VariQ has an exciting opportunity for a highly qualified Sr. Privacy Control Tester/Assessor to support our Federal Program (Arlington, VA). 

Additional Information:

• Work Location: FDIC Arlington (Between Ballston and Clarendon)
• Salary: Dependent upon experience
• Security Clearance: Must pass background investigation and credit check
• Availability: ASAP

Performs privacy controls assessments to ensure compliance with the NIST SP 800-53, OMB guidance, and agency specific requirements. Interfaces with federal employees and contractors in order to perform privacy assessment activities as well as the presentation of weaknesses to the client.

Applies knowledge of the Privacy Act of 1974, the E-Government Act of 2002, FISMA, OMB guidance, NIST guidance, and related laws and regulations to support the FDIC’s Privacy Continuous Monitoring Program.  Performs assessments of system privacy controls in accordance with FDIC policies and procedures, as well as government regulations and industry best practices. Has knowledge of the various aspects of information technology as demonstrated by experience in the application of computer technology, requirements definition, systems analysis, computer programming, testing and quality assurance activities. Has general knowledge of computer software and hardware support requirements such as access control, encryption software, and anti-virus protection software. Has an understanding of internal controls, risk assessments, business processes, IT control testing and audit fieldwork. Has the ability to analyze, conceptualize and organize in order to identify privacy requirements, and present potential solutions. Additionally, has the ability to communicate both orally and in writing with a wide audience, including senior FDIC staff and other federal agency management, the GAO, and the OIG.

Qualifications (minimum requirements, per the contract): 

• General Experience: Includes eight (8) years of experience in the review, audit, and/or risk-based assessment of systems and business processes for privacy and/or information security related issues at progressively increasing levels of responsibility.
• Specialized Privacy Experience: six (6) years of experience in Privacy directly related to the interpretation and application of the requirements/mandates stipulated in the Privacy Act of 1974 the E-Govt Act of 2002, and pertinent OMB guidance, including the development and conduct of Privacy Impact Assessments, the development and publication of System of Records notices and Privacy Act Statements, responding to incidents related to the breach of PII, and user awareness activities focusing on Privacy.
• Information Technology Experience: Two (2) years of experience in the application of computer technology, requirements definition, systems analysis, computer programming, testing, or quality assurance activities.
• Education Substitution: An advanced degree in Information Systems, Business, Computer Science, or other related scientific or technical discipline may be considered equivalent to two (2) years generalized and two (2) years information security specialized experience. Certificates such as the IAPP CIPP or CIPP/G may be considered equivalent to two (2) years of general experience and two (2) years of privacy experience.

Desired Requirements (nice to have but not required):

• Experience with assessing NIST SP 800-53 Rev.4 Appendix J Privacy Controls.
• CIPP, CIPT or CIPM Certifications
• Working knowledge of MS Office suite (Word, Excel, PowerPoint), MS Visio, and MS Project;
• Working knowledge of the Privacy Act of 1974, E-Government Act of 2002 privacy provisions, OMB Circular A-130, and other privacy-related OMB memoranda and NIST publications;
• Experience in data privacy issues in the federal government environment;

VariQ is an equal opportunity employer.