Privacy Analyst
: Job Details :

The Executive Office of Technology Services and Security (EOTSS) is the state's lead office for information technology. We provide enterprise level information technology services including network management and security; computer operations; application hosting; desktop provisioning and management; and modern and responsive digital services to 40,000 internal stakeholders plus the residents, business owners and visitors to the Commonwealth of Massachusetts.

EOTSS is seeking a Privacy Analyst to support the EOTSS Privacy Office with a new Software Platform for Privacy Impact Assessments. The role will support the EOTSS Enterprise Privacy Office (EPO) privacy program and have primary responsibility for the EPO's privacy compliance software platform. The role will research, collect, and analyze information regarding the collection, use, and sharing of personal data by EOTSS and its vendors. They will help evaluate new projects, systems, and vendors to identify privacy-related risks and impact on the privacy rights of employees and constituents. The role will help to ensure that privacy considerations are integrated into everything we do at EOTSS.

This is an opportunity to have a profound and positive impact on the privacy of Massachusetts residents. Applicants should have a demonstrated interest in developing an understanding of information systems, cybersecurity, data architectures, compliance, privacy laws, and related regulations.

The primary work location for this role will be at One Ashburton Place, Boston, Massachusetts 02108. The work schedule for this position is Monday through Friday, 9:00AM to 5:00PM EST. This position would be expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days as needed.

All offers of employment into this position are conditional and subject to passing: a Massachusetts Criminal Background Check (CORI) and security training.

Key Responsibilities:

• Administer privacy compliance software platform.
• Load data mapping and privacy assessment information into privacy compliance software platform.
• Assist with collection of information for data mapping and privacy impact assessments.
• Help mitigate legal and operational risks around personal and sensitive information.
• Data Mapping support will include:
• Identify flows of personal data through EOTSS and EOTSS-managed vendors
• Identify use of personal data by vendors, within projects, or otherwise in data storage systems maintained by EOTSS
• Privacy Impact Assessments support will include:
• Assist Risk Team with Privacy Components of Risk Assessments
• Review Vendor Risk Assessments for Privacy Impact
• Conduct initial Privacy Impact Assessments of projects, data systems, and vendors

Preferred Qualifications:

• Three (3) to five (5) years of experience working across functional teams in a corporate or government environment
• Experience with privacy impact assessments and generating initial draft reports
• Excellent communication skills with the ability to communicate across various teams and levels of an organization to gather information and assessment data
• Familiarity with privacy software solutions such as TrustArc, OneTrust, and Diligent
• Familiarity with Saas solutions
• Experience in Privacy, Information Security, or Compliance is a plus
• Experience in data entry, software administration, or cloud platform management is a plus
• Demonstrated interest in data privacy
• Knowledge of privacy-related laws such as FIPA, FOIA, HIPAA, and GLBA is a plus