State Chief Privacy Officer (SCPO)

The SCPO is appointed by, and serves at the pleasure of, the Governor.

The position of State Chief Privacy Officer was created through Executive Order 01.01.2021.10, signed on July 29, 2021. The successful candidate will possess the core competencies, skills, and passion to effectively advise the Governor and executive branch agencies on how best to collect and protect the state’s and citizens’ data.

To apply, please submit your resume to Allisa Mason at allisa.mason@maryland.gov by the deadline, April 6th, 2023 at 11:59PM.

26

Annapolis, MD 21401

General Purpose: The SPCO is responsible for developing and leading the State’s privacy program and initiatives that enable the Governor and executive branch of Maryland state government to effectively comply with legal, regulatory, and ethical obligations with respect to privacy and associated data protection matters. The position is responsible for monitoring program compliance, investigation and tracking of incidents and breaches, and ensuring citizens’ rights. In all cases the candidate will follow federal and state laws and will work closely and collaboratively with leaders and stakeholders throughout the executive branch.

Responsibilities:

● Provide the Governor and his staff with advice, recommendations, and consultation about data privacy;

● Supervise and direct efforts of State units to protect and secure personally identifiable information and other types of confidential or sensitive information;

●  Develop and manage the implementation of State information privacy policies that are:

○ Comprehensive, coordinated, and continuous; and

○ Balance the State’s need for information collection and:

■ risks to the public; and

■ the costs of collection;

● Establish privacy requirements to be incorporated into agreements to share data;

● Create and maintain inventories of sources of and systems containing personally identifiable information held by the State;

● Oversee the conduct of privacy impact assessments; and

● Assist State units with:

○ Identifying, matching, and merging corresponding personally identifiable information;

○ Drafting agreements and contracts for sharing, processing, storing, accessing, transmitting, or disposing of personally identifiable information;

○ Responding to audits of privacy and security of personally identifiable information;

○ Reducing:

■ duplicative requests for personally identifiable information; and

■ the amount of personally identifiable information collected and retained to only that necessary for the proper performance of the State unit’s authorized functions;

○ Properly accounting for and budgeting the costs and resources needed to protect and securely dispose of personally identifiable information; and

○ Providing training to State unit employees about State information privacy policies;

● Direct units in the construction of privacy programs consistent with standards

● Participate in the development process of major IT development projects that will contemplate either personally identifiable information and/or personal health information

● Build a strategic and comprehensive privacy program that defines, develops, maintains, and implements policies and processes that enable consistent, effective privacy practices that minimize risk and ensure the confidentiality of protected information, paper and/or electronic, across all media types. Ensures privacy forms, policies, standards, and procedures are up-to-date;

● Work with each State unit and the State Chief Information Security Officer (SCISO) to establish governance for the privacy program;

● Collaborate with the SCISO to ensure alignment between security and privacy compliance programs, including policies, practices, investigations, and acts as a liaison to the information systems department;

● Establish, with the SCISO, an ongoing process to track, investigate, and report inappropriate access and disclosure of protected information. Monitor patterns of improper access and/or disclosure of protected information;

● Perform or oversee initial and periodic information privacy risk assessment/analysis, mitigation, and remediation;

● Develop, deliver, and oversee initial and ongoing privacy training to the workforce;

● Work cooperatively with applicable State units in overseeing customer rights to inspect, amend, and restrict access to protected information when appropriate;

● Assist with breach determination and advise agency Chief Privacy Officers on notification processes under applicable State breach rules and requirements;

● Establish and administer a process for investigating and acting on privacy and security complaints;

● Maintain current knowledge of applicable federal and state privacy laws and accreditation standards;

● Work with organization administration, legal counsel, and other relevant parties to represent the organization’s information and interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standards;

● Serve as an information privacy resource to the executive branch regarding the release of information and all departments for all privacy-related issues.

● Provide overall vision for and collaborative leadership of the executive branch’s privacy and associated data protection governance and compliance initiatives.

● Represent the Privacy function on appropriate cross-executive branch management committees and initiatives.

