Privacy Manager

Cedar•New York City, NY

8d•$148,750 - $175,000•Remote

About The Position

Our healthcare system is the leading cause of personal bankruptcy in the U.S. Every year, over 50 million Americans suffer adverse financial consequences as a result of seeking care, from lower credit scores to garnished wages. The challenge is only getting worse, as high deductible health plans are the fastest growing plan design in the U.S. Cedar’s mission is to leverage data science, smart product design and personalization to make healthcare more affordable and accessible. Today, healthcare providers still engage with its consumers in a “one-size-fits-all” approach; and Cedar is excited to leverage consumer best practices to deliver a superior experience. The Role Cedar is seeking an experienced Privacy Manager to join our Legal & Compliance Team. The Privacy Manager will be responsible for developing, implementing, and maintaining Cedar’s privacy program, with a strong focus on HIPAA, PCI-DSS, and US state privacy law compliance. This role will report directly to the Data Privacy Officer, and involve working closely with Cedar’s engineering, product, and security teams to embed privacy-by-design principles into Cedar’s products and services. The ideal candidate will possess a deep understanding of privacy regulations, data governance models, and data security best practices within the fintech and healthcare sectors.

Requirements

Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Experience: At least 5 years of experience in data privacy, data protection, or data governance roles, with a significant focus on HIPAA and US state privacy laws (e.g., CCPA).
Previous experience in a fintech or healthcare technology environment.
Soft Skills: An enthusiasm for building a great privacy function in a company that’s still growing and scaling Excellent communication and interpersonal skills, with the ability to articulate complex technical and privacy concepts to diverse audiences. Strong analytical and problem-solving abilities. Ability to work independently and as part of a cross-functional team. High level of integrity and ethical conduct.

Nice To Haves

Master's degree preferred.
Certifications (Preferred): CIPP/US, CIPT, CISSP, or an equivalent privacy and security certification.

Responsibilities

Privacy Program Development and Management Develop, implement, and maintain the company's enterprise-wide data privacy program, including policies, procedures, and controls.
Serve as the initial point of contact for most data privacy matters, providing guidance to internal teams on the privacy by design framework.
Monitor and track all program development activities and progress.
Conduct regular privacy risk assessments and impact assessments (PIAs/DPIAs) for new products, services, and processing activities.
Regulatory Compliance Ensure continuous compliance with all applicable federal, state, and international data protection laws, including but not limited to: Health Insurance Portability and Accountability Act (HIPAA) and HITECH Act. California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA). Other state privacy laws (e.g., VCDPA, CPA, etc.).
Oversee and manage responses to data subject access requests (DSARs) and other individual rights requests.
Policy and Procedure Development: Develop and update privacy policies, standards, and procedures.
Ensure documentation of privacy controls and compliance activities.
Training and Awareness: Develop and deliver privacy training programs for various Cedar teams, including Product, Client Managers, and Human Resources.
Foster a culture of privacy awareness throughout the organization.
Audit and Assurance: Assist in internal and external audits related to privacy, HIPAA, PCI-DSS, and US state privacy law compliance.
Work with legal and security teams to respond to regulatory inquiries and ensure audit readiness.
Help Cedar respond to client questions and diligence regarding Cedar’s privacy and security posture.
Incident Response and Investigation Lead and manage the privacy incident response process, including investigation, containment, notification, and remediation of potential privacy breaches.
Collaborate with Legal and Security teams to maintain an up-to-date and effective incident response plan.
Escalate critical privacy matters to the Data Privacy Officer and the executive leadership team.

Benefits

This role is equity eligible
This role offers a competitive benefits and wellness package
Unless stated otherwise, most roles have flexibility to work from home or in the office, depending on what works best for you
For exempt employees: Unlimited PTO for vacation, sick and mental health days–we encourage everyone to take at least 20 days of vacation per year to ensure dedicated time to spend with loved ones, explore, rest and recharge
16 weeks paid parental leave with health benefits for all parents, plus flexible re-entry schedules for returning to work
Diversity initiatives that encourage Cedarians to bring their whole selves to work, including three employee resource groups: be@cedar (for BIPOC-identifying Cedarians and their allies), Pridecones (for LGBTQIA+ Cedarians and their allies) and Cedar Women+ (for female-identifying Cedarians)
Competitive pay, equity (for qualifying roles), and health benefits, including fertility & adoption assistance, that start on the first of the month following your start date (or on your start date if your start date coincides with the first of the month)
Cedar matches 100% of your 401(k) contributions, up to 3% of your annual compensation
Access to hands-on mentorship, employee and management coaching, and a team discretionary budget for learning and development resources to help you grow both professionally and personally

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume