Privacy Analyst II - EHRA

Agency

Department of Information Technology

Division

DIT Secretary , CIO

Job Classification Title

IT Security & Compliance Specialist II (NS)

Position Number

65038282

Grade

DT10

About Us

The N.C. Department of Information Technology (NCDIT) serves as the Technology Center for the State of NC. Services that NCDIT provides reach a client base of state and local government agencies, as well as schools, colleges and universities. NCDIT’s mission is to enable trusted business-driven solutions that meet the needs of North Carolinians. NCDIT provides technology services to state agencies and is charged with closing the digital divide by expanding availability of broadband services and promoting the adoption of affordable, high-speed internet.

Description of Work

Salary Range: $87,617 - $131,426

The position is designated Statutory Exempt (EHRA) and is exempt from the State Human Resources Act.

Are you ready to take the next step in your career?

We currently have an opening for a Privacy Analyst II!

This position may be eligible for hybrid remote work in accordance with state policy and the agency’s remote work program but does require weekly onsite work.

The Privacy Analyst is responsible for conducting privacy and AI risk assessments; monitoring compliance with privacy standards; and supporting the development of processes and controls to safeguard personally identifiable information (PII) and other sensitive data entrusted to the State. This includes reviewing risk and compliance documentation and providing operational guidance on the protection and handling of PII in accordance with applicable state and federal laws, regulations, and frameworks (e.g., NIST privacy, cybersecurity, risk management, data, and AI frameworks).

What you’ll do:
• Conduct Privacy Threshold Analyses (PTAs) and Privacy Impact Assessments (PIAs) for new projects, systems, and third‑party services to identify privacy risks and recommend mitigation strategies.
• Develop and implement policies, procedures, and guidelines related to data protection regulations, and provide privacy guidance on the use of AI, cybersecurity issues, and ethical data practices.
• Collaborate with project teams to ensure privacy by design (PbD) is integrated into enterprise IT systems and processes.
• Evaluate third‑party vendors and contractors for privacy, data protection, and AI‑related ethical and risk compliance within NCDIT’s procurement and contracting processes.
• Identify potential privacy, data protection, and AI risks across state agencies’ projects, programs, and services; provide written recommendations with mitigation strategies; and document and report relevant privacy metrics.
• Partner with enterprise security and IT security teams to ensure systems are designed and maintained with appropriate privacy and data protection controls.
• Conduct regular audits and assessments to ensure compliance with privacy processes, documentation requirements, policies, and applicable regulations.
• Collaborate with the cybersecurity team to investigate, document, and respond to potential data breaches involving PII or other privacy incidents.
• Experience with data classification efforts is required.

About the Division:
The Office of Privacy and Data Protection (OPDP) provide privacy and data protection guidance, establishes policy and processes, and provides training to agencies, local government, and citizens across the state. OPDP is led by the Chief Privacy Officer and works directly with the Secretary, DIT executive leadership, Enterprise Security and Risk Management Office, data officers, and agency privacy officers/privacy points of contact to ensure data privacy and protection while leveraging data assets to improve North Carolina.

Knowledge Skills and Abilities/Management Preferences

The following Management Preferences are not required, but applicants that possess these skills are preferred:

• Experience with DataBricks, Varonis or data loss prevention tools.

This position will have access to data within the Division of Criminal Information Network (DCIN); and as such, NC Administrative Code 14B NCAC 18A.0401 mandates that prior to receiving and/or maintaining certification as a DCIN user, applicants:

1) Shall be a citizen of the United States,

2) Shall be at least 18 years of age,

3) Shall agree to a fingerprint-based background search.

Discover why NCDIT is the ideal destination for your professional growth - Why Work for NCDIT

Minimum Education and Experience

Some state job postings say you can qualify by an “equivalent combination of education and experience.” If that language appears below, then you may qualify through EITHER years of education OR years of directly related experience, OR a combination of both. See the Education and Experience Equivalency Guide for details.

Bachelor’s degree in computer science or a related IT field or closely related field from an appropriately accredited institution and two years of progressive experience in IT Security or closely related area;

OR

Associate degree in computer science or a related IT field or closely related field from an appropriately accredited institution and three years of progressive experience in IT security or closely related area; or an equivalent combination of education and experience.

EEO Statement

The State of North Carolina is an Equal Employment Opportunity Employer and dedicated to providing employees with a work environment free from all forms of unlawful employment discrimination, harassment, or retaliation. The state provides reasonable accommodation to employees and applicants with disabilities; known limitations related to pregnancy, childbirth, or related medical conditions; and for religious beliefs, observances, and practices.

Recruiter:

Tajia Monae Shatia Brown

Recruiter Email:

dit_hr_recruitment@nc.gov