HealthEquity · 15 hours ago
Director of Privacy
United States
Full-time
Remote
Senior Level, Lead/Staff, Director/Executive
$138K/yr - $182K/yr
12+ years expHealthEquity is on a mission to save and improve lives by empowering healthcare consumers. They are seeking a Director of Privacy who will lead the operational privacy program, ensuring compliance and governance while driving privacy-by-design principles across the organization.
Financial ServicesHealth CarePayments
Responsibilities
Execute and continuously improve the day-to-day operation of HealthEquity’s privacy program in alignment with the enterprise privacy strategy, policies, and governance framework
Develop and maintain the privacy program operating plan and roadmap; translate strategic priorities into measurable initiatives, milestones, and deliverables
Operate privacy governance mechanisms (intake, triage, workflow management, decision documentation, evidence management, issue tracking, and escalation pathways) to ensure consistent, auditable, and business-enabling execution
Draft, maintain, and operationalize privacy procedures, standards, and playbooks that implement enterprise policy requirements; recommend policy or standard enhancements based on operational learnings and emerging risk
Assure governance artifacts are complete and 'exam-ready,' including documented decisions, rationales, exceptions, and remediation tracking
Oversee the operational privacy components of data governance, including data mapping, records of processing/data inventories, data classification support, and purpose/use documentation
Partner with Technology, Data, Security, Legal, and Records/Information Management stakeholders to support implementation of data minimization, retention, deletion, and secure handling controls consistent with enterprise standards
Support alignment between privacy requirements and records management/legal hold processes
Drive operational improvements that reduce friction for teams while improving data lifecycle compliance and evidence quality
Embed privacy-by-design principles into product development and technology delivery processes through practical mechanisms (e.g., SDLC touchpoints, launch readiness criteria, design reviews, and change management controls)
Lead execution of privacy impact assessments and related reviews in accordance with established frameworks; ensure risks are clearly documented, remediation is owned, and completion is tracked
Develop reusable privacy patterns and implementation guidance for common scenarios (e.g., analytics/telemetry, customer communications, data sharing, identity verification, sensitive data handling)
Operationalize privacy governance for AI and advanced analytics initiatives by executing reviews, documenting risk assessments, and recommending controls and guardrails
Partner with Product, Technology and Security to align privacy and security requirements, ensuring privacy controls are practical, testable, and scalable
Execute the enterprise privacy risk assessment processes, including intake scoping, privacy impact assessments, periodic risk reviews, and issue management
Maintain a disciplined remediation tracking process for privacy findings, control gaps, and program issues; drive to closure and validate evidence
Develop, maintain, and report privacy program KPIs/KRIs, control health metrics, and maturity indicators; provide executive-ready reporting, insights, and trend analysis for reporting and governance
Support audits, exams, and internal assurance activities by producing high-quality evidence, narratives, and corrective action tracking
Own day-to-day operations for individual rights/consumer request fulfillment (e.g., access, deletion, correction), including intake, identity verification coordination, fulfillment workflows, quality control, documentation, and SLA management
Define operational procedures, templates, and QA checks that improve response consistency and defensibility; drive automation and efficiency improvements where appropriate
Monitor privacy regulatory developments and translate changes into operational; support implementation planning, execution, and readiness activities
Coordinate complex or sensitive requests with Legal, Security, and business owners
Lead operational privacy reviews for vendors, partners, and third parties that process or access personal information, in partnership with Procurement, Legal, and Third-Party Risk
Assure privacy requirements are embedded in onboarding, contracting, and ongoing monitoring practices in alignment-approved privacy standards and contractual requirements
Evaluate data sharing arrangements, integrations, and API-based data flows for alignment with enterprise standards; document risks, required controls, and exceptions
Maintain operational evidence of third-party privacy diligence and oversight to support audit and regulatory expectations
Serve as the privacy program lead in incident response activities, partnering with Security and Legal on privacy impact analysis, documentation, evidence collection, and remediation tracking
Support breach evaluation and notification analyses by preparing documented impact assessments and options
Track privacy incidents, complaints, investigations, and corrective actions to closure; identify systemic drivers and recommend control or process improvements to reduce recurrence
Support enforcement and corrective action execution consistent with enterprise standards
Prepare executive-ready materials, program status updates, risk summaries, and recommendations for use in executive and Board-level reporting
Support regulatory, audit, and external assessment engagements
Partner cross-functionally to ensure consistent internal messaging and defensible documentation of privacy program decisions and actions
Build and deliver role-based privacy training and awareness that is measurable, targeted, and operationally effective; drive adoption through practical enablement rather than policy recitation
Develop self-service tools and playbooks that improve consistency and reduce delivery friction for product and operational teams
Partner with the Chief Privacy Officer on privacy program resourcing needs; manage program workflows and tooling to maximize efficiency and evidence quality
Benchmark operational practices against industry standards and peer programs; propose improvements that measurably strengthen program maturity
Qualification
Required
Bachelors degree required
12 to 15 years of progressive experience in privacy and data protection within complex, regulated environments with 5-10 years of leadership experience
Strong stakeholder leadership skills and the ability to drive adoption through influence and clarity
Proven ability to operationalize privacy requirements in technology and business processes
Track record of experience in a mix of financial services, financial technology, technology, and healthcare environments, with the ability to work with and navigate associated regulatory frameworks
Deep understanding of U.S. privacy laws and regulatory frameworks, including GLBA and HIPAA, and state privacy laws
Fluency in privacy-by-design principles, data lifecycle concepts, and risk assessment practices; sufficient technical understanding to engage credibly on data flows, integrations, analytics, and AI use cases
Demonstrated ability to balance regulatory requirements with business enablement and innovation
Executive-level communication, influence, and stakeholder management skills
Proven ability to lead teams, drive change, and deliver measureable risk and compliance outcomes
Track record of constructive relationships with diverse groups of people, including internal and external stakeholders
Commitment to customer service excellence
Preferred
Juris Doctor with relevant experience in privacy law highly preferred
CIPP/US or CIPM and/or related professional designations/certifications highly preferred
Benefits
Medical, dental, and vision
HSA contribution and match
Dependent care FSA match
Uncapped paid time off
Paid parental leave
401(k) match
Personal and healthcare financial literacy programs
Ongoing education & tuition assistance
Gym and fitness reimbursement
Wellness program incentives
Company
HealthEquity
HealthEquity connects health and wealth by administering Health Savings Accounts (HSAs) and other consumer-directed benefits.
1001-5000 employees
Funding
Current Stage
Public CompanyTotal Funding
$12.5M2014-07-31IPO
2011-09-09Private Equity· $12.5M
Leadership Team
Scott Cutler
President and CEO
James Lucania
Chief Financial Officer
Recent News
2025-12-18
2025-12-04
2025-12-04
Company data provided by crunchbase