Surescripts serves the nation through simpler, trusted health intelligence sharing, in order to increase patient safety, lower costs and ensure quality care. We deliver insights at critical points of care for better decisions - from streamlining prior authorizations to delivering comprehensive medication histories to facilitating messages between providers. Job Summary: The Privacy Program Manager applies advanced knowledge of privacy and data protection to research applicable issues and track relevant legislation, regulations, standards, and controls. Relies on strong interpersonal communication skills to build and maintain relationships with business leaders, product owners and developers, and members of the legal team. Collaborates with Privacy Officer and Senior Privacy Counsel to develop program strategies. Implements strategies, including policies, procedures, and related awareness, including role-based training. Leads Privacy Impact Assessment (PIA) process, interfacing with product and system owners, tracking risks and monitoring remediation. Identifies opportunities for improving privacy program and operations and functions. Responsibilities: Tracking and conducting legal research and analysis of privacy requirements arising under privacy legislation, regulation, and published standards and controls. Contributing to the company's compliance with federal and state privacy legislation and regulation, through the maintenance of the company privacy policies and procedures, and published privacy standards and controls. Preparing and delivering privacy awareness collateral and training content to guide workforce behaviors, drive change, and improve program maturity. Responding to individual inquiries, complaints, and requests to exercise privacy rights. Managing individual rights requests to ensure timely response for access, amendment, deletion, restriction, and the like, including interfacing with leaders in marketing, human resources, benefits administration, and product. Managing and maintaining electronic records and other privacy program documentation to demonstrate compliant program operations. Leading privacy education initiatives, such as timely preparing and executing training programs using purchased vendor content and through the company's LMS (Learning Management System). Participating in the development and maintenance of privacy content for the company's privacy intranet (Connect) page. Coordinating cross-functionally on security incident response, including triaging privacy incident reports, leading privacy portion of investigations and supporting the privacy office in related breach response. Leading the development and maintenance of Privacy Impact Assessment (PIA) templates for evaluating products and internal systems. Leading collaboration across the business demonstrating completion of annual PIA requirements, including tracking risks in risk register, and reporting on remediation progress against plan. Supporting the Litigation function as a Privacy resource for Subpoena Responses. Advising less experienced colleagues in Subpoena handling and acting as a point of escalation for more complex cases. Communicating in a timely manner with Privacy Officer and other team members on new matters, challenges, and status. Handling special projects and other duties as assigned Qualifications: Basic Requirements: Bachelor's degree or equivalent experience 8+ years previous experience as a contributor to privacy and/or cybersecurity programs 3+ years previous experience managing projects and project budgets 5+ years previous experience with privacy program operations, including experience in US health care and consumer sectors 3+ years previous experience with privacy risk assessment and analysis 5+ years prior experience with U.S. health privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA) 3+ years of experience with consumer privacy protection laws, such as California Consumer Pr vacy Act (CCPA), California Privacy Rights Act (CPRA), and related compliance requirements 5+ years of experience working with product owners and developers Strong research and writing skills for both formal memoranda and informal summaries, including citation to law and other published authorities 5+ years of experience handling privacy inquiries and comfort with responding to external requests and individuals, including maintaining program documentation concerning the same 7+ years of experienced developing policies, standards, and related education (training and awareness) content and collateral A highly organized, agile, and detail-oriented management style, with demonstrated ability to manage multiple tasks and initiatives, meeting conflicting deadlines, and engaging with leadership to communicate program and project level status Pragmatic judgement, addressing the current need while tracking to the strategic view and recognizing when it is appropriate to seek guidance from leadership regarding issues and conflicts Confidence when dealing with people at all levels of seniority Proven ability to contribute as part of a cross-functional team to implement privacy strategy and consistently demonstrate compliance with privacy policies Preferred Requirements: Professional certifications, such as paralegal certification from an ABA-approved paralegal certification program and/or a privacy certification from an internationally recognized organization (International Association of Privacy Professionals or ISACA) Previous experience with or strong interest in information technology and analytics Experience with NAVEX (education content), Workday (learning management system), OneTrust (privacy impact assessment and data mapping), and OnSpring (governance risk and compliance) tools Familiarity with Privacy by Design and relationships with Agile development, enterprise architecture, portfolio management, and information security Surescripts embraces flexibility through its Flexible Hybrid Work model for most positions. This model allows employees to work virtually while still utilizing our offices as collaboration centers. With alignment and agreement from your leadership, you can come and go from the office as needed . What You're Like You have never met a problem you did not want to try to solve. You are creative and practical. With your ability to drive to results, cut through the fog, and help others see multiple perspectives, you save the day on a semi-regular basis. What We're Like We learn from each other and help one another. We don't waste energy competing with one another, stirring up drama, or plotting revenge. We're too busy for that. Plus, we actually like each other. We get work done, ask how we can get better, and generally enjoy ourselves along the way. What the Work is Like We operate a balancing act: We don't just advise on risks; we help the business move toward opportunities..It's good that we are flexible and nimble as we operate in an ever-evolving landscape. Weencounter and embrace constant change and continue to drive compliance with laws, regulatory requirements, policies and procedures. We are proud that our work protects and advances the interests of the Surescripts Network Alliance and helps build a secure, connected, and effective healthcare system. Why Wait? Apply Now We're a midsize company. This means you're not just another employee ID number. Here, you can build real relationships and feel supported by truly awesome people with diverse backgrounds and talents in an innovative and collaborative work culture. We strive to create an environment where you canbe yourself, share your ideas and work your way. We offer... For full info follow application link. Equal Employment Opportunity/Affirmative Action Employer - Disabled/Vets