Manager, Privacy and Records Governance

About The Position

Requirements

• Bachelor’s degree in Business Healthcare Administration, Information Management, Law, Public Health, Information Security, or a related field required.
• 5+ years of healthcare privacy, data protection, records management, compliance, risk management, or a related field.
• Experience working with healthcare privacy laws and regulatory frameworks, including HIPAA, breach notification requirements, applicable state privacy laws, and records retention/information governance requirements.
• Strong knowledge of healthcare privacy requirements, privacy program governance, and operational privacy controls.
• Demonstrated ability to assess privacy risk and to monitor and translate regulatory requirements into practical business processes and controls.
• Experience using privacy management, governance, or incident tracking tools (such as TrustArc, Radar, or similar platforms).
• Strong analytical, organizational, and project management skills, with the ability to manage multiple priorities in a fast-paced environment.
• Strong written and verbal communication skills, including experience preparing presentations, regulatory communications, and practical business guidance.
• Ability to work collaboratively across Legal, Compliance, Information Security, Information Technology, and business teams, and effectively manage external partners and contractors.
• Strong problem-solving skills with an ability to communicate effectively with technical and non-technical stakeholders across Option Care
• Working knowledge of records retention, information lifecycle management, and defensible disposition principles.
• Ability to integrate privacy, records governance, and data lifecycle requirements into practical operational processes and controls.

Nice To Haves

• Advanced degree preferred.
• Professional compliance, privacy, and/or AI certification, such as CHPS, CIPP/US, CIPM, or AI governance certification.
• Experience in healthcare services, specialty pharmacy, infusion therapy, provider organizations, or other highly regulated healthcare environments.
• Experience supporting records management, information governance, retention scheduling, or enterprise records compliance programs preferred.

Responsibilities

• Manage day-to-day privacy incident intake, tracking, investigation support, and resolution, including maintaining accurate records of incidents, audits and assessments.
• Support breach response activities, including drafting patient and regulatory notifications, coordinating with internal stakeholders, and assisting with regulatory submissions as appropriate.
• Administer and optimize privacy program tools (e.g. Radar, TrustArc) to support incident management, assessments, and reporting.
• Prepare privacy incident and trend reporting for leadership and regulatory purposes, including identifying opportunities for control improvement.
• Support continuous improvement of the enterprise privacy program through enhancements to policies, controls, metrics, processes, and supporting tools.
• Partner with the Vice President, Chief Privacy Officer & Data Protection to translate evolving privacy, AI, and digital health requirements into practical governance and operational practices.
• Manage third-party contractors and external resources supporting privacy program initiatives and operations.
• Support governance for the company’s processes to conduct de-identification of sensitive data
• Conduct privacy audits, monitoring, and compliance assessments to evaluate adherence to HIPAA, applicable state privacy laws and organizational policies.
• Perform privacy risk assessments for new projects, business development initiatives, vendors, technologies, and AI-enabled initiatives, and support remediation of identified gaps.
• Track and analyze privacy program metrics and prepare reporting and presentations for leadership.
• Develop, review and update privacy policies, standards, and procedures under the direction of the Vice President, Chief Privacy Officer & Data Protection.
• Support enterprise privacy training, awareness, and educational initiatives that promote a strong culture of privacy and responsible data stewardship.
• Manage day-to-day administration of the company's record management program including records retention defensible disposition records classification and policy implementation.
• Help develop and maintain records retention schedules procedures and governance standards consistent with legal regulatory operational and business requirements.
• Oversee third party vendors and contractors supporting record storage retrieval retention and destruction activities.
• Partner across the organization to strengthen information lifecycle management practices including appropriate retention minimization and secure disposition of information assets.

Benefits

• Medical, Dental, & Vision Insurance
• Paid Time off
• Bonding Time Off
• 401K Retirement Savings Plan with Company Match
• HSA Company Match
• Flexible Spending Accounts
• Tuition Reimbursement
• myFlexPay
• Family Support
• Mental Health Services
• Company Paid Life Insurance
• Award/Recognition Programs