Senior Program Manager - Compliance & Privacy

Summary

Join Gravie as a Senior Program Manager of Compliance and Privacy to manage compliance initiatives and develop data privacy frameworks. Ensure adherence to healthcare industry regulations, including ACA and ERISA. Direct privacy initiatives, conduct internal investigations, map data flows, and monitor privacy regulations. Collaborate with cross-functional teams, develop regulatory change management processes, and provide guidance on regulatory requirements. Serve as a liaison for external inquiries, maintain regulatory documents, and develop a SOC 2 audit readiness process. Build sustainable compliance infrastructure for ongoing audit maintenance. This role requires a Bachelor's degree, 7+ years of experience in a healthcare or similarly regulated industry, and demonstrated expertise in healthcare compliance and data privacy.

Requirements

• Bachelor's degree
• 7+ years of experience in healthcare or similarly regulated industry
• Demonstrated experience specifically in healthcare compliance requirements
• Existing or development of expert knowledge of healthcare privacy frameworks combined with strategic vision to transform compliance requirements into actionable safeguards
• Experience developing and implementing policies and procedures
• Experience in data privacy, or related field
• Strong analytical skills and ability to interpret complex regulatory requirements
• Excellent written and verbal communication skills with ability to translate regulatory and compliance requirements into actionable guidance
• Proven ability to work independently and prioritize multiple competing demands
• Strong project management and organizational skills

Responsibilities

• Advance healthcare compliance and data privacy programs for a fast growing health benefits company
• Direct privacy initiatives, including management of privacy incident response, including investigations, remediation, and regulatory reporting
• Conduct internal compliance investigations, documenting remediation efforts and outcomes
• Map data flows across enterprise systems to identify vulnerabilities, implement appropriate controls, and ensure regulatory compliance throughout information lifecycles
• Monitor privacy regulations (state laws, GLBA, PCI, GDPR) to assess applicability, maintain organizational readiness, and oversee implementation of new requirements
• Collaborate with cross-functional teams (e.g., Legal, IT, Information Security, and Operations) on compliance and data privacy related projects and initiatives
• Assist with development of a regulatory change management process
• Provide guidance and interpretation of complex regulatory requirements to internal stakeholders
• Serve as primary liaison for researching and responding to external regulatory inquiries
• Maintain regulatory documents (SPDs, SBCs, etc.)
• Develop and implement a comprehensive SOC 2 audit readiness process and ensure alignment with Trust Services Criteria (TSC)
• Create sustainable compliance infrastructure for ongoing audit maintenance

Preferred Qualifications

• Previous start up company experience
• Familiarity with laws impacting health plans, such as the ACA, ERISA, and Section 125
• In-depth knowledge of HIPAA privacy and security requirements
• Privacy certifications such as CIPP, CIPM, CIPT, or CISA
• Experience with SOC 2 audit readiness
• Experience with privacy technology solutions and tools
• Knowledge of state and/or international privacy regulations (CCPA, GDPR, etc.)

Benefits

• Standard health and wellness benefits
• Alternative medicine coverage
• Flexible PTO
• Up to 16 weeks paid parental leave
• Paid holidays
• A 401k program
• Cell phone reimbursement
• Transportation perks
• Education reimbursement
• 1 week of paid paw-ternity leave