Senior Manager, Privacy and Compliance

Job Description

We all depend on healthcare throughout our lifetimes, for ourselves, and our families and friends, but it is notoriously difficult to navigate and understand. As an industry that comprises 20% of the US economy we think healthcare should work better for all of us. At Collective Health we believe it’s time for a new day in healthcare where as members we are informed and empowered to make the right care choices when the decisions are urgent and critical.

If you are an experienced Privacy and Healthcare Compliance professional excited to help build and operate a broad range of compliance functions in a healthcare technology company, then this role is for you! You will manage the Privacy, Risk, and Compliance (PRC) Operations program and team as you build relationships across all parts of the business and drive cross-functional initiatives to continuously improve our security, privacy, and compliance programs. This role reports to our Chief Compliance and Privacy Officer and works cross-functionally with IT Security, Engineering, Product, IT, and Customer Experience teams.

In this role you will:

• Manage the Privacy and Compliance team
• Redesign and lead the Privacy and Compliance training program
• Manage Privacy and Compliance Analyst work including responses to, and resolution of, a variety of ticket submissions
• Manage Privacy and Security Incidents including adherence to proper reporting guidelines
• Create and maintain Privacy and Compliance Playbooks
• Provide analysis and response to all client reporting requests that involve PHI, PII, and/or confidential information
• Review Business Associate Agreements (BAAs) and Security and Privacy Agreements (SPAs)
• Develop and maintain policies and procedures
• Provide Compliance, Privacy, and Security risk assessment and auditing remediation management
• Partner with and support PRC Audit Team on Cyber Risk Assessments/ Third Party Risk Management, SOC1, SOC2, HITRUST, audits, and other special projects
• Assist CCO/CPO with Incident Response Plan, Table Tops, and Board-related initiatives
• Support Compliance, Privacy, and Security information responses on RFPs and client bids
• Drive innovative programs to build culture and awareness of Compliance, Privacy, and Security

You’ll be successful in this role if you have:

• 9-12 years in healthcare privacy, security, corporate compliance, healthcare compliance, risk management, healthplan operations, provider operations, or information security assurance in healthcare
• Experience running Compliance and Privacy programs/teams in a healthcare environment
• Significant experience with HIPAA, PHI, PII, HITECH, HIPAA Security Rule, and relevant healthcare regulations
• Proven ability to build relationships and to collaborate effectively with a broad range of stakeholders and departments to drive compliance-friendly and business-friendly outcomes
• Track record of taking initiative, having the ability to work independently, and being comfortable in ambiguity
• Outstanding judgment, execution, and teamwork
• Excellent communication and presentation skills, including not only training but the ability to engage with employees and executives at all levels of the organization
• Enthusiasm for technology, privacy, security, and compliance concepts and ability to relate them to new situations
• Proficiency with a broad range of popular technology tools including JIRA, Confluence, Google Drive, Box, and Slack
• Prior management experience required
• Bachelor’s Degree. Relevant experience may be substituted for education

Bonus Qualifications:

• Relevant experience at a rapidly growing technology company preferred
• CHPC and/or CHC from HCCA strongly preferred
• CIPP/US beneficial

Founded in 2013, Collective Health has created an ecosystem of innovative partners across care and benefits delivery, as well as built a powerful and flexible infrastructure to better enable employees and their families to understand, navigate, and pay for healthcare. By reducing the administrative lift of delivering health benefits, providing an intuitive member experience, and improving health outcomes, the company guides employees toward healthier lives and companies toward healthier bottom lines. Collective Health is headquartered in San Francisco, CA with locations in Chicago, IL, and Lehi, UT. For more information, please visit collectivehealth.com .

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Collective Health is committed to providing support to candidates who require reasonable accommodation during the interview process. If you need assistance, please contact [email protected] .