Sr Privacy Analyst resume example with 16+ years of experience
JessicaClaire
Montgomery Street, San Francisco, CA94105(555) 432-1000, resumesample@example.com
Executive Profile
 A forward thinking, global compliance and risk management professional experienced in interfacing with Executive-Level operational and information technology (IT) stakeholders. My Multifaceted public and private sector experiences and growing legal training allows me to work with global organizations to establish comprehensive global privacy and security programs allowing for increasing enterprise value and mitigating risks. I possess an extensive knowledge of Federal & State privacy and breach notification laws. Special emphasis on Legislative and Regulatory Compliance (e.g., FISMA, HIPAA, EU/US Privacy Shield,), Cyber Polices, & Data Governance Standards (e.g., Risk Management, Data Security, Policy & Procedures).
Skill Highlights
Guest services
Inventory control procedures
Merchandising expertise
Loss prevention
Cash register operations
Product promotions
Core Accomplishments
CERTIFICATIONS:.
Professional Experience
09/2016 to PresentSr. Privacy AnalystSvb Financial Group | , CA,
Working knowledge of International privacy & data protection regime laws and regulations to include GDPR/Privacy Shield and EU privacy regulations.
Extensive knowledge of, and demonstrated experience with independently applying Privacy Act, FISMA, NIST privacy-related requirements and controls, OMB privacy-related requirements and guidance, e-Government Act, and other privacy-related requirements to solve complex problems.
Understanding of common privacy industry standards/ regulations (e.g.
11/2014 to 09/2016Information System Security Officer (ISSO) & Privacy OfficerDeloitte | , WV,
Served as the Departments Information System Security Officer (ISSO) & Privacy Officer in where I provided analysis, advice, and technical expertise on issues related to implementation of applicable laws, regulations, policies, guidance, and best practices relating to privacy, including but not limited to the Privacy Act of 1974, the E-Government Act of 2002 (Section 208), Section 522 of the 2005 Consolidated Appropriations Act, Federal Information Security Management Act, the Computer Matching and Privacy Protection Act of 1988, the Information Sharing Environment, and Office of Management and Budget (OMB) A-130 Managing Information as a Strategic Resource.
Built and improved the Bureau of Human Resources Privacy Operations by undertaking a comprehensive review of the agency's data and privacy practices to ensure consistency with applicable Federal privacy laws and regulations.
Managed a staff of five federal employees.
Provided management and oversight of the privacy compliance related program activities, which include review and approval.
Guide staff through transition of a realignment of duties.
Guide staff on drafting of a new Privacy Impact Assessment template and guidance to comply with applicable Federal privacy laws, OMB Guidance, and the Plain Language Act.
Conduct reviews for subject matter and for quality control for all Privacy related documentation for the Department prior to publication, including PIAs and other privacy compliance documentation.
Developer and lead implementer of Privacy based Data at Rest and in transit Encryption project for all moderate based Personally Identifiable Information (PII) as part of enabling privacy by design concepts.
Leading Security Assessment & Authorization efforts for 69 investments in accordance with Federal Information Security Management Act (FISMA) guidelines and OMB reporting.
Led internal assessment effort for Inventorying all identifiable PII related table information across 69 applications.
Conducted security & Privacy risk assessment (per NIST 800 53 Rev 4), identifying significant gaps in both business processes and compliance documentation.
Developed job- and role-specific privacy and security compliance training materials in accordance with OMB, OPM, and Department of State polices and Industry best practices.
01/2014 to 11/2014Specialist MasterHyatt Hotels Corp. | West Palm Beach, FL,
As a Privacy and data protection specialist with Deloitte & Touche's Technology Risk Services, my primary focus was on public and private sectors assisting client organizations within Government, Biopharmaceuticals, Healthcare Provider, Technology, Retail, Education, Consumer and Financial Services by identifying and managing privacy risks and opportunities associated with information management and data protection.
Improved state based Health Information Exchange (HIE's) clients on regulatory and privacy compliance requirements for the Patient Protection and Affordable Care Act (PPACA).
