The Executive Office of Technology Services and Security (EOTSS) is the state's lead office for information technology. We provide enterprise level information technology services including network management and security; computer operations; application hosting; desktop provisioning and management; and modern and responsive digital services to 40,000 internal stakeholders plus the residents, business owners and visitors to the Commonwealth of Massachusetts.
EOTSS is seeking a Privacy Analyst to support the EOTSS Privacy Office with a new Software Platform for Privacy Impact Assessments. The role will support the EOTSS Enterprise Privacy Office (EPO) privacy program and have primary responsibility for the EPO's privacy compliance software platform. The role will research, collect, and analyze information regarding the collection, use, and sharing of personal data by EOTSS and its vendors. They will help evaluate new projects, systems, and vendors to identify privacy-related risks and impact on the privacy rights of employees and constituents. The role will help to ensure that privacy considerations are integrated into everything we do at EOTSS.
This is an opportunity to have a profound and positive impact on the privacy of Massachusetts residents. Applicants should have a demonstrated interest in developing an understanding of information systems, cybersecurity, data architectures, compliance, privacy laws, and related regulations.
The primary work location for this role will be at One Ashburton Place, Boston, Massachusetts 02108. The work schedule for this position is Monday through Friday, 9:00AM to 5:00PM EST. This position would be expected to follow a hybrid model of reportingto work that combines in-office workdays and work from home days as needed.
All offers of employment into this position are conditional and subject to passing: a Massachusetts Criminal Background Check (CORI) and security training.
Key Responsibilities:
Administer privacy compliance software platform.
Load data mapping and privacy assessment information into privacy compliance software platform.
Assist with collection of information for data mapping and privacy impact assessments.
Help mitigate legal and operational risks around personal and sensitive information.
Data Mapping support will include:
Identify flows of personal data through EOTSS and EOTSS-managed vendors
Identify use of personal data by vendors, within projects, or otherwise in data storage systems maintained by EOTSS
Privacy Impact Assessments support will include:
Assist Risk Team with Privacy Components of Risk Assessments
Review Vendor Risk Assessments for Privacy Impact
Conduct initial Privacy Impact Assessments of projects, data systems, and vendors
Preferred Qualifications:
Three (3) to five (5) years of experience working across functional teams in a corporate or government environment
Experience with privacy impact assessments and generating initial draft reports
Excellent communication skills with the ability to communicate across various teams and levels of an organization to gather information and assessment data
Familiarity with privacy software solutions such as TrustArc, OneTrust, and Diligent
Familiarity with Saas solutions
Experience in Privacy, Information Security, or Compliance is a plus
Experience in data entry, software administration, or cloud platform management is a plus
Demonstrated interest in data privacy
Knowledge of privacy-related laws such as FIPA, FOIA, HIPAA, and GLBA is a plus