Technical Privacy Manager

The Role

Cedar is seeking an experienced Technical Privacy Manager to join our Legal & Compliance Team.   

The Technical Privacy Manager will be responsible for developing, implementing, and maintaining Cedar’s technical privacy program, with a strong focus on HIPAA, PCI-DSS, and US state privacy law compliance. This role will involve working closely with Cedar’s engineering, product, and security teams to embed privacy-by-design principles into Cedar’s products and services. The ideal candidate will possess a deep understanding of privacy regulations, technical architectures, and data security best practices within the fintech and healthcare sectors.

Responsibilities

• Privacy Program Management:
• Implement and maintain the company's technical privacy strategy and roadmap.
• Implement and manage privacy controls and processes across our systems and applications.
• Conduct data mapping efforts, Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new products, features, and system changes.
• Monitor and report on privacy program effectiveness and compliance.
• Regulatory Compliance:
• Work with Cedar’s security team to ensure all technical aspects of our operations comply with HIPAA Security Rule and Privacy Rule requirements as a Business Associate.
• Ensure compliance with PCI-DSS requirements for handling cardholder data.
• Ensure adherence to US state privacy laws, including the California Consumer Privacy Act (CCPA) and other relevant state-specific regulations.
• Participate in incident response efforts related to potential privacy breaches, including investigation, containment, and reporting.
• Conduct HIPAA risk assessments and respond to consumer inquiries and data requests (DSARs). 
• Technical Privacy Expertise:
• Provide expert guidance on privacy-by-design and privacy engineering principles to product and engineering teams.
• Collaborate with security teams to ensure a cohesive approach to data protection, integrating privacy and security controls.
• Evaluate and recommend privacy-enhancing technologies (PETs) and solutions.
• Policy and Procedure Development:
• Develop and update technical privacy policies, standards, and procedures.
• Ensure documentation of privacy controls and compliance activities.
• Training and Awareness:
• Develop and deliver privacy training programs for technical teams.
• Foster a culture of privacy awareness throughout the organization.
• Audit and Assurance:
• Assist  in internal and external audits related to privacy, HIPAA, PCI-DSS, and US state privacy law compliance.
• Work with legal and security teams to respond to regulatory inquiries and ensure audit readiness.
• Help Cedar respond to client questions and diligence regarding Cedar’s privacy and security posture. 

What we look for in an ideal candidate:

• Education: 
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree preferred.
• Experience:
• At least 5 years of experience in technical privacy, data protection, or cybersecurity roles, with a significant focus on HIPAA, PCI-DSS, and US state privacy laws (e.g., CCPA).
• Previous experience in a fintech or healthcare technology environment.
• Solid understanding of cloud computing environments (e.g., AWS, Azure, GCP) and their privacy implications.
• Experience with other privacy frameworks and regulations such as GDPR, and other relevant data protection laws.
• Technical Skills:
• Deep knowledge of data encryption, access controls, data anonymization, and pseudonymization techniques.
• Familiarity with secure software development life cycle (SSDLC) and privacy-by-design principles.
• Understanding of network security, system hardening, and vulnerability management.
• Certifications (Preferred):
• CIPP/US, CIPP/E, CIPT, HCISPP, CISSP, or an equivalent privacy and security certification.
• Soft Skills:
• An enthusiasm for building a great privacy function in a company that’s still growing and scaling
• Excellent communication and interpersonal skills, with the ability to articulate complex technical and privacy concepts to diverse audiences.
• Strong analytical and problem-solving abilities.
• Ability to work independently and as part of a cross-functional team.
• High level of integrity and ethical conduct.

Compensation Range and Benefits

• Salary Range*: $148,750 - $175,000
• This role is equity eligible 
• This role offers a competitive benefits and wellness package

*Subject to location, experience, and education

#LI-REMOTE