Government Information Specialist SME / Privacy Lead 

Position Summary

Essential Duties and Responsibilities

• Lead enterprise privacy and government information management activities supporting SBA ECS operations.
• Provide subject matter expertise and operational oversight for Task Area 3.5.6 Government Information Specialist / Privacy Support activities.
• Manage and coordinate agency privacy compliance activities involving personally identifiable information (PII), sensitive information, and Controlled Unclassified Information (CUI).
• Support implementation and oversight of federal information governance, records management, and privacy programs in accordance with federal regulations and SBA policies.
• Lead Privacy Impact Assessments (PIAs), privacy compliance reviews, records retention evaluations, and data governance assessments.
• Support compliance with the Privacy Act of 1974, FOIA, Federal Records Act, FISMA, OMB Circular A-130, NIST SP 800-53 Rev 5, NIST SP 800-171 Rev 3, and CUI handling requirements.
• Coordinate information management and privacy risk activities with ISSOs, cybersecurity teams, legal counsel, system owners, and agency stakeholders.
• Develop, maintain, and update policies, procedures, standard operating procedures (SOPs), governance documentation, and implementation guidance.
• Review enterprise systems, applications, cloud environments, and operational processes for privacy, records management, and information handling compliance.
• Support data classification, data retention, information lifecycle management, and secure information destruction initiatives.
• Coordinate FOIA support activities, records searches, document reviews, redactions, and information release coordination activities.
• Provide oversight for CUI identification, marking, handling, safeguarding, dissemination, storage, and destruction procedures.
• Assist with incident response and breach response activities involving PII, sensitive records, or protected government information.
• Support audit readiness and compliance activities involving Inspector General (IG), GAO, FISMA, privacy audits, and internal assessments.
• Develop metrics, dashboards, executive reports, risk registers, and compliance reporting mechanisms related to privacy and information governance.
• Support enterprise risk management (ERM) initiatives involving information governance and data protection risks.
• Provide guidance regarding records retention schedules, data minimization, secure data sharing, and information access control.
• Coordinate privacy awareness, records management, FOIA, and CUI training activities across supported SBA organizations.
• Support continuous monitoring initiatives related to privacy, data governance, and cybersecurity compliance.
• Review contracts, Statements of Work (SOWs), system documentation, and technical artifacts to ensure compliance with federal privacy and information governance requirements.
• Lead cross-functional coordination meetings involving cybersecurity, compliance, legal, operational, and executive stakeholders.
• Provide project management oversight, task coordination, scheduling, quality assurance, and status reporting for assigned privacy and information governance initiatives.

Minimum Qualifications

• Bachelor’s degree in Information Management, Cybersecurity, Information Assurance, Information Systems, Public Administration, Business Administration, Legal Studies, Library Science, or related discipline. Relevant experience may substitute for degree requirements.
• Minimum of 10 years of experience supporting federal information governance, privacy, records management, FOIA, cybersecurity compliance, or information assurance programs.
• Minimum of 5 years of experience leading enterprise privacy, government information management, or compliance initiatives.
• Strong knowledge of federal privacy laws, records management regulations, and cybersecurity governance requirements.
• Experience supporting federal information governance programs, records management activities, and privacy compliance assessments.
• Working knowledge of NIST RMF, NIST SP 800-53 Rev 5, NIST SP 800-171 Rev 3, Privacy Act requirements, FOIA processes, and CUI directives.
• Experience developing policies, SOPs, governance documentation, compliance reports, executive briefings, and risk assessments.
• Experience supporting cloud privacy compliance and information governance in Azure, AWS, Microsoft 365, and hybrid cloud environments.
• Strong analytical, project management, communication, and stakeholder engagement skills.
• Experience coordinating cross-functional teams within complex federal IT and cybersecurity environments.
• Excellent written communication, technical writing, and presentation skills.
• Experience supporting federal agencies or government cybersecurity/privacy environments preferred.

Preferred Certifications

• Certified Information Privacy Professional/Government (CIPP/G)
• Certified Information Privacy Manager (CIPM)
• Certified Information Systems Security Professional (CISSP)
• Certified Records Manager (CRM)
• Project Management Professional (PMP)
• Certified Information Systems Auditor (CISA)
• Certified Authorization Professional (CAP)
• Certified in Risk and Information Systems Control (CRISC)
• ITIL Foundation Certification
• Federal Records Management or FOIA-related certifications preferred