IT Security Specialist_Privacy Office
Employment Type: Full-Time
The IT Security Specialist will be responsible for supporting the implementation and
administration of County of Santa Clara's privacy initiatives within the Privacy Office.
The successful candidate will have knowledge of common privacy practices, laws, and
regulatory frameworks as well as a solid understanding of various technologies,
including exposure to information security and risk management.
S/he will identify emerging privacy technology trends/standards, regulatory and
compliance requirements, and privacy needs as part of an effort to develop, establish
and maintain a cohesive privacy direction for the County of Santa Clara's mission to
' Builds and applies a strong working knowledge of the County's mission and
objectives, including the County's privacy strategy and program, as well as
knowledge of compliance and privacy concepts and practices (strategies, internal
controls, information analysis, reporting, including trending and communication);
' Maintains an awareness of and monitoring advancements in information privacy
' Conducts privacy-related risk assessments (e.g., Assessment to support privacy
integration through Privacy-by-Design, Privacy Impact Assessments), support
incident response activities, and assist with integrating privacy into the software development life cycle (SDLC), data sharing projects, and other processes;
' Conducts basic usability evaluations to assess the usability and user acceptance
of privacy-related features and processes;
' Identifies, develops, and aligns techniques to aggregate, anonymize, or de identify data, and understand the limits of de-identification;
' Develops and communicates mitigation actions and design recommendations.
' Coordinates with developers, system owners, and others on remediation activities
and alternate solutions to protect data and reduce risk;
' Develops technical solutions to help mitigate privacy vulnerabilities;
' Assists with documenting and assessing privacy risks associated with applications
(and solutions in general) that are scheduled to be integrated in information
systems; ranking and prioritizing these risks; and following up with developers
and other stakeholders on remediation;
' Assists with vetting vendors and help to make sure that adequate privacy
protections are embedded in solutions and processes;
' Help to ensure information systems designs adequately incorporate privacy
controls around choice, consent, collection, notice, use, retention, and disposal,
and third party disclosures where applicable;
' Performs research and advise Privacy Office management on applicable
technology privacy trends, best practices, and risks;
' Integrates perspectives that span product design, software development, cyber
security, human computer interaction, as well as business and legal
considerations; and leverage team members when necessary;
' Works with team members and Privacy Office management to define and
incorporate technology related privacy controls into the organization's processes,
initiatives, and development of information systems;
' Engages with cross-functional teams to investigate incidents that involved
sensitive or personal information;
' Supports the development of technical privacy training and communication
programs to educate and update employees on privacy requirements, best
practices, and expectations;
' Lends expertise to enhance effectiveness of privacy enhancing technology (PET)
' Assists and provides expertise to the organization's departments to better
identify and classify data and manage information throughout the information
' Serves as a liaison to technical bodies for privacy related matters.
The knowledge and abilities required to perform this function are attained through
training and experience equivalent to possession of a bachelor's degree from an
accredited college in Information Systems, Computer Science, Communications,
Information Privacy, Privacy Law, Data Management, or a related field.
- AND -
Two (2) years of experience in the privacy, legal, technology, compliance or information
security fields, one (1) of which must have been working with medium to large scale
information privacy or security projects.
Relevant experience with a governmental entity and understanding or interpreting
privacy regulations is desirable, but not required.
' May be required to work irregular hours on occasion (e.g., due to a data breach or
' Privacy engineering and design principles, practices, terminology, trends, and usage
utilized by large complex organizations;
' Privacy-by-Design, best practices, terminology, and current trends in privacy;
' Knowledge of two or more of the following privacy laws or standards, such as: Fair
Information Practice Principles (FIPPs), HIPAA/HITECH, PCI, FCRA, GLBA, FACTA, ISO, GAAP, SOC II, FERPA, COPPA, CCPA, NIST privacy and security standards and guidance,
California data breach or other privacy related laws, or other relevant privacy
' Information privacy or security forensic tools or privacy enhancing technologies;
' Technical understanding of information systems development, implementation, and
' Experience with PII inventory, information classification, and privacy threat modelling;
' Experience in conducting privacy impact assessments (PIA);
' Optional: Wireless / mobile communications technologies and privacy issues, and
wireless IT security systems, cloud technology and privacy concerns;
' Preferred, but not required, privacy certifications, such as: CIPP/US, CIPT.
' Support PIA activities and recommend technical solutions that provide the proper level
of privacy protection over personal and sensitive information;
' Troubleshoot basic privacy and security problems and identify and recommend
' Work and communicate effectively, both orally and in writing for technical and non technical audiences;
' Write and produce presentations exceptionally well;
' Establish and maintain effective working relationships within the team and across
' Operationalize and proactively assist in the implementation of privacy solutions;
' Collaborate with other technical professionals;
' Prepare detailed technical reports, analyses, and other documentation;
' Maintain a positive attitude and work calmly and effectively in a dynamic environment;
' Synthesize information and communicate privacy concepts to technical and non technical audience;
' Apply information privacy principles to business processes and information systems from
a technical perspective.
On-Site Requirements: On-call help may be required.
Loading some great jobs for you...