Description
POSITION SUMMARY:
This position will serve as the Chief Privacy Officer for a diverse and heavily regulated financial services company. The successful candidate will focus on directing the Privacy program by providing oversight, guidance, and direction in the development, implementation, and maintenance of consistent, company-wide compliance with applicable laws, regulations, and policies related to the privacy of matters pertaining to Guardian and its subsidiaries and affiliates. The Chief Privacy Officer will also provide daily and ongoing legal advice on many privacy/HIPAA matters involving Guardian’s various businesses. This Leader will also work closely with Information Security & Risk, Legal Counsel, Compliance, Audit, Operations, Business Owners, and Information Technology.
In addition to the highest level of interpersonal skills, Guardian’s new Chief Privacy Officer must have significant experience in and knowledge of data and patient privacy, U.S healthcare fraud and abuse laws and regulations, as well as compliance and/or healthcare matters.
PRINCIPAL ACCOUNTABILITIES:
Ensuring company’s compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the European Data Protection Act, FACTA, FTC, PCI and State privacy and breach notification laws, and employee privacy regulations.
Providing direction, counsel and strategy for the Privacy program, including implementation of a robust governance program that includes company policies and processes covering the privacy and access of patient information in accordance with global, federal, state and local laws.
Enhancing privacy education and training programs and initiatives.
Enhancing effective systems for monitoring, auditing, and measuring the effectiveness of the Privacy program in order to identify successes as well identifying potential areas of privacy vulnerability, risks and areas for further improvement, as well as developing a mitigation process to protect the company and its businesses and functions and ensure compliance.
Developing an appropriate risk identification and mitigation strategy that impacts business to protect it from non-compliance and reputational risk.
Holding primary responsibility for ensuring the implementation, maintenance and revision of, and adherence to, the organization's policies around patient health information and confidential information as necessary to comply with federal and state laws and the company's privacy policies.
Leading the cross-regional Privacy Officer network to embed the privacy program into the organization.
Reporting at least annually to Senior Leadership on the state of the Privacy program as well as reporting to other senior business and regional leadership on privacy initiatives.
Coordinating the privacy program with the IT security organization and related governance to confirm that all policies and processes are integrated across businesses and regions and all privacy and security issues are sufficiently addressed.
Creating and leading cross-functional Incident Response teams, including representatives from areas including, IT, Legal, Human Resources, Internal Audit and others.
Developing internal privacy related templates, business associate agreements, external contracts and other privacy documentation for use across the businesses and regions to address privacy-related issues and concerns.
Continuing knowledge of current privacy regulations, including contractual and operational issues involving HIPAA and other regulations and laws affecting a global diverse financial services company, and assisting businesses and regions to adapt business practices when necessary to ensure compliance.
Developing external contacts and participating in professional organizations that will provide benchmarks for the global privacy program and enhance the understanding of the external environment in order to anticipate new trends and developments in the privacy field.
Performing special projects, as required.
Qualifications
QUALIFICATIONS:
Certified Information Privacy Professional (CIPP) certification desired.
Minimum of 8+ years of experience in the various privacy disciplines (e.g., policy, compliance, incident response, PII inventory, information security, training and awareness, etc.) gained in any combination of a major law firm and/or corporate in-house insurance or financial services position.
Experience with developing and implementing privacy programs, including interaction with executives, adversaries and regulatory personnel.
Prior experience in developing and managing staff.
Knowledge of privacy laws and regulations.
Ability to address complex and challenging issues and communicate effectively with business leaders at all levels to optimize risk management, productivity, and communication.
Ability to work in a dynamic, hands-on, fast-paced environment and respond to questions from business areas and a complex subsidiary organization.
Respect for diversity and ideas of others, willingness to collaborate in a fast-paced team environment and motivation skills are required.
Experience drafting contracts, including business associate agreements.
Experience working with state insurance departments on privacy / data regulatory matters and/or with the Office of Civil Rights.
Demonstrated leadership ability in an organizational setting, law firm and/or corporation Integrity and strong interpersonal skills are essential to success.
Ability to plan, manage and execute multiple projects within budget and on schedule.
Strong project management skills.
Excellent analytical ability, problem-solving and leadership skills.
Outstanding written and verbal communications skills are essential.
EDUCATION:
J.D. from a national law school with excellent academic performance demonstrated.
Prior admission to at least on state bar and admission to NY bar within one year of hire required.
LOCATION:
This position will be located in our New York City, New York office with occasional travel to other Guardian regional offices.