WI RESIDENT - Data Modeling Business Analyst 3

S

Sundial Software

WI RESIDENT - Data Modeling Business Analyst 3

Madison, WI
Full Time
Paid
  • Responsibilities

    The State of Wisconsin DOA is looking for a Business Analyst/Consultant III.

    *MUST BE WI RESIDENT - NO RELOCATION

    REMOTE OPPORTUNITY

    Top Required Skills & Years of Experience:

    • Experience with data modeling and data warehousing concepts and technologies. (5 years)

    • Experience with database platforms such as Oracle, SQL Server, NoSQL. (5 years)

    • Demonstrated experience in data and privacy program development and implementation. (5 years)

    • Expertise in implementing risk management, data governance, and compliance frameworks (e.g., NIST Privacy Framework). (5 years)

     

    Nice to Have Skills:

    • Proven project experience with programming languages such as Java, SQL, Python, and R for data manipulation and analysis. (5 years)

    • Experience in data protection compliance, legal, audit, or risk management roles. (5 years)

    • Proven project experience with data analysis and visualization tools such as Tableau, PowerBI, or other cloud data analytics platforms. (5 years)

     

     

    Interview Process: 1-2 rounds via Microsoft Teams

    Duration: 6/30/2025 with possibility of 1-year extension

    Onsite or Remote: Candidates MUST be CURRENT WI residents. NO RELOCATION ALLOWED. This position can work remote from within the state of Wisconsin. The selected hire must be available to come onsite once a month as needed.

     

    Project details:

    The contractor will be responsible for helping DOA staff navigate and implement data & privacy frameworks, assessments, governance, policy development, inventory, gap analysis, and other duties as assigned to support this program and will work with key stakeholders to develop a strategic data and privacy program.

    Data & Privacy Analyst/Business Analyst/Consultant III - Contractor

    Overview:

    Seeking an experienced contractor to support the efforts to begin

    implementation/operationalization of a comprehensive data & privacy program at the Wisconsin

    Department of Administration (DOA). The contractor will be responsible for helping DOA staff

    navigate and implement data & privacy frameworks, assessments, governance, policy

    development, inventory, gap analysis, and other duties as assigned to support this program. In

    addition, along with the DOA’s Division of Enterprise Technology’s (DET) Chief Technology

    Officer (CTO) and DOA Division of Legal Service’s (DLS) Lead Privacy Counsel, the contractor

    will work with key stakeholders to develop a strategic data and privacy program.

    This role presents an exciting opportunity for an experienced professional that will support efforts

    to establish a best-in-class data & privacy program for state government ensuring compliance

    and the protection of data. Interested contractors should highlight experience that can support

    the functions of this role.

    Key Deliverables of the Contract:

    ? Data and privacy maturity assessment report with gap analysis.

    ? Comprehensive data and privacy program strategy and implementation roadmap.

    ? Incident response and breach management plan.

    ? Third-party privacy risk management (TPRM) framework.

    ? Final project report with recommendations for prioritizing privacy efforts, acquiring privacy-

    enhancing technology (PET) tools, and determining long-term sustainability of agency

    data privacy initiatives.

    Scope of Work: The contractor will perform the following tasks:

    1\. Data and Privacy Program Assessment & Strategy Development:

    o Conduct a data and privacy maturity assessment to evaluate current policies,

    practices, and regulatory/legal compliance.

    o Develop a strategic roadmap for implementing a data and privacy framework

    aligned with industry standards, regulatory, and legal requirements.

    o Identify key data and privacy risks and recommend mitigation strategies.

    o Provide actionable steps for mapping and inventory management of data assets.

    o Identify and prioritize clear, concise, and enforceable data & privacy policies,

    standards, and practices to facilitate and drive agency change management.

    2\. Data and Policy Governance Framework Development:

    o Draft and implement data and privacy policies, standards, and procedures (PSPs)

    including privacy notices tailored to the agency's operations.

    o Establish a data and privacy governance structure, including roles and

    responsibilities. Roles considered should include how to drive culture so that all

    understand their obligations besides the normal operational aspects.

    o Define key performance indicators (KPIs) for data and privacy program success.

    o Outline monitoring plan for compliance and performance to determine cadence

    and governance practices that ensure adherence to policies and regulations. This

    plan should include how adjustments are also included into the workflow and

    cadence to address gaps or emerging risks.

