Collaborates with management to develop a compliance program that outlines the agency’s compliance vision, mission and goals. Leads the development and maintenance of the agency’s information security program and associated strategies with consideration for the business processes and overall goals of the organization. Facilitates collaboration between business functions (e.g., information technology, privacy, information security) to validate compliance with information security policies, standards, procedures, and controls and better understand risks within business processes and initiatives. Oversees the development and performance of vulnerability and risk assessments for business process, network, and applications. Initiates, facilitates, and promotes communications and training activities to reinforce information security awareness throughout the organization. Reviews and revises the privacy program on a periodic basis in light of changes in laws, regulations, or agency policy. Reports on a periodic basis the status of compliance programs to agency’s stakeholders and/or management. Provides subject matter expertise regarding applicable state policies, standards, procedures and controls to confirm they are appropriately embedded in the agency’s compliance practices. Leverages the data classification schema to establish a procedure to classify the agency’s data to protect its confidentiality, integrity, and availability. Establishes controls to help maintain the privacy of the agency’s data. Leads impact assessments to identify risks and potential impacts associated with processes, data and systems that are privacy-sensitive. Work with the agency’s business units and departments to develop a response plan for privacy and other compliance incidents. May serve as a liaison to regulatory and accrediting bodies. Serves as the overall liaison for any complaints and/or investigations related to privacy and other compliance related issues.