Business & Policy Analyst

***This position is mostly remote, but DIT may want them to attend an in-person meeting from time to time so they’d prefer someone driving distance from our office in Raleigh.

Requirements

• Able to articulate IT value propositions from both a business and technical perspective
• Experience writing and reviewing IT, privacy, and/or security policies.
• Ability to develop business case/ROI for IT value propositions
• Ability to transfer knowledge and other important or relevant information to others in the engagement channel
• Matrix management skills for DIT, client, vendors, and other involved parties/resources
• Ability to participate in the project to deliver the proposed and agreed upon solution
• Understanding of general IT architectural principles
• Excellent verbal and written communication skills including the ability to interact and communicate effectively with “S” level client executives
• Vertical business expertise and/or knowledge of horizontal solution capabilities
• Solid vendor interaction and management skills at a project level
• Ability to transfer knowledge and other important or relevant information to others in the engagement channel
• Strong knowledge of and experience with business software technology, analysis tools and business case analytics
• Detail oriented professional with experience using M365 applications to draft, review, outline, and understand business processes and policies
• Experience with NC statewide security and privacy policies

Preferred Skills:

• Experience with NIST 800-53 rev5, NIST RMF and familiarity with NIST Privacy Framework, and NIST AI Framework.
• Experience developing a crosswalk or matrix of data classification and privacy and security controls.
• Experience creating, reviewing, and/or refining system data dictionaries with stakeholders.
• Experience with data asset classification of federally regulated stated and NC state-owned and controlled data, to include retention schedules.
• Experience developing and implementing standard operating procedures (SOPs) with regard to information privacy and security.
• Experience manually creating data dictionaries in Excel to record data owner, data table names, system business names, retention schedules, aligned privacy policies and notices, etc.

Skill Matrix

• Experience with NIST 800-53 rev5, NIST RMF and familiarity with NIST Privacy Framework, and NIST AI Framework. Required 5 Years
• Experience developing a crosswalk or matrix of data classification and privacy and security controls. Required 5 Years
• Experience creating, reviewing, and/or refining system data dictionaries with stakeholders. Required 5 Years
• Experience with data asset classification of federally regulated stated and NC state-owned and controlled data, to include retention schedules. Required 5 Years
• Experience developing and implementing standard operating procedures (SOPs) with regard to information privacy and security. Required 5 Years
• Experience manually creating data dictionaries in Excel to record data owner, data table names, system business names, and retention schedules. Required 5 Years
• Experience manually creating data dictionaries in Excel to record aligned privacy policies and notices, etc. Required 5 Years
• Experience with NC statewide security and privacy policies. Highly desired 5 Years