Improved operational performance of organization privacy posture post data breech for major Consumer Retailer (MN).
Developed European Privacy and UK Data Protection policies, incident response, and governance frameworks for Global Consumer Retailer (e.g., Walmart).
Part of team tasked to Identify and remediates critical gaps around the privacy of Global Consumer Retailer (e.g., Target) guest data information and developed a strategic operational model to sustain compliance and mitigate operational risk.
Part of independent audit team tasked to conduct annual SOC 2 compliance in accordance with Security Trust Principle set forth in Trust Services Principles ("TSP") section 100, Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy and the National Institute of Standards and Technology Special Publication 800-53 rev 4 for a large Financial institution.
Led three week engagement for Archer Daniel Midlands (ADM) Tactical Data privacy and Protection assessment of Office 365 to be used in 76 countries and Jurisdictions that ADM operated in.
Performed research, identified, and recommended, and implemented privacy measures to ensure compliance with all relevant privacy laws, policies and best practices.
Established operational process towards identifying and mitigating privacy and data protection issues and risks.
Monitored and analyzed privacy laws and requirements, including the US Constitution, Privacy Act of 1974, E-Government Act, FTC, CAN-SPAM, TCPA, Computer Fraud and Abuse Act, and other sectoral and industry laws as needed.
04/2013 to 01/2014ManagerHyatt Hotels Corp. | Burlingame, CA,
Developed and implemented health related security and privacy policies pertaining to Accenture's integrated eligibility solution adhering to Center for Medicare and Medicaid (CMS), Internal Revenue Service (IRS and Federal regulations.
Produced standard set of NIST related special publications security documents for Center for Medicare and Medicaid (CMS), Internal Revenue Service for achieving ATO status for Accenture Integrated Eligibility project teams.
Assisted clients with identifying & developing guiding principles & privacy best practices (e.g., OECD/FTC/EU) and FIPP'S.
Provided IDAM risk management advisory guidance to Accenture H&PS project teams.
Collaborated with HIE's and HIX's Chief Privacy Officer and regional Information Security, Legal, Compliance and other stakeholders in the prevention, identification, response and remediation of privacy related incidents and data breaches.
Assisted Accenture Health & Public Sector Senior leadership in providing guidance on regulatory, privacy and security requirements in healthcare for data usage, Health Insurance Portability Accountability Act (HIPAA and privacy compliance for the Affordable Care Act (ACA).
Introduced first informal partnership model with regional law firms dealing with Privacy and Information Management legal issues in the US and around the globe.
Developed, updated and implemented privacy related policies, procedures, and guidance, including but not limited to: guidance on safeguarding personally identifiable information (PII); minimizing PII; retention and disposal of PII.
Conducted privacy risk assessment for self-monitoring devices collecting health data.
Identified and resolved HIPAA compliance issues.
Clients included:.
Kansas Department of Public Health Services (KEES), Iowa Department of Public Health Services, State of Ohio Department of Public Health Services and State of California.
04/2012 to 04/2013ManagerGeneral Dynamics | , MD,
Managed day-to-day implementation and execution of ICAM strategies for internal DHS and external partners.
This included the principles, practices, policies and procedures that are used to establish corporate trusted identity services, and provisioning services for identities and roles, which are essential for an enterprise-level Federated IDAM strategy.
Developed DHS Departmental goals in response to OMB and FICAM establishment of identity and federation solutions.
Developed Federated Relying Party (RP) Guidance Documents in support of Federation Identity Working Group.
Led Data Protection and Privacy Assessment project which was part of a larger privacy initiative to address compliance with Domestic state breach notification laws and international privacy regimes.
Provided strategic advice on development of a Federated IDAM Architecture towards providing trusted identity access for all Federal, State, Local, Tribal and private Sector law enforcement community.
Effort leads to an increase in integrity and protection of national security and privacy.
Recognized and awarded for leading the formulation of an operational and information sharing strategy for the Program Manager of the Information Sharing Environment (PM-ISE) Enterprise Architecture Framework (EAF) through the development of the Assured Sensitive-but- Unclassified (SBU) - Controlled-Unclassified Information (CUI) Interoperability Identity Access Management (IDAM) Architecture that provided strategic identity information policy for all federal, state, local and tribal law enforcement and related communities of interests (COI).
