Privacy Manager

Summary

Join Gravie as their Privacy Manager and play a critical role in safeguarding sensitive information, ensuring compliance with privacy laws and regulations. Develop, implement, and monitor privacy policies and procedures. Manage privacy incidents and collaborate cross-functionally to embed privacy-by-design principles. This role requires a strong understanding of HIPAA and broader healthcare privacy practices. You will conduct risk assessments, monitor changes in privacy laws, lead incident investigations, and collaborate with the Information Security team. The position also involves advising on privacy principles, participating in vendor due diligence, preparing for audits, and serving as a subject matter expert.

Requirements

• Bachelor's degree in a relevant field (e.g., Healthcare Administration, Information Systems, Legal Studies, Business)
• 3-5 years of progressive experience in privacy compliance within the healthcare industry, with a strong preference for experience on the payer, health plan, or carrier side
• Demonstrated in-depth knowledge of HIPAA (Privacy, Security, and Breach Notification Rules) is required
• Proven experience in privacy incident response and tracking
• Familiarity with information security principles and practices, and experience collaborating with InfoSec teams
• Strong analytical, problem-solving, and critical thinking skills
• Excellent written and verbal communication skills, with the ability to translate complex legal and technical concepts into clear, actionable guidance
• High level of integrity, discretion, and ethical conduct

Responsibilities

• Assist in the development, implementation, and maintenance of comprehensive privacy policies, procedures, and training programs in alignment with applicable laws and industry best practices
• Conduct regular privacy risk assessments and impact analyses to identify and mitigate potential privacy vulnerabilities
• Monitor changes in privacy laws and regulations, assessing their impact on company operations and recommending necessary adjustments to policies and practices
• Lead or assist in the investigation and resolution of privacy incidents, including potential breaches of Protected Health Information (PHI) and other sensitive data
• Manage the incident response lifecycle from detection and containment to eradication, recovery, and post-incident analysis
• Maintain accurate records of all privacy incidents, investigations, and remediation efforts
• Ensure timely and compliant breach notification processes as required by HIPAA and state laws
• Collaborate closely with the Information Security team on data protection initiatives, ensuring privacy requirements are integrated into security controls and data governance frameworks
• Advise on privacy-by-design principles for new products, systems, and processes
• Participate in vendor due diligence processes, particularly regarding Business Associate Agreements (BAAs) and data handling practices
• Prepare for and support internal and external privacy audits, including HIPAA compliance assessments
• Assist in the preparation and maintenance of documentation for SOC 2 (Service Organization Control 2) audits related to privacy criteria
• Contribute to regulatory reporting requirements related to privacy
• Serve as a subject matter expert on privacy matters, providing guidance and support to internal departments (e.g., Legal, IT, HR, Product, Operations, Sales)
• Review and approve language related to privacy in member communications, contracts, and marketing materials
• Manage privacy-related inquiries and requests from members, clients, and regulatory bodies

Preferred Qualifications

• Understanding of other privacy frameworks and regulations strongly preferred, including:o Gramm-Leach-Bliley Act (GLBA)o General Data Protection Regulation (GDPR)o Various state-specific privacy laws (e.g., CCPA, CPRA, VCDPA, CPA)
• Experience with audit readiness and/or SOC 2 preparation is a plus
• Certified Information Privacy Professional (CIPP/US, CIPP/E)
• Certified Information Privacy Manager (CIPM)
• Certified in Healthcare Privacy and Security (CHPS)

Benefits

• Standard health and wellness benefits
• Alternative medicine coverage
• Flexible PTO
• Up to 16 weeks paid parental leave
• Paid holidays
• A 401k program
• Cell phone reimbursement
• Transportation perks
• Education reimbursement
• 1 week of paid paw-ternity leave