Privacy Manager, Remote Usa

This is a remote position and can be located anywhere in the United States.

AS THE WORLD MOVES TO FHIR, THERE ARE PLENTY OF REASONS TO SMILE.

Smarter decisions, fewer barriers, and better incentives are just the beginning. Smile Digital Health makes it easy for healthcare stakeholders to collect and exchange data with our leading FHIR-based data liberation platform.

We reduce barriers between information and care for those who deliver or consume health services and products and whose roles or care are hindered by fractured, inaccessible or complex information systems.

Let's make a difference! 

BE PART OF THE TEAM WORKING TOWARDS #BETTERGLOBALHEALTH

Summary:

This position is responsible to provide key privacy, governance, risk management and audit services to support the operations of multiple healthcare clients.

Responsibilities:

• Lead the Smile Digital Health Privacy Program as the organization's Data Protection Officer. 
• Maintain the library of HIPAA compliance documentation.
• Audit Smile Digital Health's operations activity including security operations, administrative access and vendors.
• Update Privacy and Security policies, standards and procedures, as necessary and manage the organization's data inventory.
• Maintain technical standards and certifications as it relates to Privacy such as HITRUST, SOC-2 and ISO 27001 controls.
• Oversee the Privacy risk management and their associated mitigation plans.
• Ensure that Privacy & Security training and awareness initiatives are aligned with organizational objectives.
• Investigate incidents through the entire process lifecycle and collect necessary documentation and evidence, as needed. 
• Serve as alternate/back-up Incident Manager for Privacy and Security incidents as reported internally or from clients.
• Conduct Privacy Impact Assessments for Smile Digital Health products and services.
• Contribute to third-party assessments for partners, vendors and consultants.
• Support sales efforts such as contributing to questionnaires and RFPs, as necessary.
• Collaborate with the Client Services department to review privacy and security requirements.
• Regularly validate privacy and security controls for cloud services, and verify with frameworks (ISO 27001, NIST SP 800-53, HITRUST, etc).
• Accountable for ensuring that all working hours are accurately reported in Netsuite on a daily or weekly basis, that the majority of (if not all) hours are tracked as billable and that the project management tool in Netsuite is properly and fully utilized. 
• Tracking and reporting of billable hours is a critical aspect of project management and delivery to our customers, and this is a major area of accountability.
• Comply with the privacy, security and confidentiality policies. 

Requirements:

• Minimum of 5 years working with a large US-based healthcare organization, ideally in Information Security, Privacy or Risk Management.
• Minimum of 3 years conducting Privacy Impact or Threat Risk Assessments, and auditing user and patient access, as it relates to HIPAA.
• At least one of the following certifications: CIPP/US, CISSP, or CISA.
• A Bachelor's degree or College diploma in Business, Engineering, IT, Healthcare or related field, or equivalent experience.
• Strong demonstrated ability to be an independent and proactive self-starter with strong organizational skills at both the tactical and strategic level. 
• Strong effective written and verbal communication with ability to adjust to different audiences depending on business focus area (technical, privacy, legal, etc).
• Demonstrated ability to implement logical thinking and manage complex and sensitive situations under pressure.
• Experience creating and maintaining documentation.
• Familiarity with cloud platforms such as Azure and AWS.
• Demonstrated ability to manage multiple tasks concurrently with minimal supervision.

Smile's core values include respect, inclusion, embracing our differences, and celebrating shared values and because our people are the foundation of our success, we remain dedicated to building diverse and inclusive teams. We welcome and encourage candidates of all backgrounds to apply. We are big on creating a sense of belonging and empowering each other to bring our authentic selves to work.