Privacy Design & Governance Director, Privacy-by-Design (Remote)

About The Position

Requirements

• Bachelor’s degree in Healthcare Administration, Risk Management, Information Systems, Legal Studies, Public Policy, or a related field (JD or MBA/MHA preferred).
• 5–8 years of privacy, compliance, or data governance experience within a HIPAA-regulated organization.
• In-depth knowledge of the HIPAA Privacy, Security, and Breach Notification Rules, GLBA Safeguards and Privacy Rules, and major U.S. state privacy laws.
• Expertise in privacy-by-design, PIAs, and risk analysis.
• Demonstrated experience in privacy program development, policy design, risk management, and cross-functional advisory work.
• Exceptional communication, leadership, and stakeholder management skills, with the ability to influence at all levels.
• Strong analytical and problem-solving skills; ability to translate regulatory requirements into actionable guidance.
• Excellent writing and communication skills for policies, training, and executive reporting.
• Cross-functional collaboration and leadership experience across Legal, Security, IT, and Product.
• Vendor risk and contract review advisory experience.
• Ability to foster a culture of privacy accountability and continuous improvement.
• Infrequent travel
• Ability to provide personal transportation from time to time.
• Occasionally lifts up to 25 pounds.
• Prolonged periods of sitting at a desk and working on a computer

Nice To Haves

• Relevant privacy certifications (CIPP/US, CIPM, CHPC, CHPS, or equivalent) preferred.
• JD or MBA/MHA preferred

Responsibilities

• Build and maintain a privacy control framework that maps requirements across HIPAA, GLBA, state privacy laws, FTC expectations, and other applicable federal regulations.
• Manage comprehensive standards addressing data sharing, de-identification, artificial intelligence and machine learning, and vendor data handling.
• Manage the organization’s privacy-by-design framework, ensuring privacy considerations are embedded early in new product development, marketing initiatives, and business processes.
• Lead a privacy advisory program that provides timely, practical, and risk-based guidance to business units on compliant data use and sharing.
• Assist the CPO with stakeholder engagement and change management efforts, ensuring privacy requirements are clearly communicated, understood, and adopted across all departments.
• Develop and manage the Privacy Impact Assessment (PIA) process to evaluate risks associated with new systems, projects, and technologies involving PHI, PII and NPPI.
• Partner with Product, Engineering, and Security teams to define privacy control requirements and technical guardrails within design and deployment lifecycles.
• Support Marketing, IT, Security, Legal and Data Sciences teams in ensuring compliant practices related to data profiling and tracking technologies.
• Advise business units on individual rights processing (access, correction, deletion, opt-out) and ensure operational readiness for consumer privacy requests.
• Assist CPO in the maintenance of privacy policies and procedures, workforce training, and deliver targeted privacy training for business units.
• Monitor evolving HIPAA, GLBA, state, and federal privacy regulations, assessing their impact on organizational operations and policies.
• Provide guidance and thought leadership on emerging privacy trends, regulatory expectations, and enforcement priorities.
• Provide guidance and monitor compliance with the records retention policy to ensure proper administration in accordance with applicable laws and best practices.
• Recruits, interviews, hires, and trains new staff.
• Oversees the daily workflow of the department.
• Provides constructive and timely performance evaluations.