Senior Privacy Specialist

AIM OF THE POSITION

The Sr. Privacy Specialist will assist with the development and administration of a comprehensive data privacy program compliant with all applicable laws and regulations (e.g. HIPAA, CCPA, and GDPR) to ensure the protection and confidentiality of Protected Health Information (PHI) and Personally Identifiable Information (PII). This position will provide support and guidance to the organization, as well as remain knowledgeable of current legislation and changes in the regulatory environment.

POSITION WITHIN THE ORGANIZATION

1. Reports to Data Privacy Director

2. Cooperates with all departments

3. Participates in:

– Cross-functional projects and meetings

– Risk assessments and audits

– Education of the workforce on relevant laws and requirements

ESSENTIAL DUTIES AND RESPONSIBILITIES

o Create and update programs, processes, training, and policies that enhance the organization’s compliance with applicable data privacy laws and regulations. 

o Maintain current and operational knowledge of applicable global privacy. 

o Conduct routine monitoring and auditing to assess the organization’s compliance with data privacy requirements and partner with departments to resolve noted gaps.

o Assist with developing monitoring and auditing programs to address high-risk data privacy areas relevant to the organization. 

o Track the execution of business associate agreements and data processing agreements.

o Investigate potential or actual data privacy-related incidents and ensure implementation of appropriate remediations. Assist with data breach notifications required by relevant laws. 

o Execute data protection impact assessments and identify data privacy risks applicable to the organization’s operations. 

o Track and ensure implementation of appropriate mitigating actions to address data privacy-related risks.

o In collaboration with Information Security and business partners, coordinate due diligence reviews of vendors that will handle protected health information and/or personally identifiable data on behalf of the company to ensure their data protection compliance programs are robust. Will ensure appropriate data protection agreements are in place and conduct periodic monitoring of the vendors.  

o Maintain records of processing activities, including mapping of data flows across enterprise systems. 

o Provide training and outreach activities to foster data privacy awareness across the organization.

o Track and assist staff with handling requests from individuals exercising their privacy rights. 

o Collaborate with cross-functional teams (e.g., Legal, IT, Information Security, and Operations) on data privacy-related projects and initiatives. 

o Act as a resource for data privacy-related inquiries and guide staff at all levels.

o Participate in planning the organization’s Data Privacy work and audit plan. 

o Other projects and duties as assigned.

The above listing represents the general duties considered essential functions of the job and is not to be considered a detailed description of all the work requirements that may be inherent in the position.

KEY CONTACTS

Internal

o All departments

External

o Vendors

o Regulatory Bodies

EDUCATION AND EXPERIENCE REQUIREMENTS

EDUCATION

o Minimum Bachelor’s Degree

o Certification in Health Care Privacy Compliance (CHPC) or Certified Information Privacy Professional (CIPP), or Certified Information Privacy Manager (CIPM).

EXPERIENCE

o Minimum of 5+ years of experience within healthcare and global experience required. 

o Experience developing and maintaining a comprehensive data privacy program compliant with all applicable laws and regulations (e.g., HIPAA, CCPA, and GDPR).

o Experience with creating and executing data flow maps and data privacy impact assessments. 

o Experience with reviewing and providing guidance related to data processing agreements. 

o Experience with vendor management.

o Experience with performing data privacy-related monitors, audits, and gap assessments.

o Experience handling data subject privacy rights requests (HIPAA, CCPA, GDPR).

KNOWLEDGE, SKILLS AND ABILITIES (KSA’S)

Specific Knowledge Required:

Knowledge: Comprehension of a body of information acquired by experience or study.

o Extensive knowledge of Global Data Protection Laws, including HIPAA, CCPA, and GDPR.

o Working knowledge of privacy regulations surrounding Artificial Intelligence. 

Skill: A present, observable competence to perform a learned activity.

o Strong analytical skills and ability to interpret complex regulatory requirements.

o Advanced computer skills, including MS Office Suite, excellent report writing, analytical, and project management skills with good attention to detail.

o Experience with the OneTrust platform is a plus.

Ability: Competence to perform an observable behavior.

o Ability to clearly and effectively communicate complex issues and concepts orally and in writing.

o Ability to independently set priorities, adapt to changing business needs, and manage multiple projects within established time frames.

o Strong project management skills, including managing and prioritizing multiple concurrent projects and reporting progress and risks to colleagues and senior management

o Ability to work within a small team, be self-motivated and independent. 

o Ability to partner effectively with individuals at all levels of the organization to address complex compliance and operational issues.

BEHAVIOURAL COMPETENCIES/DESIRED SKILLS

Examples:

o Self-Starter

o Self-organization

o Excellent communication skills

o Perform multiple tasks under minimum supervision

o Can do-attitude; enables change

 · PRIVACY NOTICE:  To review the California privacy notice, click here:  https://agendia.com/privacy-policy/ 

· Employees must not be classified as an excluded individual who is prohibited from participation in any Federal health care program.

WORKING ENVIRONMENT

Establishes ADA (Americans with Disabilities Act) requirements 

ENVIRONMENT/SAFETY/WORK CONDITIONS

Working conditions (inside or outside the office).

o General office environment. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

o Maintains a clean, neat, and orderly work area.

o Adheres to Department Specific Safety Guidelines.

o Standing, sitting, walking, bending, reaching, manual manipulation, and lifting up to 15 pounds.

TRAVEL

Ability to drive/fly routinely internationally and domestically for up to 15%

OTHER DUTIES

Other duties as required by management.