LCG, Inc. · 1 week ago
Compliance and Privacy Specialist
Rockville, MD
Full-time
Hybrid
Mid Level
$60K/yr - $120K/yr
3+ years expLCG, Inc. is seeking multiple Compliance and Privacy Specialists to support the Client’s Information Security and Privacy Program by performing hands-on privacy compliance activities that align with federal mandates. The role involves maintaining accurate PII system inventory, supporting Privacy Impact Assessments (PIAs), and ensuring privacy requirements are integrated into operational workflows.
Health CareInformation Technology
No H1B
Security Clearance Required
Responsibilities
Support Client privacy program operations (SAOP support)
Provide privacy subject matter support to Client’s Senior Agency Official for Privacy (SAOP) to help implement organization-wide approaches for privacy risk management
Maintain a privacy program posture that protects sensitive information and aligns with federal privacy compliance requirements and Client operational needs
Maintain and update the agency PII system inventory (system-of-records visibility)
Identify and maintain an accurate inventory of Client systems that contain Personally Identifiable Information (PII), including which systems require PIAs under the E-Government Act and which systems require SORNs under the Privacy Act
Coordinate with System Owners/ISSO stakeholders to validate inventory accuracy when applications are onboarded, modified, migrated, or decommissioned (including third-party hosted systems)
Record inventory updates within tracking systems and governance repositories (e.g., RSA Archer or agency-defined tools), ensuring traceability for audit readiness
Support PTA/PIA development, review, publication tracking, and lifecycle compliance
Develop Privacy Threshold Analyses (PTAs) and/or PIAs within required timelines for new IT projects, major changes, or system modernization activities
Ensure PIAs are reviewed and updated on a defined cadence (e.g., reviewed/updated every 3 years), coordinating with system stakeholders to refresh system descriptions, data flows, and privacy risks
Ensure PIAs required for public posting are available via Client public sites in accordance with OMB policy requirements
Track PIA/PTA status, approvals, and dependencies using privacy tracking logs/compliance trackers and generate status summaries for leadership or privacy governance reviews
Support SORN creation, modification, and decommission process
Establish and execute documented processes supporting creation and decommissioning of Systems of Records Notices (SORNs), including tracking when systems move into/out of 'system of records' applicability
Support review/development of SORNs as directed by the CIO/SAOP, ensuring accuracy of record categories, routine uses, and data handling practices
Track status of SORNs requiring publication and confirm alignment to Federal Register publication requirements when applicable
Align privacy compliance to FISMA system compliance + SA&A artifacts (cross-functional ISSO support)
Provide cross-functional ISSO-style support by ensuring privacy requirements are reflected in security documentation and governance artifacts (e.g., security categorization impacts, boundary considerations, and required privacy controls)
Support the overall Client Cybersecurity and Privacy program compliance posture that responds to federal statutory and departmental mandates (FISMA/HHS policies)
Coordinate vulnerability management inputs that impact privacy risk and compliance tracking
Support coordination of vulnerability management activities by consuming scanning tool outputs (e.g., vulnerability scan reports, compliance scan results, change reports) to identify risks that could elevate privacy exposure
Track privacy-relevant weaknesses and remediation actions as part of enterprise POA&M management and continuous monitoring practices
Align privacy requirements to FedRAMP cloud systems and third-party hosted services
Validate privacy compliance requirements for systems operating in FedRAMP-approved cloud environments by ensuring privacy documentation reflects the hosting model (shared responsibility), vendor roles, and system data handling flows
Support Client efforts to maintain accurate listings of third-party hosted systems and coordinate privacy evidence collection for those vendors when needed
Support audits and federal data calls by producing privacy evidence packages
Determine, gather, examine, and analyze artifacts and evidence requested by internal/external audits and data calls (e.g., OIG, GAO, HHS OCIO)
Provide privacy evidence support such as: current PIA inventories, SORN status tracking, PII inventory lists, approval records, publication evidence, and compliance tracker extracts
Document responses in sufficient detail to enable independent review and ensure audit defensibility
Ensure privacy requirements are integrated into operational workflows (governance-by-design)
Embed privacy checks into IT governance workflows such as change management, IT clearance packages, and system lifecycle activities—ensuring privacy is addressed early (requirements) and continuously (monitoring)
Support enterprise change management by analyzing proposed system changes for privacy/security impact prior to implementation, providing actionable recommendations to stakeholders
Qualification
Required
Bachelor's degree in one of the following (or related discipline): Cybersecurity / Information Assurance / Information Systems / Information Technology / Computer Science / Computer Engineering / Public Policy / Public Administration (helpful for privacy governance + federal compliance roles)
CompTIA Security+ is helpful/preferred
Minimum - 3+ years supporting federal compliance/security environments with demonstrated exposure to FISMA and federal privacy requirements (Privacy Act)
Experience drafting and maintaining PTAs/PIAs, including system descriptions, data elements, data sharing, access controls, retention/disposal, and privacy risk analysis
Experience supporting SORN workflows (creation, updates, decommissioning) and tracking publication requirements
Experience supporting privacy evidence collection for audits/data calls and producing defensible response packages
Familiarity supporting privacy compliance in FedRAMP cloud environments and vendor-hosted systems
Strong working knowledge of: Privacy Act of 1974 requirements and federal privacy compliance expectations, HIPAA familiarity (especially where systems may support health-related data or protected information), FISMA compliance concepts and system governance support
Ability to operate as a cross-functional compliance resource, partnering with ISSOs, system owners, engineers, and program leadership
Strong documentation discipline: able to produce defensible, audit-ready evidence and maintain clean trackers/logs
RSA Archer (GRC tracking, inventory, and compliance evidence management)
Privacy tracking logs / compliance trackers (PIA/SORN lifecycle and privacy evidence)
Security scanning tool outputs (e.g., vulnerability/compliance scan reports used for remediation coordination and risk tracking)
Preferred
CompTIA Security+ is helpful/preferred
Benefits
Medical, dental, and vision insurance
Life and disability insurance
Retirement plan contributions
Paid leave
Federal holidays
Professional development opportunities
Lifestyle benefits
Company
LCG, Inc.
LCG is an information technology company specializing in scientific research support, grants management, and health IT services.
201-500 employees
Funding
Current Stage
Growth StageLeadership Team
Melissa McCullough
Executive Vice President and CFO
Carey Parrett, MBA
Vice President and Chief Delivery Officer
Company data provided by crunchbase