Privacy Lead Consultant

About The Position

Requirements

• Required Bachelor's Degree Compliance, Audit, Business; or equivalent experience
• Required 7+ Years privacy, planning, administration, audit, or compliance management role
• Must have a full understanding of legal and regulatory requirements relating to Privacy in the healthcare sector including Federal and State legislative mandates and requirements to safeguard Protected Health Information (PHI) and/or Personally Identifiable Information (PII).
• Experience with the Health Insurance Portability and Accountability Act (HIPAA).
• Knowledge and experience in project and change management.
• Knowledge of vendor management and contract administration.
• Relationship, facilitation, presentation and communication skills; ability to collaboratively plan, document, and present privacy risks and achieve buy-in from system custodians and business owners.
• Certified Information Privacy Professional (CIPP) - IAPP

Nice To Haves

• Preferred Juris Doctor

Responsibilities

• Builds and operationalizes BCBSA's privacy program, including conducting privacy impact assessments, HIPAA risk assessments, and responding to privacy incidents impacting BCBSA's business units in compliance with applicable policies, procedures, and legal requirements.
• Collaborates across BCBSA on privacy related matters, including with legal, information security, enterprise risk management, and data governance on privacy-related contracting, privacy risk identification and risk mitigation.
• Supports the BCBSA Incident Response process, including the BCBSA Privacy Response Plan, engagement with Blue System colleagues on Systemwide incident response, and conducts regular exercises of incident response plans.
• Participates in the development and operationalizing of BCBSA's privacy training program, as well as supplementing that training with ongoing awareness.
• Collaborates with BCBS organizations to share best practices, and either leads or assists with establishing privacy training and educational sessions internally across BCBSA and externally, across the Blue System.
• Lead and support enterprise privacy initiatives, including the development, implementation, and maintenance of privacy policies, procedures, standards, and controls.
• Design, deliver, and maintain privacy training and awareness programs to promote a strong culture of privacy compliance across BCBSA.
• Provide subject‑matter expertise on privacy regulations and requirements, including HIPAA Privacy and Security Rules, state privacy laws, and emerging domestic and international privacy obligations.
• Support and participate in HIPAA and privacy risk assessments, including control evaluations, gap analyses, and remediation planning.
• Assist the Compliance and Privacy Official with privacy investigations, including intake, analysis, documentation, and resolution of privacy complaints and potential violations.
• Support and coordinate privacy incident response and breach notification activities, including fact‑finding, regulatory analysis, internal coordination, and external notifications as required.
• Serve as a point of contact for privacy‑related matters across the enterprise, providing guidance to business areas, legal, compliance, IT, and other stakeholders.
• Assessing and advising on privacy risks associated with vendors, third parties, and Business Associates, including supporting contract reviews, negotiations, and risk mitigation strategies.
• Engaging with external stakeholders—such as regulators, counsel, vendors, or partners—when responding to privacy incidents, investigations, or inquiries.
• Supporting the integration of privacy requirements into business processes, projects, and initiatives, including privacy‑by‑design and privacy‑by‑default practices.
• Monitoring regulatory developments and emerging privacy risks and providing impact assessments and recommendations to leadership.
• Supporting audits, examinations, and assessments related to privacy, and coordinating responses to internal and external audit requests.
• Contributing to enterprise risk management and compliance activities related to privacy, including issue tracking, corrective actions, and reporting.
• Developing and maintaining privacy metrics, documentation, and artifacts to support governance, oversight, and continuous improvement.
• Collaborating across BCBSA to promote consistent, compliant handling of personal and protected information.

Benefits

• paid time off
• 11 holidays
• medical/dental/vision insurance
• generous 401(k) matching
• lifestyle spending account