Privacy & Security Enterprise Engagement Officer

About The Position

Requirements

• Bachelor's Degree in Information Security, Information Systems, Risk/Compliance, Business, Law, or Compliance related capabilities or equivalent experience as a paralegal required
• 7+ years privacy/security, risk, or compliance within the managed care, payer/health plan industry. required
• 5+ years identifying, analyzing, and communicating security or privacy control requirements within the context of health plan operations, processes, and systems. required
• Experience in assessing and interpreting contract and regulatory requirements, translating them into control-based operational capabilities, and ensuring delivery across multiple stakeholders. required
• Experience interpreting, implementing and ensuring compliance with State & Federal Privacy, Cybersecurity & AI laws & regulations applicable to healthcare payors and related business entities (i.e., HIPAA/HITECH, CCPA/CPRA, CPA, CTDPA, CAIA, VPA, COPPA, TCPA, etc.). required
• CISSP / CISM Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) Upon Hire required

Nice To Haves

• Master's Degree in a related field preferred
• Juris Doctor (JD) preferred
• Certified Information Privacy Professional (CIPP/US), Artificial Intelligence Governance Professional (AIGP), Certified Risk and Information Systems Control (CRISC) or Certified Information Security Analyst (CISA)) or equivalent preferred

Responsibilities

• Partners with either Health Plans or Shared Services to translate privacy, security, artificial intelligence (AI), business continuity, and related requirements from client contracts, laws, and regulations into actionable enterprise controls.
• Builds trusted relationships with Health Plan leadership and key stakeholders to ensure contract assurance, readiness reviews, Request for proposal (RFP) support, timely deliverable fulfillment, compliance reporting, and continuous improvement.
• Drives early engagement with Enterprise Privacy, Security and Risk Management (EPSRM) visibility and influence across the organization.
• Lead EPSRM engagement with Health Plans or Shared Services to ensure privacy, security, AI, and business continuity requirements are clearly understood, implemented, and monitored.
• Interpret and translate regulatory, contractual, and legal requirements into operational controls and guide stakeholders on compliance expectations.
• Validate and manage compliance evidence, deliverables, and audit readiness, including responses to regulators, clients, and internal/external auditors.
• Build and maintain strong relationships with leadership, operational teams, and regulators to remove obstacles, resolve issues, and support consistent compliance practices.
• Track regulatory, legislative and contract changes, assess organizational impact, and communicate required actions while supporting scalable control updates.
• Oversee the accuracy and completeness of privacy, security, AI, and business continuity documentation, including plans, attestations, questionnaires, and related submissions.
• Enhance enterprise engagement processes by driving standardized procedures, governance practices, templates, and continuous improvement efforts.
• Support new market entries, RFP responses, contract renewals, and business expansion by providing specialized EPSRM subject‑matter expertise.
• Identify risks and control gaps, recommend mitigation strategies, and contribute to improved compliance maturity across the enterprise.
• Performs other duties as assigned.
• Complies with all policies and standards.

Benefits

• competitive pay
• health insurance
• 401K and stock purchase plans
• tuition reimbursement
• paid time off plus holidays
• a flexible approach to work with remote, hybrid, field or office work schedules