Director of Privacy

Bachelor’s degree in business, operations, compliance, information security, or related field (or equivalent experience). 7–10 years of experience in privacy, compliance, program management, or related regulated industry roles. Deep understanding of HIPAA, state privacy laws, data governance, and privacy operations. Experience building or leading an enterprise privacy program at a healthcare, pharmacy, or SaaS organization. Strong program management skills and comfort managing cross-functional initiatives. Excellent communicator capable of translating regulatory requirements into actionable steps. Highly organized and capable of working in fast-moving, ambiguous environments. Clear, concise communicator skilled at translating complexity into action plans. CIPP, CHPC, or other privacy certifications preferred but not required.

Own PHIL’s enterprise privacy program and serve as Privacy Officer. Lead compliance with HIPAA, state privacy regulations, and client requirements. Develop and maintain privacy policies, procedures, training, and documentation. Lead privacy risk and impact assessments, and internal controls. Partner with departments to operationalize privacy requirements. Build processes for privacy-by-design in product development. Oversee monitoring and auditing of privacy practices. Lead privacy incident investigation and response. Manage reporting workflows and external notifications. Develop and deliver privacy training. Serve as internal advisor on privacy topics. Establish privacy KPIs and reporting mechanisms. Contribute to PMO frameworks and governance structures. Prepare materials for audits and regulatory inquiries.