Privacy Business Analyst

JOB REQUIREMENTS: Seeking an experienced contractor to design, develop,and help stand up a comprehensive privacy program at the WisconsinDepartment of Administration. The contractor will be responsible fordeveloping, documenting, and, as feasible, implementing oroperationalizing, privacy program policies and plans to enhance privacygovernance, compliance, and risk management practices for the agency,that can later inform enterprise recommendations for all executivebranch agencies. Scope of Work: Along with legal counsel and others, thecontractor will perform the following tasks: 1. Policy & GovernanceFramework Development: o Establish privacy procedures tailored to theagency's operations. o Establish a privacy governance structure,including roles and responsibilities. o Define key performanceindicators (KPIs) for privacy program success. 2. Regulatory Compliance& Risk Management: o Create processes to ensure compliance with federal,state, and local privacy laws and regulations. o Create processes forPrivacy Threshold Assessments (PTAs) and Privacy Impact Assessments(PIAs). o Identify systems that process personally identifiableinformation (PII) and other regulated data, and identify keystakeholders associated with those systems per NIST Risk ManagementFrameworks (e.g., system owner, authorizing official, etc.). 3. Training& Awareness: o Create privacy communication materials, best practiceguidelines, and training. o Develop/recommend best practices to foster aculture of privacy compliance within the agency. 4. Incident Response &Data Breach Management: o Along with Chief Information Security Officer(CISO) and legal counsel, develop privacy mandates within existingincident response plans. o Along with CISO and legal counsel, establishprocedures for reporting and remediating privacy incidents. 5. Vendor &Third-Party Risk Management: o Along with legal counsel, conduct privacyassessments of key vendors and partners. o Along with legal counsel,recommend strategies to standardize contracting and data sharingagreements (DSAs) and/or templatize appropriate data protection andprivacy clauses within contracts. 6. Privacy Technology & Automation: oAssess and recommend privacy-enhancing technologies (PETs) andautomation tools. o Support integration of data/privacy tools andcontrols into agency IT systems, including the governance, risk, andcompliance (GRC) platform. o Collaborate with IT and security teams toembed privacy by design principles into all aspects of the systemdevelopment lifecycle (SDLC). Reporting Structure: This is a jointinitiative between DOA's Division of Legal Services and DOA's Divisionof Enterprise Technology. The contractor will report to DOA's LeadPrivacy Counsel with dotted line reporting responsibilities to the Stateof Wisconsin Chief Information Officer (CIO), Chief Information SecurityOfficer (CISO), Chief Technology Officer (CTO), and DOA's Data Manager.This role presents an exciting opportunity for an experienced privacyprofessional to establish a best-in-class privacy program for agovernment agency. Interested contractors should submit a resumehighlighting relevant experience in privacy program development,particularly with respect to creating processes and communicating withvaried stakeholders. OTHER EXPERIENCE AND QUALIFICATIONS:MANDATORY: Excellent communication skills and the ability to engage withstakeholders at all levels, translating complex technical and legalideas to business stakeholders and decision-makers. (8-10+ years)Demonstrated experience in privacy program process development andimplementation. (8-10+ years) Strong knowledge of privacy laws andregulations (e.g., GDPR, CCPA, HIPAA) and NIST Risk ManagementFrameworks (e.g., NIST RMF, NIST PF, NIST CSF). (8-10+ years)Professional certifications such as Certified Information PrivacyProfessional (CIPP), Certified Info mation Privacy Manager (CIPM),Certified Information Privacy Technologist (CIPT) or similar preferred.NICE TO HAVE SKILLS: Expertise in risk management, data governance, andcompliance frameworks. Experience conducting privacy impact assessmentsand developing privacy processes. Strong project management skills withthe ability to execute strategic privacy initiatives. APPLICATION INSTRUCTIONS: E-Mail a Rsum:

Created: 2026-03-23