Senior Business Analyst Job at TEKsystems in Orlando
TEKsystems, Orlando, FL, US
Job Description
12 month contract
Top Three Skills:
1) Technical experience supporting GRC projects related to data sensitive or data privacy is needed (PHI and PII)
2) Experience as a business process analyst supporting GDPR, CCPA compliance related initiatives- strong documentation and facilitation skills (creating process flows, process modeling and process maps)
3) Strong verbal and written communication skills- Our client is a matrix environment and this person will be working not only with technical teams but also C-level executives
Job Description:
TEKsystems is looking for a business process analyst to support and bring our client's guest fulfillment product into compliance w/multiple security mandates driven by the government -GDPR and CCPA (more notes in business challenge around GDPR vs CCPA and how it' going to impact USA overall)
CCPA overview:
Businesses have a track record of using personal information to benefit their own agenda: the California Consumer Privacy Act (CCPA) will serve to protect California consumer rights and encourage stronger privacy and greater transparency overall. It will give consumers ownership, control, and security over their personal information – and consumers will have the ability to request that any business disclose (and delete) the personal information that it collects, and request that their data not be sold to third parties
The California Consumer Privacy Act defines a business as a for-profit entity that collects consumer personal data. So, if you’re a business in the state of California that meets at least one of the following thresholds, you may be subject to compliance:
Businesses that earn $25,000,000 or more a year in revenue
Businesses that annually buy, receive, sell or share personal information of 50,000 or more consumers, households or devices for commercial purposes
Business that derive 50% or more of its annual revenue from selling consumer personal information
Under the CCPA, California citizens will have the ability to bring a civil action lawsuit against companies that do not abide by the law. The state can also bring these charges to a company directly — charging a $7,500 fine for any violation that is not addressed within 30 days.
Description:
Document and identify gaps in IT and business processes through process mapping to illustrate current and future state.
Skills and Competencies:
Ability to quickly learn organizational structure, business strategies and processes. Knowledgeable on business process modeling, process mapping. Capable of writing clear and well-structured business requirements documents. Contributes to the development of detailed level process maps to facilitate requirements gathering, gap analysis and for training use. Ability to resolve minor conflicts/issues using different tactics for prior to escalation. Work with team members to understand the needs of the project. Strong verbal and written communication skills. Strong facilitation and presentation skills.
Major Job Duties and Responsibilities:
Identify and analyze business problems and defines the scope of activities required to address the issues, including requirement definition, process review, impact assessment and operational streamlining where appropriate.. Is involved in all aspects of projects, including documentation of project needs, analysis/research of needs and possible solutions, identifying technology and business solutions, gathering, documenting and updating business requirements; reviewing workflow process mapping; developing business testing strategies and working with project members to execute the test plan, recommending preferred solutions, and implementing recommendations. Manages project documentation (implementation plan, issues log, process maps, etc.) and documents process flows and gaps. Assess, research, analyze and document sponsor/stakeholder needs. Support the Project Manager in planning, executing, controlling and closing phases. Develop and maintain strong relationship with business partners and internal/external team members. Identify issues and escalates/manages resolution as required. Coordinates and provides support to the business with the process implementation. Perform other duties as assigned.
Work Environment:
Matrix environment
Who is the Internal/External Customer:
The client's legal and technology teams
Impact to the Internal/External Customer:
Internal: Under CCPA/GDPR law companies have to be compliant/prepared, if not addressed in 30 days there will be a civil action lawsuit/fine
External: Protect consumer PII
Business Challenge:
This Role will support the GDPR/CCPA program compliance. GDPR stands for General Data Protection Regulation, an EU mandate regarding the privacy and security of EU citizen’s data. The initial deadline for compliance to GDPR was May 25th, 2018. The penalty for not being compliant or having a defensible plan of reconciliation is a fine of 4% of the company’s global revenue. CCPA (California consumer privacy act) is an American version/evolution of GDPR. It went into effect in California on Jan 2020. More states are to follow and companies MUST start doing this now in order to protect themselves from potential civil lawsuits/and fines.
Governments are beginning to take data privacy very seriously. Like the GDPR, the CCPA will have far-reaching impacts across state jurisdictions. And, although the CCPA just went into effect, we’ve learned from the GDPR that there isn’t a lot of time to become compliant. It’s important to start preparing now: being prepared will save a company a lot of headaches (and costly enforcement actions) in the future. Meeting subject access requests – whether for GDPR, CCPA, or another regulation – can be especially difficult to achieve: you need to be able to identify content related to a data subject, classify and protect consumer data, and sometimes even delete upon request.
EVP:
Working in the fastest growing business unit. Being able to come to the team with potential for extensions down the road. Working in a unique environment that doesn't compare to other companies. There is opportunity to go perm because our client's team is doubling in size over the next two years.
Non-Technical Skills:
Analyze the security findings and collaborate with team to determine the appropriate course of action. Elicit and document requirements for each Fulfillment application in scope for each of the compliance work-streams. Schedule and facilitate requirements and design meetings as needed. Record and publish accurate meeting notes. Coordinate the successful remediation of all security findings. Communicate updates to direct leadership team. Ensure that all sources of application and security information is updated in all appropriate systems. Produce diagrams and update product road maps as needed. Coordinate with in-house engineers and 3rd party product vendors on design, estimation, and custom development efforts required to remediate security findings. Assist with oversight of the technical delivery team and liaise with the overall Program Manager. Drive teams to end goals. Must be extremely analytical. Must have experience working with technical teams (be tech savvy). Coordinate with QA engineers to ensure comprehensive and successful testing.