Privacy Operations & GRC Specialist (K-12 EdTech)
Project Brief: Privacy Operations & GRC Specialist (K-12 EdTech) Target: Part-time/Project-based Consultant Estimated Commitment: 5–10 hours per month The Goal: To manage the "Slog Work" of K-12 compliance artifacts and district-level contracting for Stage Management Group (SMG). Core Responsibilities: •SDPC Registry Management: Act as the primary operator for the Student Data Privacy Consortium (SDPC) Resource Registry.
- NDPA Workflow: Handle the intake and signing of National Data Privacy Agreements (NDPAs) with school districts, ensuring state-specific exhibits are correctly applied.
- Artifact Development: Using our SMG K-12 Compliance Master v2 spreadsheet as a roadmap, draft and maintain the necessary "Universal Artifacts," including:
- K-12 Privacy Policy (FERPA/COPPA compliant).
- Data Map/Inventory (Incidental vs. PII).
- VPAT (Accessibility) summary.
- Framework Mapping: Periodically audit our progress against the CoSN K-12CVAT and A4L interoperability standards.
- Liaison: Serve as the first point of contact for school district IT/Privacy officers to clear technical "Beta Gates".
Required Expertise:
- Proven track record with A4L/SDPC standards and the NDPA.
- Deep knowledge of FERPA, COPPA, and state-level privacy laws (SOPPA, SOPIPA, etc.).
- Experience with GRC (Governance, Risk, and Compliance) workflows.
- Bonus: Experience with AI-specific privacy regulations (e.g., Colorado AI Act).
Apply tot his job Apply To this Job