Sr Program Manager, Data Privacy

About The Position

Requirements

• Bachelor’s Degree, focus on technology or a related field is required.
• 8+ years of professional experience in a role involving privacy, legal, or compliance, preferably in a technology setting or highly regulated industry.
• Strong understanding of HIPPA, GLBA, privacy-by-design, data governance, data lifecycle management, and risk-based privacy practices.
• Ability to translate legal, regulatory, and policy requirements into operational processes, controls, templates, and practical guidance.
• Experience conducting privacy assessments and documenting risks, mitigations, exceptions, and remediation actions.
• Working knowledge of data inventories, mapping, classification, minimization, retention, deletion, and secure data handling.
• Experience supporting vendor, partner, and data-sharing reviews, including API-based integrations and third-party privacy diligence.
• Comfort working with automation and AI-assisted tools, including agentic AI capabilities, in a controlled and responsible manner to improve consistency, efficiency, and scalability of privacy operations.
• Familiarity with privacy issues related to AI, machine learning, advanced analytics, and AI-enabled workflow tools, including appropriate governance and human oversight.
• Experience using platforms such as Graphite Connect, OneTrust, AuditBoard, Salesforce, or similar tools to manage assessments, issues, evidence, remediation, and reporting.
• Strong judgment, stakeholder management, and professional presence, with the ability to communicate clearly and credibly on complex or high-visibility matters.

Nice To Haves

• Juris Doctorate strongly preferred.

Responsibilities

• Manage day-to-day operation of assigned privacy program workflows, including intake, triage, documentation, evidence management, issue tracking, and escalation support.
• Lead day-to-day coordination of the privacy workstream for incidents, including fact gathering, privacy impact analysis support, documentation, and remediation tracking.
• Serve as a primary privacy point of contact for assigned business initiatives and operational privacy matters, coordinating with Security, Legal, and Compliance as appropriate.
• Lead and support information-gathering efforts related to HealthEquity’s complex data environment and apply new or changing privacy practices to new and existing processes and controls.
• Develop and maintain expertise in applicable state and federal privacy laws and regulations, including those involving employee and consumer data privacy, information security, and cybersecurity, as relevant to HealthEquity.
• Maintain policies, procedures, standards, templates, playbooks, and review standars to ensure company compliance, as well as manage the implementation of applicable existing and upcoming privacy laws (CPRA, state laws, federal laws).
• Conduct companywide privacy assessments (NIST, HIPAA, GLBA, etc.) and support Privacy Impact Assessment (PIAs) program for personal data processing activities.
• Identify privacy controls and manage privacy risks; assess control effectiveness and manage risks to the confidentiality of sensitive data including personal information (PII/PHI/NPI).
• Develop training and awareness materials educating workforce on key privacy concepts, controls, and standards for ensuring the confidentiality of sensitive data.
• Conduct privacy review of vendor, partner, client, and data-sharing arrangements, documenting risk positions.
• Assess vendor and software technologies and applications for privacy risks and compliance.
• Support implementation of privacy tooling, automation, and workflow improvements that improve consistency, evidence quality, and program scalability.
• Maintain “regulator-ready” toolkits for response to regulator inquires.
• Work with Product and HR teams to implement compliance (Privacy by Design) across all consumer and worker touchpoints and back-end systems.
• Own or support day-to-day individual rights request operations, including intake, workflow coordination, quality checks, documentation, and SLA tracking.
• Maintain operational dashboards, metrics, and reporting inputs for privacy reviews, requests, incidents, remediation items, and third-party oversight.
• Support audits, regulatory inquiries, client diligence, and internal assurance activities through strong evidence and documentation.

Benefits

• Medical, dental, and vision
• HSA contribution and match
• Dependent care FSA match
• Uncapped paid time off
• Paid parental leave
• 401(k) match
• Personal and healthcare financial literacy programs
• Ongoing education & tuition assistance
• Gym and fitness reimbursement
• Wellness program incentives