OG-WRL-008
Privacy Compliance  OPM Code: 732

Provides leadership, management, direction, and advocacy so the organization may effectively manage cybersecurity-related risks to the enterprise and conduct cybersecurity work.

Responsible for developing and overseeing an organization's privacy compliance program and staff, including establishing and managing privacy-related governance, policy, and incident response needs.

Code Description Work Roles
T0898 Establish an internal privacy audit program 1
T1014 Determine if security incidents require legal action 1
T1020 Determine the operational and safety impacts of cybersecurity lapses 37
T1054 Scope analysis reports to various audiences that accounts for data sharing classification restrictions 6
T1058 Advise senior management on risk levels and security posture 3
T1059 Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements 5
T1060 Advise senior management on organizational cybersecurity efforts 5
T1084 Identify anomalous network activity 9
T1092 Conduct functional and connectivity testing 2
T1096 Perform privacy impact assessments (PIAs) 4
T1118 Identify vulnerabilities 7
T1119 Recommend vulnerability remediation strategies 8
T1145 Develop strategic plans 3
T1146 Maintain strategic plans 3
T1189 Determine if contracts comply with funding, legal, and program requirements 2
T1224 Determine impact of noncompliance on organizational risk levels 2
T1225 Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program 2
T1279 Prepare audit reports 2
T1334 Produce cybersecurity instructional materials 5
T1335 Promote cybersecurity awareness to management 6
T1336 Verify the inclusion of sound cybersecurity principles in the organization's vision and goals 6
T1476 Promote awareness of cybersecurity policy and strategy among management 6
T1489 Correlate incident data 7
T1492 Integrate laws and regulations into policy 3
T1549 Evaluate the impact of legal, regulatory, policy, standard, or procedural changes 2
T1853 Determine if new and existing services comply with privacy and data security obligations 1
T1854 Develop and maintain privacy and confidentiality consent forms 1
T1855 Develop and maintain privacy and confidentiality authorization forms 1
T1856 Integrate civil rights and civil liberties in organizational programs, policies, and procedures 1
T1857 Integrate privacy considerations in organizational programs, policies, and procedures 1
T1858 Serve as liaison to regulatory and accrediting bodies 1
T1859 Register databases with local privacy and data protection authorities 1
T1860 Promote privacy awareness to management 1
T1861 Establish organizational Privacy Oversight Committee 1
T1862 Establish cybersecurity risk assessment processes 2
T1863 Develop information sharing strategic plans 1
T1864 Develop organizational information infrastructure 1
T1865 Implement organizational information infrastructure 1
T1866 Develop self-disclosure policies and procedures 1
T1867 Oversee consumer information access rights 1
T1868 Serve as information privacy liaison to technology system users 1
T1869 Serve as liaison to information systems department 1
T1870 Create privacy training materials 3
T1871 Prepare privacy awareness communications 3
T1872 Deliver privacy awareness orientations 1
T1873 Deliver privacy awareness trainings 3
T1874 Manage organizational participation in public privacy and cybersecurity events 1
T1875 Prepare privacy program status reports 1
T1876 Respond to press and other public data security inquiries 1
T1877 Develop organizational privacy program 1
T1878 Apply sanctions for failure to comply with privacy policies 1
T1879 Develop sanctions for failure to comply with privacy policies 1
T1880 Resolve allegations of noncompliance with privacy policies and notice of information practices 1
T1881 Develop a risk management and compliance framework for privacy 1
T1882 Determine if projects comply with organizational privacy and data security policies 1
T1883 Develop organizational privacy policies and procedures 1
T1884 Establish complaint processes 1
T1885 Establish mechanisms to track access to protected health information 1
T1886 Maintain the organizational policy program 1
T1887 Conduct privacy impact assessments 1
T1888 Conduct privacy compliance monitoring 1
T1889 Align cybersecurity and privacy practices in system information security plans 1
T1890 Determine if protected information releases comply with organizational policies and procedures 1
T1891 Administer requests for release or disclosure of protected information 1
T1892 Develop vendor review procedures 1
T1893 Develop vendor auditing procedures 1
T1894 Determine if partner and business agreements address privacy requirements and responsibilities 1
