy policies, procedures, and operations to help ensure the organization meets privacy requirements and government regulations for the protection of personal and sensitive information; and to serve as a consultant to top management impacting privacy policy and planning activities.

The Senior Cyber Privacy Governance Analyst position is an information cyber privacy SME role that will be responsible for supporting and leading the implementation and administration of Cyber privacy initiatives. The incumbent will identify emerging privacy technology trends/standards, regulatory and compliance requirements, and privacy needs as part of an effort to develop, establish, and maintain a cohesive privacy direction for Sentara Health.

The incumbent will coordinate activities and meetings with departmental staff, prepare privacy training material and Privacy Champions presentations with the Cyber Security Training & Awareness Enterprise Program, which is owned by the Sr Manager, Cyber & Privacy Governance. This chosen individual will also collaborate and support the Enterprise Chief Privacy Office (CPO) efforts and priorities.

The Senior Cyber Privacy Governance Analyst responsibilities are to analyze and develop policies and procedures related to information privacy for Sentara Health, its Regulators, Health Plans, Health Providers, etc., with a Cyber lense focus. Additionally, the incumbent will provide input to strategic decisions that affect the functional area of responsibility in both Cyber Security & the Chief Privacy Office.

This is a REMOTE position in the following states:

• Wyoming
• West Virginia
• South Carolina
• Nebraska
• Ohio
• North Dakota
• Pennsylvania
• Nevada
• New Hampshire
• Washington (state)
• Alabama
• Utah
• Georgia
• Kansas
• Minnesota
• Louisiana
• North Carolina,
• Oklahoma
• Maine
• Texas
• Virginia,
• Tennessee
• Maryland
• Florida
• Indiana
• Delaware
• Idaho
• Wisconsin
• South Dakota

COVID-19 Risk Tier – Low Risk

Typical Day to Day Operational Tasks:

The following are the duties performed by incumbent candidate in this position. However, incumbent candidate may perform other related duties at an equivalent level.

• Coordinates Sentara Health privacy strategy and program, working closely with other departments (e.g. Chief Privacy Officer) to help ensure compliance with privacy regulations and standards;

• Identifies information assets and classifies them based on their level of sensitivity, value, and criticality to the organization;
• Reports on key performance indicators and metrics to track privacy weaknesses and vulnerabilities and to assess adherence to privacy policies;
• Identifies and investigates privacy incidents that violate the Sentara Health’s privacy & cyber policies;
• Analyzes risks of Sentara Health’s privacy projects and capabilities, with a clear define Cyber Security focus;
• Identifies, develops, and aligns techniques to aggregate, anonymize, or de-identify data;
• Provides expertise and guides junior staff to identify and provide mitigation measures for Cyber privacy risks;
• Investigates privacy complaints and adopts the appropriate standardized steps to respond to and address complaints;
• Reviews, implements, and updates Corporate-wide privacy policies, standards, procedures, and controls in collaboration with the Chief Privacy Office and Sentara’s legal Dept;
• Facilitates training, awareness, and communication of privacy matters, including compliance requirements, across all of Sentara Health, with a Cyber Security Focus/Eye.
• Maintains an awareness of and reports on applicable Federal and State privacy laws and standards, as well as monitors advancements in information privacy technologies leveraging their Cyber Security SME knowledge.
• Works to ensure the appropriate privacy and confidentiality consent forms, authorization forms, information notices, privacy policies, and materials are current;
• Coordinates statewide communications and management reporting on cyber privacy issues where Sentara Health operates (as of now 28 states);
• Completes Sensitive Information Inventories (SIIs), Privacy Threshold Analyses (PTAs), and Privacy Impact Assessments (PIAs), and creates reports, charts, and other material as may be needed to demonstrate findings between the Cyber Security and Privacy offices;
• Reviews information systems designs to adequately incorporate privacy controls around choice, consent, collection, notice, use, retention, disposal, and third-party disclosures, where applicable;
• Develops and reviews privacy training material and serves as a privacy training instructor to educate and update employees on privacy requirements, issues, and best practices with emphasis and SME knowledge of Cyber Security;