    3\. Regulatory Compliance & Risk Management:

    o Along with legal counsel, create processes to ensure compliance with federal and

    state privacy laws and regulations.

    o Along with DOA’s Data manager & legal counsel, develop and implement data

    privacy risk assessments and risk management frameworks.

    o Along with DOA’s Data Manager, establish a data inventory and mapping process

    and execute data inventories, data flows, data modeling, data access, data

    lifecycle and system assessments.

    o Along with legal counsel, create streamlined processes for Privacy Threshold

    Analyses (PTAs), Privacy Impact Assessments (PIAs), and AI Risk Assessments

    (AIRAs) and/or embed into existing systems, applications, and risk

    management/risk assessment processes (e.g., security, cloud brokerage).

    4\. Vendor & Third-Party Risk Management (TPRM):

    o Along with State Bureau of Procurement (SBOP), DET, and legal counsel, develop

    a third-party privacy risk assessment framework for statewide procurement and

    contracting.

    o Along with DET and legal counsel, conduct data and privacy assessments of key

    vendors and partners.

    o Along with DET and legal counsel, recommend strategies to standardize

    contracting and data sharing agreements (DSAs) and/or templatize appropriate

    data protection and privacy clauses within statewide procurements and agency

    contracts.

    5\. Data & Privacy Technology Automation:

    o Assess and recommend privacy-enhancing technologies (PETs) and automation

    tools, including AI.

    o Support integration of privacy controls into agency IT systems including working

    with application stakeholders.

    o Collaborate with IT and security teams to embed privacy by design (PbD) and

    security by design principles throughout the system development lifecycle (SDLC)

    and business processes, such as authorization management and purpose-based

    and role-based access controls (PBAC/RBAC).

    o Along with DOA’s Data Manager, develop recommendations for tools to execute

    and automate data-centric privacy capabilities, such as discovering personal data,

    de-duplicating redundant/obsolete/tertiary (ROT) data, classifying data, and

    retention scheme management/data dispositioning at the end of records retention

    cycles.

    Required Qualifications & Competencies:

    ? Experience with data modeling and data warehousing concepts and technologies. (5

    years)

    ? Experience with database platforms such as Oracle, SQL Server, NoSQL. (5 years)

    ? Demonstrated experience in data and privacy program development and implementation.

    (5 years)

    ? Expertise in implementing risk management, data governance, and compliance

    frameworks (e.g., NIST Privacy Framework). (5 years)

    ? Experience in implementation of data literacy frameworks in support of overall data

    initiatives.

    ? Strong project and change management skills with the ability to execute strategic privacy

    initiatives.

    ? Ability to assess risks, conduct assessments, and analyze data flows.

    ? Excellent communication skills (written and verbal) and the ability to engage with cross-

    functional technical and business teams to gather requirements, explain complex

    concepts, and align to frameworks.

    ? Ability to effectively prioritize workload from multiple workstreams and adapt to changing

    priorities and deadlines.

    ? Ability to work independently, be self-motivated, and maintain the confidentiality of

    sensitive/restricted information under minimal supervision.

    Desired Qualifications & Competencies:

    ? Proven project experience with programming languages such as Java, SQL, Python, and

    R for data manipulation and analysis. (5 years)

    ? Experience in data protection compliance, legal, audit, or risk management roles. (5 years)

    ? Proven project experience with data analysis and visualization tools such as Tableau,

    PowerBI, or other cloud data analytics platforms. (5 years)

    ? Professional data and privacy training or certifications such as International Association

    of Privacy Professionals certifications (e.g., Certified Information Privacy Professional/US

    (CIPP/US), Certified Information Privacy Manager (CIPM), Certified Information Privacy

    Technologist (CIPT) or similar), CDPSE (Certified Data Privacy Solutions Engineer)

    preferred.

    ? Experience with the use of artificial intelligence (AI) tools for electronic records

    management (ERM), electronic records dispositioning, and data minimization in

    government.

    ? Ability to develop innovative solutions for privacy and data challenges.

    Reporting Structure:

    ? The contractor will jointly report to DET’s Chief Information Officer (CIO) or her designee

    and DLS’s Lead Privacy Counsel.