Director Privacy Officer

About The Position

Requirements

• 10+ years of experience developing and implementing privacy programs in a healthcare setting
• Deep expertise in HIPAA and non-HIPAA privacy laws
• You thrive in environments where uncertainty is the norm, demonstrating confidence in making decisions amid incomplete information and evolving facts.
• Proficiency in data governance, data lineage, tagging and segmentation.
• Excellent communication skills to present and explain complex privacy matters to executive and senior leadership with solution-orientation.
• Works independently, demonstrating elite subject matter expertise and strategic stakeholder management.

Nice To Haves

• Juris Doctor Degree and member in good standing of at least one bar
• 3+ years in healthcare technology
• Experience in a Privacy Equity-backed organization
• High proficiency with OneTrust Privacy certification
• Specialist knowledge of privacy and data security matters in the healthcare sector
• Proactive, practical, solution-oriented approach
• Strong cross-functional partnering skills
• 3+ years of people management experience or experience in roles showing progressive leadership

Responsibilities

• Lead the Privacy vertical within the Compliance team to advance enterprise objectives, ensuring strategic and operational alignment with privacy-related laws, regulations, policies, and contractual requirements as advised and handed off by Legal Affairs.
• Oversee, train, hire, develop, and coach staff to drive outcomes and behaviors consistent with the Department’s purpose and service delivery model.
• Assign responsibilities to team, delegate, and manage team to ensure appropriate coverage and back-up support to meet enterprise needs.
• Serve as senior leader on the Compliance team to develop, implement, and execute strategic vision, including team meetings, brainstorming sessions, trainings, and team building activities.
• Independently solve or ensure that solutions are provided for the development and ideation of products and across product life cycles.
• Design and deploy operational strategies and plans to meet the privacy-related needs of customers and rights of individuals.
• Lead privacy incident readiness and response plan; in the event of a cyber incident, provide privacy subject matter expertise throughout an investigation and breach response, at the direction of Legal.
• Partner with Data Governance, Information Security, Legal Affairs and others to ensure that key internal stakeholders are aligned on risk assessments, breach mitigation and notification, data use analyses, etc.
• Oversee and direct assigned team members in the subpoena intake and response process in coordination with the VP, Legal Affairs.
• Act in accordance with the Department’s service delivery model.
• In collaboration with the Corporate Compliance Director, conduct a regular privacy risk assessment and design, modify, and deploy a risk treatment plan that is responsive to such assessment.
• Keep apprised of privacy developments (legislative, enforcement, etc.) and best practices, and proactively share intelligence with the Chief Compliance Officer, Chief Legal Officer, and senior leaders in the Company as appropriate.
• Ensure that inquiries or requests that relate to Privacy are appropriately and efficiently handled by the team (including but not limited to complaints, PHI access requests, opt-outs, and requests for accounting of disclosure).
• Analyze and draw insights therefrom.
• Ensure appropriate privacy-related policies are in place.
• Develop and report relevant privacy metrics and insights to the Corporate Compliance Committee and other leadership forums.
• Ensure that engaging training is delivered to Company personnel, including tailored educational experiences for key groups or roles, and ensure that there is appropriate awareness of privacy matters by Company personnel.
• Ensure that any alleged privacy violations or potential issues are investigated, and partner with others as needed to ensure proper mitigation.
• Ensure that appropriate response plans are in place for possible privacy breaches and provide training to personnel as necessary to promote readiness to enact such plans.

Benefits

• comprehensive healthcare (including infertility coverage)
• generous paid time off including paid childbirth and parental leave and mental health days
• pet insurance
• 401(k) with company match and immediate vesting