• Establish privacy by design processes in product development.
• Collaborate with the Legal, Security Engineers, and Product Teams to ensure that privacy by design is in-line with privacy standards.
• Identify areas of improvement in practices relative to managing data privacy.
• Guide policy and guidelines to ensure data usage meets corporate compliance requirements.
• Interface with developers, engineers and architects to ensure privacy-related support within systems and services.
• Prepare automated controls and triggers to ensure the organization follows compliance framework when developing systems/ products / services that prioritize privacy
• Performs other related duties, as required by Sr. Manager, Cyber & Privacy Governance
• Monitor industry best practices and trends
• Effectively communicate program progress with varying audiences, and provide analysis to the stakeholders.

Employment Requirements:

Training and Experience Note: The required knowledge and abilities are attained through training and experience equivalent to a Bachelor’s degree, preferably in Data Communications, Computer Science, Information Systems, Network Engineering, Information Privacy, Privacy Law, or a closely related field.

Preferred Skills:

• Experience translating regulatory requirements (such as GDPR, CCPA/CPRA) into actionable technical specifications.
• CIPT Certification
• Knowledge of Privacy by Design and security standards
• Cloud computing and infrastructure (AZURE PREFFERED)
• Other privacy certification such as CIPP/E, CIPM, ISEB, ECPC-B DPO, privacy engineering

and

Five (5) years of professional level experience in the privacy, legal, technology, compliance, or information security fields, two (2) years of which must have been working with medium to large scale Healthcare Industry within information privacy or security projects.

Special Requirements

• Lite Travel involve.

Knowledge of:

• Privacy risk concepts and principles and the relationship between business needs and privacy regulations;

• Strategic, tactical, and project planning development and documentation;

• Applicable security policies and practices;

• Personally Identifiable Information (PII) inventory, information classification, and privacy threat modeling;

• Principles of effective communication;

• Incident response process from a privacy context;

• Privacy and data security laws and issues;

• Basic principles of curriculum development and training techniques;

• English usage, style, grammar, punctuation, and spelling;

• Information privacy or security forensic tools;

• Privacy principles, Privacy-by-Design, phases of the Software Development Life Cycle, and related terminology, trends, and activities utilized by medium to large complex organizations;

• Privacy impact assessment (PIA) methodology, including interviewing and identifying risks;

• Methods of research and report preparation, writing, and presentation;

• Current privacy technologies for data mapping;

• Metrics that demonstrate information security control effectiveness;

• Types and applications of data de-identification.

Ability to:

• Develop strategies to proactively manage implementation of enterprise-wide initiatives;

• Vet prospective vendors for privacy compliance;

• Plan and execute complex projects;

• Consult on privacy, security, and compliance;

• Lead interview sessions, PIA activities, and recommend/oversee risk remediation activities and solutions that provide the proper level of privacy protection over personal and sensitive information;

• Troubleshoot privacy and data protection problems and identify and recommend alternative solutions;

• Recommend corrective actions to comply with Federal and State regulations and Sentara Health Corporate policies;

• Perform privacy impact assessments and recommend solutions that provide the proper level of privacy protection over personal and sensitive information;

• Apply information privacy principles to business processes and information systems;

• Communicate effectively, both orally and in writing, with people of diverse backgrounds and cultures;

• Establish and maintain effective working relationships with those contacted in the course of work, at all levels, including colleagues, the public, and representatives of other agencies;

• Monitor compliance with privacy policies, standards, guidelines, and procedures;

• Prepare detailed technical reports and other documentation;

• Work effectively with other staff;

• Conduct privacy audits.

Physical Requirements

• May be required to work irregular hours.

**Pay Transparency for states where Sentara Health must share this info:

$90,000 - 100,000 USD.

• Bachelor's Level Degree