07/2011 to 04/2012Information System Security Manager | , ,
Coordinated and led efforts for ensuring security and privacy compliance for 23 DOT/NHTSA investments that included all agency Federal Information Security Management Act (FISMA) reporting, cloud security initiatives, and all ICAM solutions.
Collaborated closely with Associate CIO for Cybersecurity and Information Assurance to monitor the privacy environment to assure privacy data are secure and protected.
Managed and supervised the coordination and implementation of IT security for all operations and service delivery programs for the NHTSA CIO and also served as Department's Privacy Officer in support of writing Privacy Impact Assessments (PIA) and advising on all legal, statutory, and policy requirements for NHTSA information systems.
Led NHTSA's efforts in developing a cloud-based IDAM strategic roadmap with emphasis on authentication, Authorization, compliance and audit and integration of mobility and support for use of external credentials (OMB-04-04).
Developed and ensure implementation of privacy controls (including privacy continuous monitoring strategies and controls stated in NIST Spec.
Pub.
800-53 Rev.
4, App.
J "Privacy Controls") in the design of new or materially modified technologies or business processes; documented such controls in privacy plans for specific systems and assess the effectiveness of such controls for the system review and approval process and regularly afterward;.
Coordinated with Office of CIO, review each proposed "authority to operate," make recommendations to SAOP concerning privacy risks and approval, and documented plans for strengthening privacy controls as appropriate.
Served as the Alternate Privacy Officer in support of the Department of Transportation's Office of privacy requirements.
Oversaw and led development of breach notification policies and privacy training for NHTSA employees and developed PIA's as part of conducting privacy threat assessments for NHTSA.
Managed the development of a federated cloud identity solution in support of accepting external credentials (PIV/PIV-I X.509 Smart cards) for various NHTSA external partners.
Developed a Federated service-level policy agreement for all NHTSA IT system investments for procuring of identity services.
Provided privacy expertise to the Department.
Provided subject matter guidance for Privacy to staff and outside Federal agencies requesting assistance.
Represent the Privacy Division at interagency meetings with senior executives.
Conduct trainings on privacy at numerous Department events.
Ensure Departmental compliance with various privacy laws including the Privacy Act of 1974, the E-Government Act of 2002, and Office of Management Budget (OMB) Memorandum.
03/2010 to 07/2011Branch ChiefDepartment Of The Interior | , PA,
As Branch Chief for Policy & Planning & Information Assurance (IA), I was principal assistant and technical advisor providing leadership and Strategic direction for all software project and enterprise IT applications for the Bureau of Human Resources Executive office Systems Development Division.
Developed Privacy by design and breach notification policies for the Department of State's Bureau of Human Resources.
Led the effort to establish a Department-wide unique person identifier, otherwise known as the State Global Identification (SGID) number towards aligning the Department to comply with Identity and Credentials Access Management (ICAM) and Homeland Security Presidential Directive 12 (HSPD12) requirements.
Provided analysis, advice, and technical expertise on issues related to implementation of applicable laws, regulations, policies, guidance, and best practices relating to privacy, including but not limited to the Privacy Act of 1974, the E-Government Act of 2002 (Section 208), Section 522 of the 2005 Consolidated Appropriations Act, Federal Information Security Management Act, the Computer Matching and Privacy Protection Act of 1988, the Information Sharing Environment, and Office of Management and Budget (OMB).
Maintained a repository of Plan of Action and Milestones (i.e., POAM, audit findings) and tracked till successful resolution.
Developed Security Privacy Impact Assessments (PIA) in support of annual FISMA report.
Provided privacy subject matter expertise to the Department of State and outside Federal agencies requesting assistance, including providing privacy expertise for interagency collaborations with the Executive Office of the White House.
Create briefing materials for executive members of the Department regarding Federal laws, active Department projects, and current privacy issues.
