HHS - Privacy SME/Privacy Analyst

cFocus Software seeks a Privacy SME/Privacy Analyst to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance. Qualifications: • Bachelor’s degree in Privacy, Law, Cybersecurity, Information Systems, Public Policy, or related field. • Minimum 5–8 years of experience supporting federal privacy programs. • Demonstrated experience with Privacy Act of 1974, E-Government Act, and OMB Circular A-130. • Hands-on experience developing and reviewing PTAs, PIAs, and privacy governance documentation. • Knowledge of NIST SP 800-53 privacy controls and integration with RMF processes. • Experience supporting privacy incident response and breach risk assessments. • Strong written and verbal communication skills with ability to translate complex requirements. • CIPP/US, CIPM, CISSP, or CISM certification (preferred) Duties: • Advise and provide privacy policy guidance to the COR, HRSA leadership, system owners, ISSOs, and program staff. • Review and analyze new and existing HHS, OMB, and federal privacy policies and assess impacts to HRSA systems and programs. • Support development, review, and maintenance of Privacy Impact Assessments (PIAs) and Privacy Threshold Analyses (PTAs). • Coordinate with ISSOs and system owners to identify privacy risks and ensure appropriate mitigation strategies. • Support the HRSA Privacy Act Officer in ensuring compliance with Privacy Act requirements and regulations. • Develop, update, and maintain HRSA privacy policies, procedures, plans, and governance documentation. • Plan, develop, and conduct privacy awareness and role-based training; develop templates and guidance materials. • Educate HRSA Offices and Bureaus on proper handling, safeguarding, and dissemination of Personally Identifiable Information (PII). • Respond to privacy incidents and conduct risk-of-harm assessments in coordination with SOC, legal, and leadership. • Assess privacy controls as part of the Security Control Assessment (SCA) and RMF processes. • Maintain awareness of emerging privacy risks, technologies, and regulatory changes. • Prepare privacy-related briefings, reports, and documentation for leadership, auditors, and oversight bodies. • Participate in meetings, working groups, and data calls related to privacy management activities. 9f5zt7FwQQ Apply tot his job