Privacy Consulting Manager

Job Req #: 21-07408Job Description: Privacy Consulting ManagerLocation: Concord, CAJob Type: Four-month Consulting Contract Our client is one of the premier experts in the deployment and delivery of cybersecurity, cloud, automation, end-user computing, software-defined infrastructure, core infrastructure, and Microsoft solutions. They are known for being a trusted advisor to some of the most prominent companies in California within the healthcare, financial services, legal services sectors, as well as educational institutions and government agencies. When joining their organization, you will become part of team that is dedicated to the long-term success of both their employees and clients. Key Responsibilities:My client is currently seeking a U.S. / global privacy and data protection subject matter advisor to lead and oversee privacy related projects for clients. Working closely with their senior leadership and client senior leadership, you will work with cross functional product teams throughout client organizations including sales, marketing, development, information technology, digital, etc.As the Privacy subject matter advisor, you will work to ensure that all products originating from and operated by the client(s) meet the enterprise standards for global requirements such as the Health Insurance Portability and Accountability Act (HIPAA), California Confidentiality of Medical Information Act (CCMIA), Texas Health and Safety Code 181 (Texas H&SC 181), California Consumer Privacy Act (CCPA) as well as other privacy specific domains such as notice, choice and consent, privacy by design, data subject rights, data protection and security standards, privacy incident response, and third party risk management. Specifically, you will be directly responsible for identification and remediation of the collection and protection of personal data / personally identifiable information through the product life cycle of ideation, design and build, operationalization, and decommissioning. You will support and manage the documentation and execution of standards against technical product requirements for connections to providers and aggregators of consumer / patient permissioned and consented data ensuring a defensible position for the client company with its consumers, vendors, client entities, and regulators.Keys to the ideal candidate success will include a strong drive for results, deep interpersonal skills, operating in an organization with diverse cultural norms, maintain a consistent positive attitude and be comfortable managing and coordinating cross functional teams including those with strongly held beliefs and in senior corporate positions. The ideal candidate will have the strong business acumen and familiarization with health care provider as well as other industries to understand and prioritize competing user stories while balancing doing the right thing for the right reason compared to regulatory requirement, corporate culture, and the possibility of reputational and/or financial harm. In addition, the ideal candidate should have strong organization, planning skills with a consistent track record for delivering commitments on time.The work you will perform for our client:

• Perform all functions of the HIPAA Privacy Official including oversight of the HIPAA Security Official;
• Interface with business unit compliance, information security, architecture, engineering, and infrastructure teams to capture requirements and present requirements specific to patient/consumer permissioned data while enabling opportunities across the enterprise;
• Focus on the U.S. health care, consumer, and global regulatory requirements specific to the collection and protection of protected health information (PHI) and personal data along with primary and secondary use requirements;
• Manage third party risk(s) and negotiate data requirements with third party data providers;
• Manage data provider relationships specific to the patient / consumer permissioned data platform including business associate agreements (BAAs);
• Analyze relevant business unit documents to create clear business and technical requirement specifications;
• Analyze the technical and product requirements from the perspective of notice, choice and consent;
• Ensure complete and current documentation of data sources, connections, and standards;
• Support backlog prioritization and roadmap prioritization;
• Provide analysis to support resource and financial planning;
• Drive functional requirements with technical teams wrestling with product issues through to resolution;
• Perform interviews and conduct workshops to dissect current state operations;
• Facilitate management of technical and product risks through solution identification and the tracking of mitigation actions;
• Apply risk management and Information Governance principles to our client's data privacy and information protection environments;
• Conduct research and analysis to maintain current knowledge of global data privacy regulations such as HIPAA, CCPA, CPRA, CMIA, Texas H&SC 181, Mass 201, etc;
• Support the execution of privacy maturity and risk assessment remediations;
• Support the implementation of data privacy compliance processes;
• Support data breach response planning and playbook development;
• Guide the client through risk management and control implementation efforts;
• Review and implement draft policies, standards, and other data privacy guidance documents and implement the policies within the organization;
• Draft reports and deliver client read-outs.

• A four-year degree with a preference for an advanced degree in Business, Technology, or a Juris Doctorate.
• Five plus years in a healthcare / consumer-focused company or with a consulting firm in a client focused privacy role that included deep experience in healthcare, ecommerce, or a technology where you were able to demonstrably enhance business operations.
• One or more certifications by the International Association of Privacy Professionals (IAPP) including CIPP/US, CIPP/E, CIPM.
• A deep understanding and be able to espouse the specifics of global regulatory requirements including the EU General Data Protection Regulation (EU GDPR), the upcoming EU E-Privacy Regulation, HIPAA, CCMIA, Texas H&SC 181, CCPA, the Virginia Consumer Data Protection Act (VDCPA), CAN-SPAM, COPPA, and other similar U.S. and global regulatory requirements.
• Experience in third party risk management including vendor due diligence and privacy related privacy maturity of vendors.
• Be able to voice insights on data compliance issues, etc.