Director of Privacy Compliance

Summary

Join Headway, a Series D health-tech company revolutionizing mental healthcare access, as their Director of Privacy Compliance. You will play a key role in building a national privacy program from the ground up, collaborating with cross-functional teams to implement and maintain privacy compliance efforts. This leadership position requires expertise in healthcare compliance and navigating ambiguity within a rapidly scaling company. You will be responsible for managing privacy incidents, developing training programs, and ensuring compliance with relevant regulations. Headway offers a competitive salary, comprehensive benefits, and the opportunity to make a significant impact on the mental health landscape.

Requirements

• Have 8+ years of experience in privacy compliance or healthcare-related operations, legal, auditing, consulting, or the equivalent combination of experience
• Be deeply knowledgeable on privacy laws, payer requirements, and health care regulation more broadly
• Have proven experience in developing compliance frameworks and leading privacy initiatives as part of a compliance-focused team
• Function well in a high-paced environment and be able to quickly adapt to changing priorities and situations
• Engage, inspire, build credibility, and trust across all levels of the company
• Have the ability to disseminate and translate complex regulatory requirements into actionable requirements
• Have exceptional communication, organizational, project management, and prioritization skills

Responsibilities

• Collaborate with the Security & Privacy teams to ensure operational alignment between security and privacy programs
• Partner with stakeholders to identify, document, and mitigate privacy risks
• Support new and existing products, technologies, and vendor relationships by ensuring privacy risks are evaluated and mitigated
• Provide technical and regulatory guidance to all departments on privacy compliance matters to ensure compliance with applicable regulations and standards
• Contribute to the risk management strategic plan
• Manage privacy incidents and breach notifications required by federal and state law, serving as liaison with federal and state oversight agencies
• Develop and lead strategic role-specific trainings
• Drive cross functional communication and training across the company to ensure compliance with company privacy policies, data-handling policies and procedures, and legal obligations
• Manage data subject requests (DSRs) related to privacy inquiries
• Contribute to security and privacy audits
• Continuously improve privacy and security practices, policies, and standards
• Maintain current and operational knowledge of applicable federal and state privacy laws and regulations including, but not limited to: Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), My Health My Data Act (MHMDA), Confidentiality of Medical Information Act (CMIA)
• Foster a culture of compliance and ethical behavior within our company
• Provide regular compliance reports on the operation, efficacy, and progress of compliance efforts, violations, and risks

Preferred Qualifications

Be certified in relevant areas such as Healthcare Compliance (CHC) or certified in Healthcare Privacy Compliance (CHPC)

Benefits

• Equity Compensation
• Medical, Dental, and Vision coverage
• HSA / FSA
• 401K
• Work-from-Home Stipend
• Therapy Reimbursement
• 16-week parental leave for eligible employees
• Carrot Fertility annual reimbursement and membership
• 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
• Flexible PTO
• Employee Assistance Program (EAP)
• Training and professional development