Director of Privacy - HealthEquity 15 West Scenic Pointe Drive, Draper, UT, USA Bookmark Share Print 281 0 2

Listing Description

We are looking for a leader to oversee HealthEquity’s Privacy program in Draper, Utah. Reporting to the CSO, the Director of Privacy will work closely with executive management to ensure the lawful and ethical access, use, and disclosure of personal information. He/she is responsible for the development, implementation, maintenance of, and adherence to the company's policies and procedures covering the use, disclosure, access to and destruction of confidential or personally identifiable information in compliance with federal and state laws and industry best practices. If you’re collaborative, driven and passionate about security, privacy, and leadership and enjoy solving complex problems, we want you to join our team.

What you’ll be doing

• Develops guidance and assists the company in identifying, implementing, and maintaining information privacy policies and procedures in coordination with management, the Risk Committee, and the Legal department

• Provides guidance to the products development team so that products conform to privacy-by- design principles

• Performs initial and periodic privacy impact assessments and information privacy risk assessments

• Develop metrics for measuring privacy compliance in coordination with HealthEquity’s compliance and operational assessment functions

• Works with management to ensure the organization has and maintains a process of:

• Obtaining and storing the necessary consents and authorization to access personally identifiable information;

• Recording all access of personally identifiable information, and creating reports of such access, in compliance with regulatory requirements, and;

• Disseminating the public-facing policies reflecting current organization and regulatory requirements

• Works with corporate training to ensure delivery of privacy related training to employees and third parties

• Participates in the development, implementation, and ongoing compliance monitoring of appropriate vendors and third-parties, to ensure all privacy concerns, requirements, and responsibilities are addressed

• Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy policies, in consultation with the Legal and compliance departments

• Recommends consistent application of sanctions for failure to comply with privacy and information security policies by employees, contractors and vendors

• Creates legally compliant processes for review, approval or denial of non-routine use, access or release of personally identifiable information

• Advises organization of developing federal and state privacy laws and accreditation standards, and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance

• Collaborates on the further refinement of the breach/security incident response plan, and assists in incident responses

• Provide support, management, and direction to staff and departmental activities. Identify and deliver value added opportunities

• Conduct relevant industry research, trend analysis, and benchmarking

• Present to the Board, executive management, partners, and applicable regulatory and rating agencies

• Stay abreast of the latest threats and industry trends and update practices as necessary

• Collaborate closely with industry and partner organizations to identify threat trends and best practices

What you will need to be successful

• Juris Doctor with relevant experience in Privacy Law

• CIPP/US or CIPM and/or related professional designations/certifications highly preferred

• 7-15 years of privacy experience in a corporate setting

• Must have solid understanding of GLBA and HIPAA privacy requirements

• Strong understanding of information technologies that affect privacy

• Ability to act as a strategist and champion for privacy; paints a compelling picture of the vision and strategy that motivates others to act

• High level of credibility, with an accomplished background in privacy, preferably in environments with similar complexity and regulatory profiles to HealthEquity, spanning financial services, financial technology, and healthcare

• Ability to build and develop the appropriate team that delivers on key objectives and navigates the privacy landscape

• Builds constructive relationships with diverse groups of people, including internal and external stakeholders

• Track record of experience in a mix of financial services, financial technology, technology, and healthcare environments, with the ability to work with and navigate associated regulatory frameworks

• Demonstrates excellent communication and listening skills

• Operates with a commitment to customer service excellence

• Drives results and champions change

• Fosters teamwork and collaboration

• Motivates and develops teams, and builds high performing teams

Benefits and perks

• Medical, Dental, Vision

• 401(k) match

• Paid Maternity/Paternity leave

• Ongoing education

• Tuition Assistance

• Gym/Fitness Reimbursement

• Purple with Purpose (paid volunteer time off)

• HSA contribution and match

• On site Lunch and Learns

• Award winning Wellness Program

• Consumer Driven Healthcare (CDH) education

Why work for HealthEquity

HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth and build health savings for life. Through our innovative technology and superior service delivery, our members gain valuable insights to better save and spend their healthcare dollars.

We firmly believe that our team members drive the success of this company. We hire passionate contributors who enjoy the thrill of pioneering their positions to their full potential. Join us and discover a work experience where the person is valued more than the position, and where are our purple culture drives a remarkable experience.

Our advice to you

HealthEquity is fiercely focused on hiring passionate individuals to contribute to our purple culture. If you speak passion, excellence, service, ambition, fun… we want to speak with you! We believe that your personality is as important as your experience and qualifications so when we do have the opportunity to speak together, be authentic, be genuine, be you! Showcase your experience and your passion.

HealthEquity, Inc. is a proud promoter of equal opportunities for training, compensation, transfer, promotion, and other aspects of employment for all qualified applicants and employees. HealthEquity, Inc. support Equal Employment Opportunities without regard to sex, race, color, religion, national origin, age, disability, sexual orientation or veteran status when hiring – under federal, state and local laws.Develops guidance and assists the company in identifying, implementing, and maintaining information privacy policies and procedures in coordination with management, the Risk Committee, and the Legal department

Provides guidance to the products development team so that products conform to privacy-by- design principles

Performs initial and periodic privacy impact assessments and information privacy risk assessments

Develop metrics for measuring privacy compliance in coordination with HealthEquity’s compliance and operational assessment functions

Works with management to ensure the organization has and maintains a process of:

Obtaining and storing the necessary consents and authorization to access personally identifiable information;

Recording all access of personally identifiable information, and creating reports of such access, in compliance with regulatory requirements, and;

Disseminating the public-facing policies reflecting current organization and regulatory requirements

Works with corporate training to ensure delivery of privacy related training to employees and third parties

Participates in the development, implementation, and ongoing compliance monitoring of appropriate vendors and third-parties, to ensure all privacy concerns, requirements, and responsibilities are addressed

Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy policies, in consultation with the Legal and compliance departments

Recommends consistent application of sanctions for failure to comply with privacy and information security policies by employees, contractors and vendors

Creates legally compliant processes for review, approval or denial of non-routine use, access or release of personally identifiable information

Advises organization of developing federal and state privacy laws and accreditation standards, and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance

Collaborates on the further refinement of the breach/security incident response plan, and assists in incident responses

Provide support, management, and direction to staff and departmental activities. Identify and deliver value added opportunities

Conduct relevant industry research, trend analysis, and benchmarking

Present to the Board, executive management, partners, and applicable regulatory and rating agencies

Stay abreast of the latest threats and industry trends and update practices as necessary

Collaborate closely with industry and partner organizations to identify threat trends and best practices