Assists in professional work examining, evaluating, and/or monitoring conformity with laws, regulations, privacy, or other business standards. Participates in licensure and permit compliance activities.
This class is intended for entry-level professional compliance activities in a state agency.
Performs research and supports evaluation of the agency’s compliance programs and associated policies, standards, procedures and controls. Supports the development of compliance documentation to guide employees in confirming that compliance standards are incorporated into the agency’s processes, initiatives and development of information systems. Assists senior analysts in classifying information assets across the agency based on the data classification schema. Monitors the status and effectiveness of controls across departments, and provides reporting and escalation when needed. Assists in the investigation and documentation of complaints and reports results to management. Assists senior analysts in performing review of information systems and/or processes to identify privacy-related vulnerabilities. Participates in the response plan for violations of the agency’s privacy and other compliance programs and associated policies, and provides communication to internal departments, including remediation steps. Reports violations of compliance or regulatory standards to duly authorized enforcement agencies as appropriate or required. Assists in deployment of compliance and privacy training awareness and communication programs to educate and update employees on requirements. Participates in the planning and development of information security and privacy audits. Performs investigations, accountability audits and other duties related to alleged violations of all applicable statutes, standards, rules, and regulations. Monitors the agency’s compliance with established information security policies, standards, procedures and controls, by scheduling and assisting senior auditors to perform periodic compliance audits. Supports audits of the agency’s information security and privacy policies, standards, procedures and controls to determine potential risks. Documents information security and privacy audit results and findings and prepares them for internal review. Identifies current information security and privacy controls and evaluates their operating effectiveness. Informs leadership regarding pending legal, regulatory or industry changes, trends, best practices and assesses the potential impact of these changes on agency processes. Consults legal staff as necessary to address difficult legal compliance issues.
Knowledge of applicable internal and/or external regulatory policies, standards, procedures and controls. Ability to understand information privacy laws, policies, procedures and technology. Ability to communicate effectively with others orally and in writing. Knowledge of relevant laws and regulations. Ability to establish and maintain interpersonal relationships. Ability to use relevant information and individual judgment to determine whether events or processes comply with laws, regulations, or standards. Ability to analyze data and information in making decisions and solving problems.
A high school diploma and relevant work experience. A bachelor’s degree may be substituted for the required work experience.