San Jose, California
May 21, 2020
IT Security Specialist
About The Opportunity
Note: Local and GC or Citizen candidates preferred.
- The IT Security Specialist will be responsible for supporting the implementation and administration of County of Santa Clara’s privacy initiatives within the Privacy Office. The successful candidate will have knowledge of common privacy practices, laws, and regulatory frameworks as well as a solid understanding of various technologies, including exposure to information security and risk management. S/he will identify emerging privacy technology trends/standards, regulatory and compliance requirements, and privacy needs as part of an effort to develop, establish and maintain a cohesive privacy direction for the County of Santa Clara’s mission to provide services to residents. S/he serves as a member of staff supporting the Chief Privacy Officer (CPO) in furthering the County’s mission and commitment towards privacy excellence. As part of the privacy team, the IT Security Specialist will collaborate with the technology services and security teams to integrate and monitor privacy gates within the software development life cycle (SDLC), vendor vetting process, and other organizational processes. Typical Tasks:
- Builds and applies a strong working knowledge of the County’s mission and objectives, including the County’s privacy strategy and program, as well as knowledge of compliance and privacy concepts and practices (strategies, internal controls, information analysis, reporting, including trending and communication);
- Maintains an awareness of and monitoring advancements in information privacy technologies;
- Conducts privacy-related risk assessments (e.g., Assessment to support privacy integration through Privacy-by-Design, Privacy Impact Assessments), support incident response activities, and assist with integrating privacy into the software development life cycle (SDLC), data sharing projects, and other processes;
- Conducts basic usability evaluations to assess the usability and user acceptance of privacy-related features and processes;
- Identifies, develops, and aligns techniques to aggregate, anonymize, or de-identify data, and understand the limits of de-identification;
- Develops and communicates mitigation actions and design recommendations.
- Coordinates with developers, system owners, and others on remediation activities and alternate solutions to protect data and reduce risk;
- Develops technical solutions to help mitigate privacy vulnerabilities;
- Assists with documenting and assessing privacy risks associated with applications (and solutions in general) that are scheduled to be integrated in information systems; ranking and prioritizing these risks; and following up with developers and other stakeholders on remediation;
- Assists with vetting vendors and help to make sure that adequate privacy protections are embedded in solutions and processes;
- Help to ensure information systems designs adequately incorporate privacy controls around choice, consent, collection, notice, use, retention, and disposal, and third party disclosures where applicable;
- Performs research and advise Privacy Office management on applicable technology privacy trends, best practices, and risks;
- Integrates perspectives that span product design, software development, cyber security, human computer interaction, as well as business and legal considerations; and leverage team members when necessary;
- Works with team members and Privacy Office management to define and incorporate technology related privacy controls into the organization’s processes, initiatives, and development of information systems;
- Engages with cross-functional teams to investigate incidents that involved sensitive or personal information;
- Supports the development of technical privacy training and communication programs to educate and update employees on privacy requirements, best practices, and expectations;
- Lends expertise to enhance effectiveness of privacy enhancing technology (PET) controls;
- Assists and provides expertise to the organization’s departments to better identify and classify data and manage information throughout the information life cycle;
- Serves as a liaison to technical bodies for privacy related matters.
- The knowledge and abilities required to perform this function are attained through training and experience equivalent to possession of a bachelor’s degree from an accredited college in Information Systems, Computer Science, Communications, Information Privacy, Privacy Law, Data Management, or a related field. AND
- Two (2) years of experience in the privacy, legal, technology, compliance or information security fields, one (1) of which must have been working with medium to large scale information privacy or security projects.
- Relevant experience with a governmental entity and understanding or interpreting privacy regulations is highly preferred. Knowledge required:
- Privacy engineering and design principles, practices, terminology, trends, and usage utilized by large complex organizations;
- Privacy-by-Design, best practices, terminology, and current trends in privacy;
- Knowledge of two or more of the following privacy laws or standards, such as: Fair Information Practice Principles (FIPPs), HIPAA/HITECH, PCI, FCRA, GLBA, FACTA, ISO, GAAP, SOC II, FERPA, COPPA, CCPA, NIST privacy and security standards and guidance, California data breach or other privacy related laws, or other relevant privacy frameworks;
- Information privacy or security forensic tools or privacy enhancing technologies;
- Technical understanding of information systems development, implementation, and maintenance;
- Experience with PII inventory, information classification, and privacy threat modelling;
- Experience in conducting privacy impact assessments (PIA);
- Optional: Wireless / mobile communications technologies and privacy issues, and wireless IT security systems, cloud technology and privacy concerns;
- Preferred, but not required, privacy certifications, such as: CIPP/US, CIPT.
- Ability to:
- Support PIA activities and recommend technical solutions that provide the proper level of privacy protection over personal and sensitive information;
- Troubleshoot basic privacy and security problems and identify and recommend alternative solutions;
- Work and communicate effectively, both orally and in writing for technical and nontechnical audiences;
- Write and produce presentations exceptionally well;
- Establish and maintain effective working relationships within the team and across departments;
- Operationalize and proactively assist in the implementation of privacy solutions;
- Collaborate with other technical professionals;
- Prepare detailed technical reports, analyses, and other documentation;
- Maintain a positive attitude and work calmly and effectively in a dynamic environment;
- Synthesize information and communicate privacy concepts to technical and nontechnical audience;
- Apply information privacy principles to business processes and information systems from a technical perspective.
Please Contact me to discuss the hiring process!
Sr. Executive Recruiter
Contact: (310) 929-8421 Ext: 107
Hi! My name is Sushil Singh. Helping consultants with getting their desired job is what makes me feel alive. I build a unique relationship with each of my consultants and work on their profile as per their needs. I believe that my consultants are my assets and this motivates me to serve them in an even better manner. Hence, I work towards the success of every consultant I work with.