You are viewing a preview of this job. Log in or register to view more details about this job.

JC-256477 : Information Technology Specialist II - Information Privacy Officer

Job Summary:
Under the direction of the Chief Information Security Officer (CISO), the Information Technology Specialist II (ITS) performs all essential and highly complex functions as an Information Privacy Officer (IPO) encompassing the IT domain of Information Security Engineering. The IPO manages information security incidents and risk management across the Department. In this capacity, the incumbent serves as IPO to develop and implement all aspects of privacy plans, policies, processes, procedures, and standards; including electronic copy, hard copy, and any other media maintained and owned by the Department. Provides privacy guidance on enterprise-wide projects, acts as consultant on implementation of privacy-related laws, policies and standards, and supports informed risk assessment and management and develops appropriate risk management strategies for the Department.


Essential Functions:
  • Act as the Department's Privacy Officer and is responsible for overseeing the privacy policies and programs. Develop and implement department Information privacy standards in response to policy direction of the California Department of Technology (CDT) Office of Information Security (OIS) and other regulatory entities including the Federal government. These activities include but are not limited to: assisting in the establishment of Information Security and Privacy Risk Management programs as directed by the State Administrative Manual (SAM 5300) and other related state and federal laws. Ensure the development and alignment of information privacy and risk programs with the departments business strategic business plans and goals. Provide privacy management and keep abreast of technologies to ensure the appropriate controls are implemented and maintained. Understand the business process needs, assess internal and external risks, provide appropriate mitigation strategies, and stay current on laws and regulations related to information technology privacy.
  • Ensure that HCD conforms to the requirements contained in, but not limited to the California Information Practices Act, California State Government Code, and the California State Administrative Manual (SAM), are adhered to by the Department and its personnel. Update and educate HCD staff on the agency's practices for handling personal information, as further required in the Information Practices Act. Conduct risk analysis to identify critical assets, vulnerabilities, and the adequacy of Information Privacy safeguards. Identify, formulate, and recommend Information Privacy policies and principles that will ensure the integrity, confidentiality, reliability, and appropriate use of departments information assets. Develop Information Privacy standards related to information technology usage. Collaborate with Information Technology Branch regarding events and activity relevant to privacy security defense practices.
  • Consult and advise the CISO and other Branch and Executive staff on all information privacy initiatives; ensure the department is in compliance with all information security and privacy policies and procedures required by the State, Federal, and other regulatory entities. Ensure all required information privacy activities are completed on schedule. Participate in HCD IT projects at strategic and tactical levels to ensure projects alignment with Privacy policy and that sufficient privacy resources are allocated to properly secure data and IT systems from privacy threats. Conduct risk analysis to identify critical assets, vulnerabilities and the adequacy of Information Security and Privacy safeguards.
  • Assist the CISO in planning, organizing, and directing the development, implementation and ongoing operations of the Department's information security, privacy, and risk activities. Act as an expert specialist on the most complex systems and software projects; and, provide the highest level of expertise and advice in the implementation of laws, policies, and standards regarding current information privacy and security. This responsibility includes the practices of data security, confidentiality, privacy, and the integrity, auditability, and evaluation. Develop and implement policies and procedures for the monitoring and reporting of incidents involving intentional, unintentional, or unauthorized access, disclosure, use, modification or destruction of private HCD assets.
  • Provide management reports, incident reports, and other periodic reporting on information security and data privacy issues and audits and is directly responsible for the work of information security and data privacy to ensure the integrity and security of electronic files, databases, and computer systems. Participate in the Information Security Governance Committee (ISGC). Monitor and report the implementation and compliance of State policies and coordinate annual and quarterly compliance reporting. Serve as a working member or attendee of various other internal and external IT security and privacy committees.
  • Provide on the job training for new and existing IT Staff.
  • Review technical journals or websites to acquire, keep up to date & maintain knowledge of applicable, emerging regulations, procedures and new industry Privacy requirements & best practices. 
  • Responsible for the completion of other projects, assignments, and Division administrative tasks as directed by management