Support PDF,DOC,DOCX,TXT,XLS,WPD,HTM,HTML fils up to 5MB
Organization TypePublic Interest
Years of Experience
Date Last Verified
ProfilePrivacy and Risk Manager Responsibilities: Conducts and leads potential privacy violation reviews, as well as security breach investigations and impact analyses. Develops and delivers clear, effective and timely reports and updates for senior management and/or the Board regarding privacy program effectiveness, initiatives and issues, including all relevant privacy metrics, dashboards and information Develops, assesses and adapts clear and effective Business Associate agreements and/or other contractual reviews as a privacy subject matter expert. Develops, assesses and adapts clear and effective privacy policies, procedures, training, communications and awareness materials, campaigns, controls and initiatives to ensure clear and consistent understanding and practices throughout internal and external operations to ensure proper and timely preventive measures Develops, assesses and adapts clear and effective privacy remediation and corrective action initiatives, protocols and controls to ensure proper and timely privacy compliance. Develops, assesses, and adapts clear and effective privacy monitoring, testing, reporting, auditing and sampling protocols, controls and channels to ensure the proper and timely detection of relevant privacy issues. Ensures collaboration with sibling Corporate Compliance, Quality Assurance and Fraud, Waste & Abuse teams to evaluate and monitor operations and system development for security and privacy requirements. Ensures compliance with required privacy laws, regulations, standards and practices for all relevant parties, both internal and external to the organization. Keeps abreast of changing privacy regulations, including all relevant laws, rules, industry standards, company practices and technology initiatives (e.g. mobile applications and developing health information technology). Provides clear and effective reports to Legal, the business, the operational areas and other internal/external parties regarding new or prospective privacy laws, regulations, industry standards and best practices. Monitors advancements in information privacy technologies to ensure organizational adaption and compliance. Oversees and conducts regular gap analyses and risk assessments for HIPAA, other applicable privacy regulations and comprehensive privacy program effectiveness. Oversees and directs annual and ongoing privacy training to Insurance Services Division staff and applicable business associates. Oversees the development, maintenance and revision of privacy policies and procedures, Notice of Privacy Practices, and any other legal or regulatory requirements. Represents Insurance Services Division in all third party and customer-originating or Facing reviews, investigations or requests for information. Represents UPMC Insurance Services Division with all relevant regulatory agencies and entities regarding privacy reviews, investigations or requests for information.
Qualification and Experience
Qualifications: Bachelor’s degree required. Relevant graduate degree (e.g. JD Degree or Master's Degree in a related field) preferred. CIPP and/or Healthcare Privacy Compliance certification preferred. 5 years of privacy, legal, and/or compliance experience required. Experience in health insurance and/or healthcare privacy preferred. 2 years progressive leadership experience in health care operations, regulatory compliance, risk management, or similar field required (coaching, mentoring, or training). Prior in-house legal or compliance experience strongly preferred. Strong background in managing large scaled projects preferred. Strong subject matter expertise and knowledge of all relevant privacy laws, regulations, industry standards and best practices. Strong acumen and understanding of healthcare, health insurance and managed health care organizations required, including all relevant business lines (commercial, Medicare, Medicaid, Duals, FEHB, CHIP, behavioral health, etc.). Excellent oral, listening and written communication skills. Strong computer and IT skills preferred. Relevant knowledge about information security and the inherent interplay between privacy and cybersecurity preferred. Must have strong analytical and organizational skills as well as problem solving capabilities to ensure that business plans and strategies do not subject the organization to any legal or regulatory violations and/or undue risk or exposure. Strong partnership, relationship, consensus, and coalition-building skills required. Strong emotional intelligence and self-awareness required. The role requires a manager who strikes the optimal balance between strategically navigating the compliance requirements and business needs in a manner that’s nuanced and mutually reinforcing. Strong strategic, business, operational and leadership mindset and skills required. Highly consultative and partnership-oriented in approach. Strong and reliable judgment and discretion required. Ability to independently and self-sufficiently identify and navigate various privacy-related issues. Strong ethical compass and integrity capital required.
Job ID: 596324