Director of Privacy and Compliance

About The Position

Requirements

• Applicants must have at least (A) six (6) years of full-time or, equivalent part-time, professional, administrative, supervisory, or managerial experience in a particular specialty (i.e. scientific, professional, or technical) and must possess current license and/or registration requirements established for the performance of the position, of which (B) at least two (2) years must have been in a project management, supervisory or managerial capacity or (C) any equivalent combination of the required experience and substitutions below.
• Substitutions: I. A certificate in a relevant or related field may be substituted for one (1) year of the required (A) experience. II. A Bachelor’s degree in a related field may be substituted for two (2) years of the required (A) experience. III. A Graduate degree or higher in a related field may be substituted for three (3) years of the required (A) experience. IV. A Doctorate degree in a related field may be substituted for four (4) years of the required (A) experience.
• Special Requirements: Current & valid admission to the Massachusetts Bar.

Nice To Haves

• Extensive experience interpreting and applying privacy laws and regulatory frameworks, including those governing public health systems, state ethics and conflict of interest standards, administrative procedure requirements, principles of due process, regulatory promulgation, legislative drafting and analysis, records custodianship, and confidentiality obligations.
• Proven ability to advise senior leadership on legal risk, compliance strategies, and data governance initiatives.
• Demonstrated ability to effectively manage, supervise, and support both legal and non-legal staff, fostering collaboration, accountability, and professional development.
• Experience drafting and negotiating data-sharing agreements, contracts, and interagency agreements within a public sector or healthcare environment.
• Strong knowledge of public records laws and experience managing complex public records requests.
• Capacity to lead or support data breach investigations and implement corrective action plans.
• Familiarity with federal grant compliance requirements related to data privacy and confidentiality.
• Experience developing and delivering training programs on privacy, compliance, and data protection.
• Strong leadership and supervisory experience, with the ability to manage teams, set priorities, and drive results in a complex organization.
• Excellent written and verbal communication skills, with the ability to translate complex legal and regulatory concepts into clear, practical guidance.
• Proficient with Microsoft Office applications including Excel, Word, Outlook, PowerPoint, and Teams

Responsibilities

• Provide strategic oversight of data privacy, confidentiality, and governance across the Department, ensuring alignment with state and federal regulations.
• Represent DPH in securing and managing data-sharing relationships with external entities, including the Executive Office of Health and Human Services (EOHHS) agencies and public health partners.
• Advise and consult with bureaus on data use, confidentiality agreements, and compliance with applicable privacy laws and policies.
• Lead responses to data breaches, including oversight of investigations, risk mitigation, and implementation of corrective actions.
• Develop, implement, and maintain Department-wide confidentiality policies, procedures, and compliance frameworks.
• Collaborate with executive leadership, legal counsel, and IT partners to advance data governance initiatives and modernization efforts.
• Serve as a liaison to EOHHS Information Security and partner with IT teams to address privacy, security, and data-related challenges.
• Oversee compliance with federal grant requirements related to data privacy and confidentiality.
• Direct and manage responses to public records requests, ensuring appropriate disclosure in accordance with legal requirements.
• Review legislation, regulations, contracts, and interagency agreements, providing legal guidance and drafting standardized confidentiality language.
• Lead and support a department-wide privacy liaison program, including training, coordination, and ongoing compliance monitoring.
• Recruit, supervise, and develop staff, fostering a high-performing team while managing workload distribution and supporting professional growth.

Benefits

• Comprehensive Benefits
• When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.
• Want the specifics? Explore our Employee Benefits and Rewards!