Apply on Employer Site

Transcarent · 1 day ago

Privacy Officer

United States

Full-time

Remote

Senior Level, Lead/Staff

$175K/yr - $200K/yr

10+ years exp

Transcarent is a company focused on providing personalized health and care experiences. The Privacy Officer will oversee the enterprise-wide privacy program, ensuring compliance with privacy laws and regulations while supporting AI governance initiatives related to data privacy.

Health CarePersonal HealthSoftware

Responsibilities

Serve as the Company’s HIPAA Privacy Officer and lead the enterprise-wide privacy compliance strategy under the direction of the Senior Director of Compliance

Oversee the day-to-day operations of the Privacy Program, including the development, implementation, and maintenance of policies and procedures to ensure ongoing compliance with applicable privacy laws and regulations (e.g., HIPAA, CCPA/CPRA, and related data privacy laws)

Continuously evaluate and update privacy documentation—including policies, procedures, notices, training materials, internal protocols, and third-party agreements—to reflect evolving regulatory requirements, organizational changes, and best practices in privacy management

Define the requirements for Transcarent’s Business Associate Agreements (BAAs), work with the legal and vendor management teams to ensure agreements are in place with third-parties as needed

Oversee the Company’s approach to business associate oversight, ensuring all privacy obligations, data handling requirements, and risk management expectations are properly addressed through robust governance mechanisms

Design, implement, and manage the Company’s privacy training and education program, tailoring content to business functions and regulatory obligations and delivering additional trainings, in a variety of formats, to promote organizational awareness and accountability

Conduct risk-based auditing and monitoring activities to assess the effectiveness of the privacy program and identify opportunities for process improvement and control enhancement

Lead and support Compliance’s triage and response to all privacy and data-related inquiries and reports, including concerns submitted via the Ethics and Compliance Hotline, serving as primary point for complex, high-risk, or escalated matters and ensuring timely and appropriate documentation

Lead and support investigations of potential or actual privacy incidents, including suspected HIPAA violations, and manage or oversee the end-to-end response lifecycle—from breach risk assessment and containment through regulatory notification and corrective action plan implementation

Develop and oversee implementation of remediation plans for identified non-compliance, monitoring closure and validation of corrective actions in collaboration with business stakeholders

Act as the primary subject matter expert on health and general data privacy, advising executive leadership team, the business, and legal counsel on privacy implications of strategic initiatives, partnerships, and innovations

Maintain a comprehensive understanding of Transcarent’s product ecosystem, data flows, and information-sharing practices, and act to influence the business in operating under privacy-by-design principles

Provide strategic input on the development and refinement of risk-based monitoring, compliance testing, and program evaluation methodologies to ensure continuous improvement of privacy safeguards

Support the definition and tracking of privacy-related key performance indicators (KPIs) and assist with the preparation of reports and communications to senior management and the Board of Directors regarding compliance program maturity, metrics, and milestones

Collaborate closely with internal teams—including Legal, Security, Product, Engineering, HR, and Operations—as well as external consultants and service providers, to ensure comprehensive enterprise alignment in the execution of privacy obligations

Monitor and interpret changes in federal, state, and international privacy regulations, industry trends, and enforcement actions, and translate those insights into proactive updates to policies, processes, and training content

Support the development and maintenance of the Company’s AI governance program, with a focus on privacy-related AI risks and compliance considerations

Participate in the AI Governance Committee as the privacy subject matter expert, advising on data protection and privacy compliance matters

Other duties as assigned by the Compliance Officer or Chief Legal Officer

Qualification

HIPAA complianceCIPP/US certificationPrivacy program managementAI privacy governanceData privacy lawsBreach responseThird-party risk managementCommunication skillsAttention to detailAdaptability

Required

10-15+ years of relevant privacy or legal experience, including experience developing and managing a privacy compliance program

CIPP/US, CIPM, and/or CIPT certification required; CHC or CHPC certification a plus

Working knowledge of relevant regulatory frameworks - HIPAA, ERISA, ADA, state and federal data privacy laws, IRS Code (as it relates to health and welfare plans), Price Transparency regulations, licensure requirements, TPA and state insurance regulations, FDA mobile medical app and medical device standards, FTC issues for mobile apps and online health programs, and state Corporate Practice of Medicine laws

Demonstrated experience addressing privacy considerations in AI/ML systems, including training data governance, algorithmic transparency, automated decision-making, and emerging AI regulations

Deep knowledge of multi-state consumer privacy laws (CCPA/CPRA, Virginia CDPA, Colorado CPA, Connecticut DPA, and other emerging state frameworks), with experience operationalizing compliance across jurisdictions

Proven track record leading breach response and regulatory investigations, including OCR audits, state attorney general inquiries, and breach notification processes

Experience embedding privacy-by-design principles into product development lifecycles, with demonstrated ability to partner effectively with Product and Engineering teams

Strong background in third-party risk management, including privacy due diligence, vendor assessments, and oversight of data processors and business associates

Excellent judgment and communication skills, with a strong attention to detail

The ability to adapt quickly to new surroundings and in a fast-paced environment

Experience with health technology companies and/or startup organizations

Preferred

J.D. degree preferred

Experience with international privacy frameworks (e.g., GDPR) and cross-border data transfer mechanisms; familiarity with digital health, telehealth, and mobile health application privacy requirements; experience with state health information exchange (HIE) regulations and interoperability standards; background in FTC enforcement trends related to health apps and consumer protection