10/2006 to 03/2010Sr. ConsultantFingerpaint | , MN,
Served as Dept.
of State's IRM senior Cyber Policy & Privacy expert (i.e., Privacy Act of 1974, the E- Government Act of 2002 (Section 208).
Employed a Compliance-centric perspective, review at least annually the data security strategies and policies to assure compliance with statutory requirements.
Upon amendment(s) to statutes, developed response strategies and implementations at various levels to leadership within IRM.
Consultant to top agency management officials to advice on integrating Cyber Security, Privacy and Information Assurance in the Department's Information Assurance programs.
Developed and implemented the State Department's classified and unclassified Certification and Accreditation program based on NIST and Committee on National Security Systems (CNSS 4009).
The initiative successfully reduced programmatic privacy and security inefficiencies and overall cost by $20k per information system for a total savings to the agency of $950,000.
Developed a Cyber Security Mapping Analysis spread sheet against 10 common Cyber Security categories for the purpose of conducting a gap analysis against all Applicable Laws, OMB Memorandums, OMB Circulars (A- 130, A-11 for eCPIC and capital planning), Governance, NIST and applicable Department of State polices to determine cyber security posture.
Delivered several high level executive documents including an "As-Is Segment Architecture, service component model, target architecture, and transition cyber security roadmap.
12/2005 to 10/2006Computer ScientistDepartment Of The Treasury | Amherst, MA,
Served as senior expert and consultant to top agency management officials to advise on integrating Cyber Security and Information Assurance in the Department's Information Assurance programs of equivalent scope and complexity.
Developed Security Privacy Impact Assessments (PIA) in support of annual FISMA report.
Conducted risk assessments; produced security assessment reports (SAR's); researched and determined Cyber based security policy or procedural gaps at either system or organizational level.
Maintained current knowledge of applicable federal and state privacy laws and accreditation standards, and monitor advancements in information privacy technologies, to ensure organizational adaptation and compliance.
Provided privacy subject matter expertise to the Department of State and outside Federal agencies requesting assistance, including providing privacy expertise for interagency collaborations with the Executive Office of the White House.
Create briefing materials for executive members of the Department regarding Federal laws, active Department projects, and current privacy issues.
01/2005 to 12/2005Team LeaderBehavior Health Network | City, STATE,
Served as senior expert and consultant to top agency management officials and advising on all DOD and Chairman of the Joint Chief Information Assurance Policy and privacy Guidelines.
Managed all aspects of the data lifecycle needs to ensure security of data, Implemented breach notification policies and lead instructor based privacy training to all personnel resulting in a 40% increase of operational privacy and reduction of threats by 30%.
Education
Expected in 1994Bachelor of Science (BS) | Indiana University of Pennsylvania, , GPA:
Expected in 2013 | Masters Information Assurance (MISA) Capitol College, , GPA: 4.0
Certifications
(ISC2) Certified Authorization Professional (CAP)
*Identity Management Institute's (IMI) Certified Identity Access Manager (CIAM),
*Certified in Data Protection (CDP)
*Certified Identity Management Professional (CIMP)
Professional Affiliations
Federal Privacy Council & Digital Privacy Work Force Committee's
*The International Association of Privacy Professionals (IAPP)
Skills
ACA, agency, Budget, business processes, CMS, Consultant, Encryption, client, Clients, data collection, Data Mining, delivery, direction, documentation, drafting, Financial, focus, forth, Government, Human Resources, Information Security, information systems, instructor, Insurance, investments, law enforcement, leadership, law, Legal, Managing, materials, meetings, Access, Exchange, Office, Enterprise, Developer, organizational, personnel, policies, Public Health, publications, Publication, quality control, reporting, research, Retail, risk assessment, risk management, Safety, Smart cards, spread sheet, strategy, Strategic, Systems Development, training materials, Transportation, unique
Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.
Resume Overview
School Attended
Indiana University of Pennsylvania
Masters Information Assurance (MISA) Capitol College
Job Titles Held:
Sr. Privacy Analyst
Information System Security Officer (ISSO) & Privacy Officer