| Job Description: |
Under the direction of the Director, support programmatic activities of the UF Privacy Program, including:
- Provide guidance and assist in the development, implementation, and maintenance of data privacy policies and procedures for UF-designated operations on all University of Florida campuses
- Assist the Director with special privacy-related projects;
- Research emerging privacy regulations;
- Conduct benchmarking for use in the development of privacy policies;
- Participate in the implementation and monitoring of new privacy policies;
- Collaborate and cooperate with all members of the UF Privacy Office team to enhance the group’s effectiveness;
- Collaborate with UF Health and other UF stakeholders, including Integrated Risk Management, Information Security, and Internal Audit to mitigate risks identified during investigations and audits.
- Collect and manage metrics required to support UF’s compliance objectives.
Conduct timely investigations and breach analyses of privacy incidents, including the following tasks:
- Follow protocols to gather facts by conducting thorough audits and interviews and document investigation reviews;
- Analyze facts against the applicable privacy laws and policies;
- Assist UF Information Security and Cyber Detection Response with privacy issues;
- Coordinate with relevant department leaders and human resource liaisons to appropriately and consistently apply corrective measures for similar privacy violations;
- Consult with Director, Chief Compliance Officer, Chief Information Security Officer and Office of General Counsel, as needed;
- Complete breach notification activities in a timely manner; and
- Maintain accurate records by thoroughly documenting investigations and outcomes in a timely manner and within the designated incident management system.
Responsible for providing ongoing education and training on Privacy policies and procedures and state, federal and international privacy laws to employees, faculty, contracted personnel, students and volunteers. This includes, but is not limited to, the following:
- In collaboration with colleagues, work to develop effective training materials that comply with HIPAA, FERPA, Florida state laws, FTC regulations, Youth Privacy laws, AI Governance regulations and other applicable privacy law requirements;
- Provide ongoing privacy compliance education and training to UF workforce members, contracted personnel, students and volunteers;
- Provide accurate privacy compliance advice and guidance;
- Interact with physicians, faculty, staff, administration, and other UF personnel on a routine basis to keep them apprised of privacy requirements, policy updates and other privacy-related guidance.
Conduct ongoing compliance monitoring and auditing activities in accordance with the UF Privacy Office’s compliance plan, including:
- Plan, conduct, and manage privacy audits in accordance with generally accepted auditing standards;
- Draft formal reports and submit to the Director for review and approval;
- Develop audit tools and programs to evaluate and analyze UF privacy activities;
- In conjunction with the Director and other members of the Privacy Office, develop and implement an Audit and Monitoring Plan to identify, monitor, and assess privacy compliance risks.
Continually improve knowledge of data privacy and regulatory changes/requirements. Attend conferences and educational events on privacy and security to improve expertise in current and evolving privacy and security matters and maintain required certifications.
Perform other duties in support of the Privacy Program, as assigned.
|
| Preferred: |
- Relevant professional certification(s), including CIPP, CHPC, CCEP, CHPS, CCEP, etc.;
- Excellent interpersonal skills with demonstrated ability to function in a team setting;
- Ability to successfully interact with persons in a variety of professional levels;
- Strong verbal and written communication skills;
- Demonstrated ability to work in a high-volume, fast-paced environment;
- Knowledge of and experience working with relevant privacy laws, including HIPAA, FERPA, FTC regulations, and various state and international data privacy laws;
- Ability to research and understand complex regulations;
- Prior experience producing and delivering adult educational/training presentations;
- Moderate knowledge and skill with MS Office tools (including Excel, Word, and PowerPoint).
|