Privacy Officer

About this role 

The person in this role will serve as the Company’s HIPAA Privacy Officer under the direction of the Senior Director of Compliance/Compliance Officer. This position is responsible for overseeing Transcarent’s enterprise-wide privacy program and will also provide support for the Company’s AI governance initiatives, particularly as it relates to data privacy and regulatory compliance. 

What you’ll do 

• Serve as the Company’s HIPAA Privacy Officer and lead the enterprise-wide privacy compliance strategy under the direction of the Senior Director of Compliance. 
• Oversee the day-to-day operations of the Privacy Program, including the development, implementation, and maintenance of policies and procedures to ensure ongoing compliance with applicable privacy laws and regulations (e.g., HIPAA, CCPA/CPRA, and related data privacy laws). 
• Continuously evaluate and update privacy documentation—including policies, procedures, notices, training materials, internal protocols, and third-party agreements—to reflect evolving regulatory requirements, organizational changes, and best practices in privacy management. 
• Define the requirements for Transcarent’s Business Associate Agreements (BAAs), work with the legal and vendor management teams to ensure agreements are in place with third-parties as needed. 
• Oversee the Company’s approach to business associate oversight, ensuring all privacy obligations, data handling requirements, and risk management expectations are properly addressed through robust governance mechanisms. 
• Design, implement, and manage the Company’s privacy training and education program, tailoring content to business functions and regulatory obligations and delivering additional trainings, in a variety of formats, to promote organizational awareness and accountability. 
• Conduct risk-based auditing and monitoring activities to assess the effectiveness of the privacy program and identify opportunities for process improvement and control enhancement. 
• Lead and support Compliance’s triage and response to all privacy and data-related inquiries and reports, including concerns submitted via the Ethics and Compliance Hotline, serving as primary point for complex, high-risk, or escalated matters and ensuring timely and appropriate documentation. 
• Lead and support investigations of potential or actual privacy incidents, including suspected HIPAA violations, and manage or oversee the end-to-end response lifecycle—from breach risk assessment and containment through regulatory notification and corrective action plan implementation. 
• Develop and oversee implementation of remediation plans for identified non-compliance, monitoring closure and validation of corrective actions in collaboration with business stakeholders. 
• Act as the primary subject matter expert on health and general data privacy, advising executive leadership team, the business, and legal counsel on privacy implications of strategic initiatives, partnerships, and innovations. 
• Maintain a comprehensive understanding of Transcarent’s product ecosystem, data flows, and information-sharing practices, and act to influence the business in operating under privacy-by-design principles. 
• Provide strategic input on the development and refinement of risk-based monitoring, compliance testing, and program evaluation methodologies to ensure continuous improvement of privacy safeguards. 
• Support the definition and tracking of privacy-related key performance indicators (KPIs) and assist with the preparation of reports and communications to senior management and the Board of Directors regarding compliance program maturity, metrics, and milestones. 
• Collaborate closely with internal teams—including Legal, Security, Product, Engineering, HR, and Operations—as well as external consultants and service providers, to ensure comprehensive enterprise alignment in the execution of privacy obligations. 
• Monitor and interpret changes in federal, state, and international privacy regulations, industry trends, and enforcement actions, and translate those insights into proactive updates to policies, processes, and training content. 
• Support the development and maintenance of the Company’s AI governance program, with a focus on privacy-related AI risks and compliance considerations. 
• Participate in the AI Governance Committee as the privacy subject matter expert, advising on data protection and privacy compliance matters. 
• Other duties as assigned by the Compliance Officer or Chief Legal Officer.

What we’re looking for 

• 10-15+ years of relevant privacy or legal experience, including experience developing and managing a privacy compliance program. 
• CIPP/US, CIPM, and/or CIPT certification required; CHC or CHPC certification a plus. 
• Working knowledge of relevant regulatory frameworks - HIPAA, ERISA, ADA, state and federal data privacy laws, IRS Code (as it relates to health and welfare plans), Price Transparency regulations, licensure requirements, TPA and state insurance regulations, FDA mobile medical app and medical device standards, FTC issues for mobile apps and online health programs, and state Corporate Practice of Medicine laws.  
• Demonstrated experience addressing privacy considerations in AI/ML systems, including training data governance, algorithmic transparency, automated decision-making, and emerging AI regulations. 
• Deep knowledge of multi-state consumer privacy laws (CCPA/CPRA, Virginia CDPA, Colorado CPA, Connecticut DPA, and other emerging state frameworks), with experience operationalizing compliance across jurisdictions. 
• Proven track record leading breach response and regulatory investigations, including OCR audits, state attorney general inquiries, and breach notification processes. 
• Experience embedding privacy-by-design principles into product development lifecycles, with demonstrated ability to partner effectively with Product and Engineering teams. 
• Strong background in third-party risk management, including privacy due diligence, vendor assessments, and oversight of data processors and business associates. 
• Excellent judgment and communication skills, with a strong attention to detail. 
• The ability to adapt quickly to new surroundings and in a fast-paced environment.  
• Experience with health technology companies and/or startup organizations. 

Nice to have 

• J.D. degree preferred. 
• Experience with international privacy frameworks (e.g., GDPR) and cross-border data transfer mechanisms; familiarity with digital health, telehealth, and mobile health application privacy requirements; experience with state health information exchange (HIE) regulations and interoperability standards; background in FTC enforcement trends related to health apps and consumer protection.