Job ID: JOB_ID_4294
Job Summary:
We are seeking an experienced contractor to design, develop, and help stand up a comprehensive privacy program at the Wisconsin Department of Administration. This role offers a unique opportunity to establish a best-in-class privacy program for a government agency. The contractor will be responsible for developing, documenting, and implementing privacy program policies and plans to enhance privacy governance, compliance, and risk management practices.
Scope of Work:
1. Policy & Governance Framework Development:
- Establish privacy procedures tailored to the agency’s operations.
- Establish a privacy governance structure, including roles and responsibilities.
- Define key performance indicators (KPIs) for privacy program success.
2. Regulatory Compliance & Risk Management:
- Create processes to ensure compliance with federal, state, and local privacy laws and regulations.
- Create processes for Privacy Threshold Assessments (PTAs) and Privacy Impact Assessments (PIAs).
- Identify systems that process personally identifiable information (PII) and other regulated data, and identify key stakeholders associated with those systems per NIST Risk Management Frameworks.
3. Training & Awareness:
- Create privacy communication materials, best practice guidelines, and training.
- Develop/recommend best practices to foster a culture of privacy compliance within the agency.
4. Incident Response & Data Breach Management:
- Develop privacy mandates within existing incident response plans.
- Establish procedures for reporting and remediating privacy incidents.
5. Vendor & Third-Party Risk Management:
- Conduct privacy assessments of key vendors and partners.
- Recommend strategies to standardize contracting and data sharing agreements (DSAs) and/or templatize appropriate data protection and privacy clauses within contracts.
6. Privacy Technology & Automation:
- Assess and recommend privacy-enhancing technologies (PETs) and automation tools.
- Support integration of data/privacy tools and controls into agency IT systems, including the governance, risk, and compliance (GRC) platform.
- Collaborate with IT and security teams to embed privacy by design principles into all aspects of the system development lifecycle (SDLC).
Required Qualifications & Competencies (8-10 Years of Relevant Experience Required):
- Excellent communication skills and the ability to engage with stakeholders at all levels, translating complex technical and legal ideas to business stakeholders and decision-makers.
- Demonstrated experience in privacy program process development and implementation.
- Strong knowledge of NIST Risk Management Frameworks (e.g., NIST RMF, NIST PF, NIST CSF).
Well Qualified Applicant Qualifications & Competencies:
- Knowledge of privacy laws and regulations (e.g., GDPR, CCPA, HIPAA).
- Experience conducting privacy impact assessments and developing privacy processes.
- Strong project management skills.
- Ability to execute strategic privacy initiatives independently, with general/minimal oversight.
- Expertise in risk management, data governance, and compliance frameworks.
- Professional certifications such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT) or similar preferred.
Contract Duration:
Initial contract term: 6-9 months. Extension likely.
Reporting Structure:
This is a joint initiative between DOA’s Division of Legal Services and DOA’s Division of Enterprise Technology. The contractor will report to DOA’s Lead Privacy Counsel with dotted line reporting responsibilities to the State of Wisconsin CIO, CISO, CTO, and DOA’s Data Manager.
Top Required Skills & Years of Experience:
- Excellent communication skills and the ability to engage with stakeholders at all levels, translating complex technical and legal ideas to business stakeholders and decision-makers. (8-10+ years)
- Demonstrated experience in privacy program process development and implementation. (8-10+ years)
- Strong knowledge of privacy laws and regulations (e.g., GDPR, CCPA, HIPAA) and NIST Risk Management Frameworks (e.g., NIST RMF, NIST PF, NIST CSF). (8-10+ years)
Nice to Have Skills:
- Expertise in risk management, data governance, and compliance frameworks.
- Experience conducting privacy impact assessments and developing privacy processes.
- Strong project management skills with the ability to execute strategic privacy initiatives.
Special Requirements
Must be CURRENT WI residents. No relocation allowed. Primarily remote with 1 day PER MONTH onsite at Madison office. Need Local Candidates. Need Active LinkedIn. Interview Process: virtual via Teams.
Compensation & Location
Salary: $110,000 – $150,000 per year (Estimated)
Location: Madison, WI
Recruiter / Company – Contact Information
Email: el@vyzeinc.com
Recruiter Notice:
To remove this job posting, please send an email from
el@vyzeinc.com with the subject:
DELETE_JOB_ID_4294