Privacy Analyst I - EHRA

Agency Department of Information Technology Division DIT Secretary , CIO Job Classification Title IT Security & Compliance Specialist I (NS) Position Number 65038751 Grade DT08 About Us The N.C. Department of Information Technology (NCDIT) serves as the Technology Center for the State of NC. Services that NCDIT provides reach a client base of state and local government agencies, as well as schools, colleges and universities. NCDIT's mission is to enable trusted business-driven solutions that meet the needs of North Carolinians. NCDIT provides technology services to state agencies and is charged with closing the digital divide by expanding availability of broadband services and promoting the adoption of affordable, high-speed internet.

Description of Work Salary Range:

$75,818 - $113,727 The position is designated Statutory Exempt (EHRA) and is exempt from the State Human Resources Act. Are you ready to take the next step in your career? We currently have an opening for a Privacy Analyst! This position may be eligible for hybrid remote work in accordance with state policy and the agency's remote work program but does require weekly onsite work. The Privacy Analyst will be responsible for conducting privacy risk assessments; monitoring and ensuring adherence to privacy standards; and supporting the maturation of the program, processes, and controls needed to safeguard personal information/personally identifiable information (PII) and other sensitive data entrusted to the State. Responsibilities include performing privacy and AI risk assessments, reviewing privacy compliance and risk documentation in a timely manner, and providing operational guidance on the risks, protection, and handling of PII and other sensitive information governed by state and federal privacy laws, regulations, policies, and frameworks (e.g., NIST privacy, cybersecurity, risk management, data, and AI frameworks). Strong knowledge of data classification, inventory, tagging, and data governance principles across the data lifecycle is essential. This role reports to the Chief Privacy Officer (CPO), who oversees OPDP. What you'll do: Conduct Privacy Threshold Analyses (PTAs) and Privacy Impact Assessments (PIAs) for new projects, systems, and third‑party services to identify potential privacy risks and recommend mitigation strategies. Collaborate with project teams to incorporate privacy by design (PbD) into enterprise IT systems and processes. Evaluate third‑party vendors and contractors for privacy, data protection, and AI‑related ethical and risk compliance as part of NCDIT's procurement and contracting processes. Identify potential privacy, data protection, and AI risks across state agencies' projects, programs, and services, and provide written recommendations with appropriate mitigation strategies. Partner with enterprise security and IT security teams to ensure enterprise systems are designed and maintained with appropriate privacy and data protection controls. Conduct regular audits and assessments to ensure compliance with privacy processes, documentation requirements, policies, and applicable regulations. Lead and support data classification, tagging, inventory, and data loss prevention efforts. Collaborate with the cybersecurity team to investigate, document, and respond to potential data breaches involving PII or other privacy incidents. Document and report privacy metrics as part of ongoing program monitoring. About the

Division:

The Office of Privacy and Data Protection (OPDP) provides privacy and data protection guidance, establishes policy and processes, and provides training to agencies, local government, and citizens across the state. OPDP is led by the Chief Privacy Officer and works directly with the Secretary, DIT executive leadership, Enterprise Security and Risk Management Office, data officers, and agency privacy officers/privacy points of contact to ensure data privacy and protection while leveraging data assets to improve North Carolina. Knowledge Skills and Abilities/Management Preferences The following Management Preferences are not required, but applicants that possess these skills are preferred: IAPP Certifications (CIPM, AIGP, CIPT or CIPP/US preferred) This position will have access to data within the Division of Criminal Information Network (DCIN); and as such, NC Administrative Code 14B

NCAC 18A.0401

mandates that prior to receiving and/or maintaining certification as a DCIN user, applicants: 1) Shall be a citizen of the United States, 2) Shall be at least 18 years of age, 3) Shall agree to a fingerprint-based background search. Discover why NCDIT is the ideal destination for your professional growth - Why Work for NCDIT Minimum Education and Experience Some state job postings say you can qualify by an "equivalent combination of education and experience." If that language appears below, then you may qualify through EITHER years of education OR years of directly related experience, OR a combination of both. See the Education and Experience Equivalency Guide for details. Bachelor's degree in Computer Science or a related IT related field or closely related field from an appropriately accredited institution and one year experience in IT Security; OR Associate degree in Computer Science or a related IT related field or closely related field from an appropriately accredited institution and two years of experience in IT Security; or an equivalent combination of education and experience. EEO Statement T he State of North Carolina is an Equal Employment Opportunity Employer and dedicated to providing employees with a work environment free from all forms of unlawful employment discrimination, harassment, or retaliation. The state provides reasonable accommodation to employees and applicants with disabilities; known limitations related to pregnancy, childbirth, or related medical conditions; and for religious beliefs, observances, and practices.

Recruiter:

Tajia Monae Shatia Brown Recruiter Email:

dit_hr_recruitment@nc.gov