Job Details

Director, Chief Privacy Official & Privacy Counsel

Company name

Organization Type

In-House

Job Type

Attorney

Years of Experience

Min 10 yrs required

Location

San Francisco, CA

Date Last Verified

Aug 08,2017

Posted on

May 16,2017
Practice Area
Corporate >> Corporate - General
Health Care >> Health Care
Apply for this job
 
Your Email:
Upload Resume:

 
77 hits

Profile

Director, Chief Privacy Official & Privacy Counsel The candidate's specific responsibilities include: Lead all aspects of BSC’s Privacy program across the enterprise, including all business units, products and services. Chair, engage, and facilitate meetings of the Privacy Council, the governance body for the Privacy Program. Lead team of Privacy professionals to ensure robust and effective preventive, detective and remedial privacy controls throughout the Company’s operations. Conduct annual strategic planning for Privacy program needs and objectives. Maintain clear, effective, and legally compliant privacy policies and procedures. Implement and execute effective training, communications and awareness programs to properly educate employees and business partners regarding privacy legal requirements and responsibilities. Implement and execute effective testing, auditing, monitoring, tracking and reporting procedures to ensure the success of the program, as measured by regular assessments and metric-based analysis. Conduct privacy investigations, including data security breaches and other privacy matters. Prepare comprehensive investigation summary reports. Ensure proper corrective action and remedial measures are taken once investigations are completed. Counsel and advise the business units regarding new and existing initiatives, products and services. Support the business on implementing and executing such guidance. Ensure compliant marketing campaigns and information sharing and disclosure practices, including social media and other forms of emerging technologies and Internet-based communications vehicles. Ensure proper remediation regarding identified privacy control deficiencies. Ensure proper vendor and third party oversight, including negotiation and maintenance of all required contractual and operational controls (e.g., Business Associate Agreements”). Build and maintain effective relationships with all relevant internal and external stakeholders, including federal, state and local regulatory entities, the Blue Cross Blue Shield Association (BCBSA), IT, IT Security, Marketing, Human Resources, Employee Relations, Legal, and Internal Audit, among others. Compile clear, accurate and timely reports for senior management and the Board, as needed. This includes the proper investigation and inquiry reporting, tracking, closure metrics and accompanying analyses (e.g. trend and pattern identifications). Work with and respond to regulators and law enforcement, as needed.

Qualification and Experience

The candidate should have Bachelor’s degree and J.D. degree from an ABA accredited U.S. law school, current admission to the bar of at least one US state, eligibility for CA in-house counsel licensure required. Should have 10+ years legal practice experience, health care privacy experience required, in-house counsel experience strongly preferred. Personnel and privacy program management experience required. Strong breach management/response experience required. CIPP/US Certification from the IAPP ( or willingness to obtain same) preferred. Should have 10+ years of health care privacy experience with increasingly progressive responsibility. Prior in-house privacy compliance and legal experience required. Chief Privacy Officer experience preferred, but not required. Functional subject matter expertise in HIPAA, HITECH, CAN-SPAM, TCPA, PCI DSS, security breach notification laws, privacy-related marketing and advertising laws, and other applicable laws and regulations required. Proven ability to effectively and timely manage multiple initiatives and cross-departmental projects. Substantive experience dealing with health care regulators, law and regulatory enforcement agencies. Demonstrated leadership, ability to drive results and engage senior leaders, and ability to influence cross-organizational stakeholders and decision makers with different operational responsibilities. Proven track record of building consensus, forging coalitions and leveraging professional relationships to achieve strategic objectives and to create an effective “culture of compliance.” Extensive corporate investigations experience preferred. Strong familiarity with health plan systems and applications preferred. Strong program and project management experience preferred. Knowledge of California privacy laws and regulations preferred. Senior leader and strategic thinker with extensive health care privacy and compliance experience. Knows how to build, lead and sustain an effective Privacy Program aimed to prevent, detect and remediate actual and potential privacy risks. Extensive privacy and compliance investigations experience, including the ability to lead cross-organizational and complex investigations from start to finish. Strong political acumen to partner and collaborate with, and influence, all relevant stakeholders, both internal and external, including executive management. Strong communication and relationship-, coalition- and consensus-building skills required. Strong independent judgment, critical and analytical thinking, and problem-solving skills required. Strong moral compass and high integrity required. Must do the right thing, even when it means doing the difficult thing. Extensive health care privacy and compliance expertise and experience. Ability to independently and self-sufficiently lead the function with minimal supervision and direction. Strong verbal, written, and oral communication skills. Strong ability to influence at all levels of the organization, including executive management, the Board, Audit Committee, workforce members, regulators, local, state and federal officials, customers, partners and vendors. Strong ability to synthesize vast amounts of complex data, and clearly and concisely articulate the relevant points without getting lost in the weeds. Proven ability to multi-task, thrive and deliver in a highly regulated, demanding, entrepreneurial, and constantly changing corporate environment. Demonstrated ability to regularly re-prioritize risks, objectives and action plans based on an evolving corporate and regulatory landscape. Ability to deal well with ambiguity and complex situations. Ability to lead a team through growth and change. Ability to set a clear vision for the department and to successfully execute on the vision. Experience in building programs, process improvements and/or re-engineering. Strong leadership, people management and mentoring skills.

Additional info

Ref - 17001ZE

Company info

Apply Now