Senior Manager/Director, Privacy Compliance
Flatiron’s privacy program is responsible for legal, compliance and ethical considerations around data use, privacy law, and security law within the organization. The privacy program is core to all aspects of the company’s business model, enterprise risk management, and day-to-day operations.
We are looking for a Senior Manager/Director, Privacy Compliance to help support Flatiron’s privacy program. This position is responsible for supporting the activities of the Privacy Program with specific focus on the development, implementation and execution of Privacy Compliance Monitoring and Auditing Program plans and protocols for various activities in order to aid in the assessment of the organization's compliance with relevant laws, regulations, industry standards and company policies and ensure audit readiness. This role reports directly into the Chief Privacy Officer.
Responsibilities:
Internal Monitoring
- Develop appropriate monitoring plans and protocols that effectively assess organizational privacy compliance
- Execute monitoring protocols based on established monitoring plans
- Validate adequacy, reliability and effectiveness of organizational controls related to privacy compliance
- Prepare findings and recommendations reports for all privacy compliance monitoring activities
- Identify privacy compliance issues and gaps and document in accordance with policies and procedures
External Audit Support
- Manage relationship with regulatory agencies and manage privacy components of external regulatory audits.
- Partner with relevant parties to analyze applicable laws and regulations and provide a point of view on audit requirements as it relates to information security and privacy controls.
Internal Audit
- Develop and manage project plans for Privacy audits from audit pre-planning, planning, execution, remediation, and post remediation validation.
- Work cross-functionally with relevant parties on technology implementation projects to validate controls and meet Privacy requirements as defined by the respective teams.
Privacy Risk Management
- Build strong relationships with business partners and technology teams to thoroughly understand their business processes and to identify appropriate and pragmatic risk mitigations.
- Develop effective relationships with business areas; Partner with business owners on remediation plans and the development of appropriate Corrective Action Plans (CAPs)
Requirements:
- Knowledge of the Federal and State regulatory environment applicable to healthcare technology, with emphasis on HIPAA privacy and security rules.
- Knowledge of compliance auditing and monitoring techniques
- Knowledge of compliance investigation process
- Organization and management of multiple priorities
- Data analysis experience
- 8+ years of experience with Big Four or internal audit with a focus on Information Security and Privacy
- Working knowledge of audit participation in systems development/change management projects, including experience with ensuring information security and privacy control requirements are included in the system/process design and adequately tested prior to going into production environment.
- Independently operate in a fast paced and diverse environment while managing multiple projects.
- Interest in working in a collaborative, creative environment.
- High level of comfort with technology and information management tools.
- Commitment to compliance with laws, regulations, and bioethical principles, as well as teamwork.
Bonus Points:
- CISSP or CISA certifications.
- Understanding of e-commerce, cloud computing, operating systems, web technologies and enterprise security architecture.