Privacy Analyst I - EHRA

State of North Carolina•3700 Wake Forest Road Wake, NC

1d•$75,818 - $113,727•Hybrid

About The Position

The N.C. Department of Information Technology (NCDIT) serves as the Technology Center for the State of NC. Services that NCDIT provides reach a client base of state and local government agencies, as well as schools, colleges and universities. NCDIT’s mission is to enable trusted business-driven solutions that meet the needs of North Carolinians. NCDIT provides technology services to state agencies and is charged with closing the digital divide by expanding availability of broadband services and promoting the adoption of affordable, high-speed internet. The position is designated Statutory Exempt (EHRA) and is exempt from the State Human Resources Act. This position may be eligible for hybrid remote work in accordance with state policy and the agency’s remote work program but does require weekly onsite work. The Privacy Analyst will be responsible for conducting privacy risk assessments; monitoring and ensuring adherence to privacy standards; and supporting the maturation of the program, processes, and controls needed to safeguard personal information/personally identifiable information (PII) and other sensitive data entrusted to the State. Responsibilities include performing privacy and AI risk assessments, reviewing privacy compliance and risk documentation in a timely manner, and providing operational guidance on the risks, protection, and handling of PII and other sensitive information governed by state and federal privacy laws, regulations, policies, and frameworks (e.g., NIST privacy, cybersecurity, risk management, data, and AI frameworks). Strong knowledge of data classification, inventory, tagging, and data governance principles across the data lifecycle is essential. This role reports to the Chief Privacy Officer (CPO), who oversees OPDP.

Requirements

Bachelor's degree in Computer Science or a related IT related field or closely related field from an appropriately accredited institution and one year experience in IT Security; OR Associate degree in Computer Science or a related IT related field or closely related field from an appropriately accredited institution and two years of experience in IT Security; or an equivalent combination of education and experience.
Shall be a citizen of the United States
Shall be at least 18 years of age
Shall agree to a fingerprint-based background search.

Nice To Haves

IAPP Certifications (CIPM, AIGP, CIPT or CIPP/US preferred)

Responsibilities

Conduct Privacy Threshold Analyses (PTAs) and Privacy Impact Assessments (PIAs) for new projects, systems, and third‑party services to identify potential privacy risks and recommend mitigation strategies.
Collaborate with project teams to incorporate privacy by design (PbD) into enterprise IT systems and processes.
Evaluate third‑party vendors and contractors for privacy, data protection, and AI‑related ethical and risk compliance as part of NCDIT’s procurement and contracting processes.
Identify potential privacy, data protection, and AI risks across state agencies’ projects, programs, and services, and provide written recommendations with appropriate mitigation strategies.
Partner with enterprise security and IT security teams to ensure enterprise systems are designed and maintained with appropriate privacy and data protection controls.
Conduct regular audits and assessments to ensure compliance with privacy processes, documentation requirements, policies, and applicable regulations.
Lead and support data classification, tagging, inventory, and data loss prevention efforts.
Collaborate with the cybersecurity team to investigate, document, and respond to potential data breaches involving PII or other privacy incidents.
Document and report privacy metrics as part of ongoing program monitoring.