● Responsible for reviews, updates, and development as necessary of the executive branch’s privacy and data protection policies and procedures, working closely with the Offices of the Governor’s Legal Counsel, Chief Information Officer, Chief Information Security Officer, Chief Data Officer and all other appropriate stakeholders.

● Advise the executive branch’s Information Technology, Data Management, and Human Resources functions on the privacy risks and considerations implicated by the executive branch’s adoption of new initiatives, processes or technologies, including the preparation, or overseeing the preparation, of privacy impact assessments where appropriate.

● In cooperation with Information Security, Data Management and other stakeholders, develop and implement an executive branch-wide privacy and associated data protection training and awareness program that fits the executive branch’s unique structure and culture and that coordinates closely with the executive branch-wide Information Security and Data Management training and awareness program.

● Provide support for incidents with potential data privacy implications, working closely with the Chief Data Officer, Chief Information Officer, HR (where appropriate), Public Relations, Office of Governor’s Legal Counsel, and other relevant stakeholders.

● Develop and implement directly a program to monitor privacy and data protection regulatory developments of significance to the executive branch, and to highlight key such developments to the Governor along with recommendations for needed actions in response.

● Prepare and present reports on the operation and progress of privacy and associated data protection compliance and risk management efforts on a regular basis as requested for the Governor and his cabinet.

The successful candidate will have many or preferably all of the following qualifications and experience:

● Comprehensive knowledge and understanding of data privacy and data protection laws and concepts.

● Experience in drafting and deployment of policies and procedures, as well as workforce awareness and training.

● Experience designing and advising data incident investigations.

● An advanced degree (e.g. Master’s, JD, or PhD) in a relevant field, with at least 5 years of experience in relevant areas.

● Experience or skills in related areas such as information technology, information security, legal ethics, negotiations.

● A Certified Information Privacy Professional (CIPP) or Certified Information Privacy Manager (CIPM) certification from the International Association of Privacy Professionals (IAPP)

In addition to the years of experience, a successful candidate will also have demonstrated:

● A collaborative leadership style that engages others, earns trust, and influences the entire organization. The successful candidate will feel comfortable with, and energized by, the prospect of communicating and gaining acceptance for their ideas and programs across a complex and diverse governance organization.

● A track record of demonstrating and successfully applying the following characteristics:

● Excellent ability to simplify information and concepts, to formulate options and recommendations, and to communicate with all levels of management and workforce to achieve objectives.

● Steady and resolute manner that inspires confidence and trust.

● States and maintains position backed by facts, while working through differences and alternative views in a respectful and commercial-minded manner.

● Effective listener - probes, surfaces, and shares new ideas and ways of doing things.

● High energy, highly resilient, and resourceful.

● A “self-starter” motivated by the achievement of the firm, the team, and themselves – in that order.

● Organized, with the ability to manage and prioritize multiple priorities and work projects.

● A team player, with the ability to organize, assign, and track completion of work by direct and indirect team members.

● Flexible and adaptable, even while maintaining a keen focus on objectives.

● Leads by example – hands on role model.

● Highest personal standards of integrity.

STATE OF MARYLAND BENEFITS

To apply, please submit your resume to Allisa Mason at allisa.mason@maryland.gov by the deadline, April 6th, 2023 at 11:59PM.

For questions regarding this recruitment, please contact the DBM Recruitment and Examination Division at Application.Help@maryland.gov or 410-767-4850, MD TTY Relay Service 1-800-735-2258.

We thank our Veterans for their service to our country.

People with disabilities and bilingual candidates are encouraged to apply.

The State of Maryland is committed to diversity among its staff, and recognizes that its continued success requires the highest commitment to obtaining and retaining a diverse staff that provides the best quality services to supporters and constituents. The State of Maryland is an equal opportunity employer and it is our policy to recruit, hire, train, promote and administer any and all personnel actions without regard to sex, race, age, color, creed, national origin, religion, economic status, sexual orientation, veteran status, gender identity or expression, ethnic identity or disability, or any other legally protected basis. The State of Maryland is committed to providing reasonable accommodations to individuals with disabilities in the hiring process and on the job, as required by applicable law. The State of Maryland will not tolerate any unlawful discrimination and any such conduct is strictly prohibited.