Business Analyst/Consultant IV
United States
Contract
1 hour ago
H1B Sponsor Likely
Key skills
Privacy laws knowledgePrivacy program developmentRisk management frameworksCertified Information Privacy ProfessionalStakeholder engagementProject management skillsSDLCProject ManagementRisk ManagementCommunication
About this role
V-Soft Consulting Group, Inc. is currently hiring a Business Analyst/Consultant IV for their premier client. The role involves developing privacy procedures, ensuring compliance with privacy laws, and managing privacy-related risks and incidents.
Responsibilities:
- Establish privacy procedures tailored to the agency's operations
- Establish a privacy governance structure, including roles and responsibilities
- Define key performance indicators (KPIs) for privacy program success
- Create processes to ensure compliance with federal, state, and local privacy laws and regulations
- Create processes for Privacy Threshold Assessments (PTAs) and Privacy Impact Assessments (PIAs)
- Identify systems that process personally identifiable information (PII) and other regulated data, and identify key stakeholders associated with those systems per NIST Risk Management Frameworks (e.g., system owner, authorizing official, etc.)
- Create privacy communication materials, best practice guidelines, and training
- Develop/recommend best practices to foster a culture of privacy compliance within the agency
- Along with Chief Information Security Officer (CISO) and legal counsel, develop privacy mandates within existing incident response plans
- Along with CISO and legal counsel, establish procedures for reporting and remediating privacy incidents
- Along with legal counsel, conduct privacy assessments of key vendors and partners
- Along with legal counsel, recommend strategies to standardize contracting and data sharing agreements (DSAs) and/or templatize appropriate data protection and privacy clauses within contracts
- Assess and recommend privacy-enhancing technologies (PETs) and automation tools
- Support integration of data/privacy tools and controls into agency IT systems, including the governance, risk, and compliance (GRC) platform
- Collaborate with IT and security teams to embed privacy by design principles into all aspects of the system development lifecycle (SDLC)
Requirements:
- Excellent communication skills and the ability to engage with stakeholders at all levels, translating complex technical and legal ideas to business stakeholders and decision-makers. (8-10+ years)
- Demonstrated experience in privacy program process development and implementation. (8-10+ years)
- Strong knowledge of privacy laws and regulations (e.g., GDPR, CCPA, HIPAA) and NIST Risk Management Frameworks (e.g., NIST RMF, NIST PF, NIST CSF). (8-10+ years)
- Professional certifications such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT) or similar preferred
- Expertise in risk management, data governance, and compliance frameworks
- Experience conducting privacy impact assessments and developing privacy processes
- Strong project management skills
- Ability to execute strategic privacy initiatives independently, with general/minimal oversight