T1895 Provide legal advice for business partner contracts 1
T1896 Mitigate Personal Identifiable Information (PII) breaches 1
T1897 Administer action on organizational privacy complaints 1
T1898 Determine if the organization's privacy program complies with federal and state privacy laws and regulations 1
T1899 Identify organizational privacy compliance gaps 1
T1900 Correct organizational privacy compliance gaps 1
T1901 Manage privacy breaches 1
T1902 Implement and maintain organizational privacy policies and procedures 1
T1903 Develop and maintain privacy and confidentiality information notices 1
T1905 Monitor advancements in information privacy technologies 1
T1907 Establish organizational risk management strategies 1
Code Description Work Roles
K0498 Knowledge of operational planning processes 6
K0644 Knowledge of cybersecurity operation policies and procedures 5
K0645 Knowledge of standard operating procedures (SOPs) 3
K0659 Knowledge of information privacy technologies 4
K0674 Knowledge of computer networking protocols 40
K0675 Knowledge of risk management processes 41
K0676 Knowledge of cybersecurity laws and regulations 41
K0677 Knowledge of cybersecurity policies and procedures 41
K0678 Knowledge of privacy laws and regulations 41
K0679 Knowledge of privacy policies and procedures 41
K0680 Knowledge of cybersecurity principles and practices 40
K0681 Knowledge of privacy principles and practices 40
K0682 Knowledge of cybersecurity threats 40
K0683 Knowledge of cybersecurity vulnerabilities 40
K0684 Knowledge of cybersecurity threat characteristics 40
K0687 Knowledge of business operations standards and best practices 5
K0718 Knowledge of network communications principles and practices 10
K0748 Knowledge of Privacy Impact Assessment (PIA) principles and practices 5
K0751 Knowledge of system threats 40
K0752 Knowledge of system vulnerabilities 40
K0773 Knowledge of telecommunications principles and practices 14
K0792 Knowledge of network configurations 9
K0881 Knowledge of learning assessment tools and techniques 7
K0885 Knowledge of instructional design principles and practices 4
K0886 Knowledge of instructional design models and frameworks 4
K0892 Knowledge of cyber defense laws and regulations 13
K0915 Knowledge of network architecture principles and practices 21
K0925 Knowledge of wireless communication tools and techniques 6
K0926 Knowledge of signal jamming tools and techniques 6
K0962 Knowledge of targeting laws and regulations 11
K0963 Knowledge of exploitation laws and regulations 11
K0973 Knowledge of system persistence tools and techniques 1
K0983 Knowledge of computer networking principles and practices 39
K0990 Knowledge of cyber operations principles and practices 8
K1014 Knowledge of network security principles and practices 40
K1030 Knowledge of operational planning tools and techniques 1
K1070 Knowledge of privacy disclosure statement laws and regulations 2
K1111 Knowledge of application security design principles and practices 4
K1120 Knowledge of Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation (CIAAN) principles and practices 5
K1138 Knowledge of cybersecurity standards and best practices 3
K1160 Knowledge of federal and state accreditation standards 1
K1183 Knowledge of organizational cybersecurity policies and procedures 6
K1192 Knowledge of organizational privacy policies and procedures 1
K1194 Knowledge of Personally Identifiable Information (PII) attributes 4
K1198 Knowledge of privacy and data security regulators 1
K1200 Knowledge of privacy technologies 1
K1212 Knowledge of security controls 4
Code Description Work Roles
S0395 Skill in developing instructional materials 3
S0406 Skill in developing policy plans 5
S0407 Skill in developing standard operating procedures (SOPs) 3
S0408 Skill in maintaining standard operating procedures (SOPs) 3
S0447 Skill in aligning privacy and cybersecurity objectives 3
S0450 Skill in authoring privacy disclosure statements 1
S0537 Skill in designing wireless communications systems 2
S0540 Skill in identifying network threats 3
S0601 Skill in developing curricula 4
S0602 Skill in teaching training programs 4
S0610 Skill in communicating effectively 7
S0687 Skill in performing administrative planning activities 9
S0791 Skill in presenting to an audience 9
S0796 Skill in creating privacy policies 1
S0797 Skill in negotiating vendor agreements 1
S0798 Skill in evaluating vendor privacy practices 1
S0818 Skill in building internal and external stakeholder relationships 1
S0821 Skill in collaborating with internal and external stakeholders 9
S0850 Skill in performing cost/benefit analysis 4
S0858 Skill in performing economic analysis 4
S0878 Skill in performing risk analysis 9