$80K — $100K *
In order to enable the ORNL mission while maintaining the integrity of the privacy program, the PO closely collaborates with key stakeholders (both business/mission support and R&D) to identify and mitigate risk
from relative to new research initiatives, evolving business needs, and evolution of available technology, as well as to identify and suggest prioritization of privacy risk treatment for the organization.
Major Duties and Responsibilities include:
Maintain, develop and implement ORNL's privacy program and the resulting privacy policies, procedures and documentation for the processing of personal data, including but not limited to, Personally Identifiable Information (PII) and Protected Health Information (PHI), in coordination with appropriate members of the organization (e.g., business process owners, research program managers, legal, information security/technology, records management, classification, HR, compliance and quality).
Develop and update policies and procedures for employees and research sponsors, ensuring alignment with the implementation of personal data activities, both for internal business purposes and related to research projects and programs (e.g., data analytics).
Monitor compliance environment and drive changes to ORNL’s privacy program including ensuring continuous adherence to the privacy program’s requirements.
Chair ORNL’s Privacy Council in order to leverage internal subject matter experts in support of continuous improvement of the program.
Work to ensure the organization maintains the appropriate privacy and confidentiality consent procedures, authorization forms, and information notices.
Establish and work with a multidisciplinary team, including audit and risk, compliance, HR, legal, business process owners, IT, security and other internal stakeholders to ensure enterprise wide coverage of the privacy discipline.
Work with procurement, vendor management and the legal department to ensure that third-party suppliers' contracts and operating-level agreements meet privacy requirements.
Implement and maintain an internal review and reporting mechanism for intended (new or changed) personal data processing activities (including operational activities and R&D).
Lead the Laboratory's response to privacy-related incidents and other potentially damaging events.
Work with support and mission organizations in supporting a data governance capability along with an inventory of all privacy data, where it resides, any compliance gaps/risks, and protections in place to mitigate risk.
Work closely with ORNL Communications team and protocol office in communicating with regulatory authorities and the public concerning privacy.
Working with subject matter experts across the organization, determine the Laboratory's specific privacy-related requirements and potential vulnerabilities.
Receive and manage internal reports from business stakeholders to maintain control over all project and innovative initiatives, including change management.
Develop, improve and manage the Laboratory’s role in the Department of Energy privacy impact assessment process, in close collaboration with stakeholders and subject matter experts.
Coordinate and collaborate with internal Quality organization in support of external and 3rd party audits of ORNL’s privacy program maturity. Manage response, review findings and opportunities, and manage institutional attainment of appropriate improvements.
Collaborate with stakeholders and peers in advancing privacy awareness, driving continuous program improvement, and maturing the capability to better meet and support Laboratory goals and objectives.
Qualifications Required: Bachelor's degree or higher in business administration, law, finance, accounting, computer science or a related discipline is required, along with 5 to 10 years of experience in privacy, data protection, security, risk management, auditing and/or compliance, or: 5 to 10 years of legal experience in government, law firms or large/complex corporations preferred, with at least the past 3 to 5 years focused on privacy.
Must possess excellent academic and employment credentials.
Must possess highly developed writing and communication skills and strong counseling and negotiating skills.
Must possess a desire for and the ability to, operate successfully in, a culture that values teamwork and collaboration, and that celebrates organizational success.
Must possess excellent analytical and problem-solving skills and be committed to providing quality service to clients in a professional services organization.
Experience working in a heavily regulated and/or audited environment.
A deep working knowledge of state, federal and international privacy laws, regulations and industry best practices especially as it relates to scientific and research applications as well as more traditional implementations.
Valid through: 3/12/2021