Data Governance Analyst

Data Governance Analyst

  Not Disclosed

  Madison, WI (100% Remote)

  2.0 Months

  Not Disclosed

  Not Disclosed

  Government - State

  $44.92/hour - $49.92/hour

Job Description

Description:

Top Required Skills & Years of Experience:

Experience with data modeling and data warehousing concepts and technologies. (5 years)
Experience with database platforms such as Oracle, SQL Server, NoSQL. (5 years)
Demonstrated experience in data and privacy program development and implementation. (5 years)
Expertise in implementing risk management, data governance, and compliance frameworks (e.g., NIST Privacy Framework). (5 years)

Nice to Have Skills:

Proven project experience with programming languages such as Java, SQL, Python, and R for data manipulation and analysis. (5 years)
Experience in data protection compliance, legal, audit, or risk management roles. (5 years)
Proven project experience with data analysis and visualization tools such as Tableau, PowerBI, or other cloud data analytics platforms. (5 years)

Overview:

Seeking an experienced contractor to support the efforts to begin implementation/operationalization of a comprehensive data & privacy program at the client. The contractor will be responsible for helping client navigate and implement data & privacy frameworks, assessments, governance, policy development, inventory, gap analysis, and other duties as assigned to support this program. In addition, along with the client, the contractor will work with key stakeholders to develop a strategic data and privacy program.

This role presents an exciting opportunity for an experienced professional that will support efforts to establish a best-in-class data & privacy program for client ensuring compliance and the protection of data. Interested contractors should highlight experience that can support the functions of this role.

Key Deliverables of the Contract:

Data and privacy maturity assessment report with gap analysis.
Comprehensive data and privacy program strategy and implementation roadmap.
Incident response and breach management plan.
Third-party privacy risk management (TPRM) framework.
Final project report with recommendations for prioritizing privacy efforts, acquiring privacy-enhancing technology (PET) tools, and determining long-term sustainability of client data privacy initiatives.

Scope of Work: The contractor will perform the following tasks:

Data and Privacy Program Assessment & Strategy Development:

Conduct a data and privacy maturity assessment to evaluate current policies, practices, and regulatory/legal compliance.
Develop a strategic roadmap for implementing a data and privacy framework aligned with industry standards, regulatory, and legal requirements.
Identify key data and privacy risks and recommend mitigation strategies.
Provide actionable steps for mapping and inventory management of data assets.
Identify and prioritize clear, concise, and enforceable data & privacy policies, standards, and practices to facilitate and drive client change management.

Data and Policy Governance Framework Development:

Draft and implement data and privacy policies, standards, and procedures (PSPs) including privacy notices tailored to the client's operations.
Establish a data and privacy governance structure, including roles and responsibilities. Roles considered should include how to drive culture so that all understand their obligations besides the normal operational aspects.
Define key performance indicators (KPIs) for data and privacy program success.
Outline monitoring plan for compliance and performance to determine cadence and governance practices that ensure adherence to policies and regulations. This plan should include how adjustments are also included into the workflow and cadence to address gaps or emerging risks.

Regulatory Compliance & Risk Management:

Along with legal counsel, create processes to ensure compliance with client privacy laws and regulations.
Along with client’s Data manager & legal counsel, develop and implement data privacy risk assessments and risk management frameworks.
Along with client’s Data Manager, establish a data inventory and mapping process and execute data inventories, data flows, data modeling, data access, data lifecycle and system assessments.
Along with legal counsel, create streamlined processes for Privacy Threshold Analyses (PTAs), Privacy Impact Assessments (PIAs), and AI Risk Assessments (AIRAs) and/or embed into existing systems, applications, and risk management/risk assessment processes (e.g., security, cloud brokerage).

Vendor & Third-Party Risk Management (TPRM):

Along with client, and legal counsel, develop a third-party privacy risk assessment framework for client procurement and contracting.
Along with client and legal counsel, conduct data and privacy assessments of key vendors and partners.
Along with client and legal counsel, recommend strategies to standardize contracting and data sharing agreements (DSAs) and/or templatize appropriate data protection and privacy clauses within client procurements and client contracts.

Data & Privacy Technology Automation:

Assess and recommend privacy-enhancing technologies (PETs) and automation tools, including AI.
Support integration of privacy controls into client IT systems including working with application stakeholders.
Collaborate with IT and security teams to embed privacy by design (PbD) and security by design principles throughout the system development lifecycle (SDLC) and business processes, such as authorization management and purpose-based and role-based access controls (PBAC/RBAC).
Along with client’s Data Manager, develop recommendations for tools to execute and automate data-centric privacy capabilities, such as discovering personal data, de-duplicating redundant/obsolete/tertiary (ROT) data, classifying data, and retention scheme management/data dispositioning at the end of records retention cycles.

Required Qualifications & Competencies:

Experience with data modeling and data warehousing concepts and technologies. (5 years)
Experience with database platforms such as Oracle, SQL Server, NoSQL. (5 years)
Demonstrated experience in data and privacy program development and implementation. (5 years)
Expertise in implementing risk management, data governance, and compliance frameworks (e.g., NIST Privacy Framework). (5 years)
Experience in implementation of data literacy frameworks in support of overall data initiatives.
Strong project and change management skills with the ability to execute strategic privacy initiatives.
Ability to assess risks, conduct assessments, and analyze data flows.
Excellent communication skills (written and verbal) and the ability to engage with cross-functional technical and business teams to gather requirements, explain complex concepts, and align to frameworks.
Ability to effectively prioritize workload from multiple workstreams and adapt to changing priorities and deadlines.
Ability to work independently, be self-motivated, and maintain the confidentiality of sensitive/restricted information under minimal supervision.
Desired Qualifications & Competencies:

Proven project experience with programming languages such as Java, SQL, Python, and R for data manipulation and analysis. (5 years)
Experience in data protection compliance, legal, audit, or risk management roles. (5 years)
Proven project experience with data analysis and visualization tools such as Tableau, PowerBI, or other cloud data analytics platforms. (5 years)
Professional data and privacy training or certifications such as International Association of Privacy Professionals certifications (e.g., Certified Information Privacy Professional/US (CIPP/US), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT) or similar), CDPSE (Certified Data Privacy Solutions Engineer) preferred.
Experience with the use of artificial intelligence (AI) tools for electronic records management (ERM), electronic records dispositioning, and data minimization in government.
Ability to develop innovative solutions for privacy and data challenges.

Reporting Structure:

The contractor will jointly report to client’s Chief Information Officer (CIO) or her designee and DLS’s Lead Privacy Counsel.

The contractor will be responsible for helping client navigate and implement data & privacy frameworks, assessments, governance, policy development, inventory, gap analysis, and other duties as assigned to support this program and will work with key stakeholders to develop a strategic data and privacy program.

Notes:

Remote