Director, Chief Privacy Official & Privacy Counsel job San Francisco California
Director, Chief Privacy Official & Privacy Counsel job San Francisco California
My Spider Scam Awareness Contacting Us F. A. Q.
Job Seekers
Search Jobs
Browse Jobs
Post a Resume
Job Alerts
Search Resumes
Browse Resumes
Post a Job

Director, Chief Privacy Official & Privacy Counsel Job

Employer Name: SpiderID: 12887958
Location: San Francisco, California Date Posted: 9/24/2022
Wage: Negotiable Category: Insurance
Job Code: 17001ZE-2191

Job Description:
Looking for a chance to do meaningful work that touches millions? Come join the hardest working, nonprofit health plan in California and help us shape the future of health care. Blue Shield of California is focused on transforming health care by making it more accessible, affordable and customer-centric. Being a mission-driven organization means we do much more than serve our 3.5 million members: we were the first health plan in the nation to limit our annual net income to 2 percent of revenue and return the difference to our customers and the community, and since 2005 we have contributed more than million to the Blue Shield of California Foundation to improve community health and end domestic violence. We also believe that a healthier California begins with our employees, so we provide them with resources to develop and maintain a healthy lifestyle through our award-winning wellness program, Wellvolution.

We're hiring smart thinkers and doers who want to work for a leader and innovator in the challenging, ever-changing healthcare space. Come and help us make health care better for everyone.


This role will act as the Company's Chief Privacy Official and Privacy Counsel ("CPO"). BSC's Privacy Office is part of the Corporate Integrity and Compliance Department ("Compliance") within the BSC Law Department. This position reports to the Vice President, Chief Risk and Compliance Officer and manages four Privacy Specialists. The other divisions of Corporate Compliance are Corporate Compliance & Ethics, Enterprise Risk Management, Medicare Compliance, and the Special Investigations Unit (Fraud/Waste/Abuse). Each Compliance function is managed by one or more Directors who will be peers of the CPO.

The BSC Privacy Office, under the CPO's direction, owns the development and maintenance of the Company's Privacy Program and ensures compliance with applicable privacy and privacy-related consumer protection laws across the enterprise, including all business units, products and services. The Privacy Program includes the implementation and maintenance of proper preventive, detective and remedial controls, the execution of relevant policies and procedures, training and educating the workforce, implementing an effective communications program, ensuring effective testing, auditing, monitoring, tracking and reporting, remediating control deficiencies, and data breach response and management. The Privacy program encompasses all privacy-related subject matter areas, including, for example, data protection, marketing privacy, privacy breach incident response, Business Associate contracting and oversight, online privacy, as well as customer, employee, broker, and provider privacy. The CPO works closely with other Compliance teams while partnering with key operational stakeholders including IT Security and Internal Audit. The CPO will be responsible for the provision of privacy legal counsel to the company and all of its business and operational units, as well as other in-house BSC attorneys. The CPO will lead and coordinate privacy/data breach response activities, liaise with internal and external resources, represent BSC's interests before state and federal privacy enforcement agencies, and address privacy inquiries from BSC customers and business partners. The CPO will be required to work collaboratively with other Compliance teams and to support the Vice President, Chief Risk and Compliance Officer with various initiatives including preparation of Audit Committee reports.

Specific Responsibilities Include:
• Lead all aspects of BSC's Privacy program across the enterprise, including all business units, products and services.
• Chair, engage, and facilitate meetings of the Privacy Council, the governance body for the Privacy Program
• Lead team of Privacy professionals to ensure robust and effective preventive, detective and remedial privacy controls throughout the Company's operations.
• Conduct annual strategic planning for Privacy program needs and objectives.
• Maintain clear, effective, and legally compliant privacy policies and procedures.
• Implement and execute effective training, communications and awareness programs to properly educate employees and business partners regarding privacy legal requirements and responsibilities.
• Implement and execute effective testing, auditing, monitoring, tracking and reporting procedures to ensure the success of the program, as measured by regular assessments and metric-based analysis.
• Conduct privacy investigations, including data security breaches and other privacy matters. Prepare comprehensive investigation summary reports. Ensure proper corrective action and remedial measures are taken once investigations are completed.
• Counsel and advise the business units regarding new and existing initiatives, products and services. Support the business on implementing and executing such guidance.
• Ensure compliant marketing campaigns and information sharing and disclosure practices, including social media and other forms of emerging technologies and Internet-based communications vehicles.
• Ensure proper remediation regarding identified privacy control deficiencies.
• Ensure proper vendor and third party oversight, including negotiation and maintenance of all required contractual and operational controls (e.g., Business Associate Agreements").
• Build and maintain effective relationships with all relevant internal and external stakeholders, including federal, state and local regulatory entities, the Blue Cross Blue Shield Association (BCBSA), IT, IT Security, Marketing, Human Resources, Employee Relations, Legal, and Internal Audit, among others.
• Compile clear, accurate and timely reports for senior management and the Board, as needed. This includes the proper investigation and inquiry reporting, tracking, closure metrics and accompanying analyses (e.g. trend and pattern identifications).

• Work with and respond to regulators and law enforcement, as needed.

Candidate Profile & Requirements:
• Senior leader and strategic thinker with extensive health care privacy and compliance experience.
• Knows how to build, lead and sustain an effective Privacy Program aimed to prevent, detect and remediate actual and potential privacy risks.
• Extensive privacy and compliance investigations experience, including the ability to lead cross-organizational and complex investigations from start to finish.
• Strong political acumen to partner and collaborate with, and influence, all relevant stakeholders, both internal and external, including executive management. Strong communication and relationship-, coalition- and consensus-building skills required.
• Strong independent judgment, critical and analytical thinking, and problem-solving skills required.
• Strong moral compass and high integrity required. Must do the right thing, even when it means doing the difficult thing.

Knowledge and Skills:
• Extensive health care privacy and compliance expertise and experience.
• Ability to independently and self-sufficiently lead the function with minimal supervision and direction.
• Strong verbal, written, and oral communication skills. Strong ability to influence at all levels of the organization, including executive management, the Board, Audit Committee, workforce members, regulators, local, state and federal officials, customers, partners and vendors. Strong ability to synthesize vast amounts of complex data, and clearly and concisely articulate the relevant points without getting lost in the weeds.
• Proven ability to multi-task, thrive and deliver in a highly regulated, demanding, entrepreneurial, and constantly changing corporate environment. Demonstrated ability to regularly re-prioritize risks, objectives and action plans based on an evolving corporate and regulatory landscape. Ability to deal well with ambiguity and complex situations. Ability to lead a team through growth and change.
• Ability to set a clear vision for the department and to successfully execute on the vision.
• Experience in building programs, process improvements and/or re-engineering.
• Strong leadership, people management and mentoring skills.


Required Education/Experience
• Bachelor's degree and J.D. from an ABA accredited U.S. law school, current admission to the bar of at least one US state, eligibility for CA in-house counsel licensure required.
• Minimum 10 years legal practice experience, health care privacy experience required, in-house counsel experience strongly preferred
• Personnel and privacy program management experience required
• Strong breach management/response experience required
• CIPP/US Certification from the IAPP ( or willingness to obtain same) preferred

• Minimum of 10 years of health care privacy experience with increasingly progressive responsibility. Prior in-house privacy compliance and legal experience required. Chief Privacy Officer experience preferred, but not required. Functional subject matter expertise in HIPAA, HITECH, CAN-SPAM, TCPA, PCI DSS, security breach notification laws, privacy-related marketing and advertising laws, and other applicable laws and regulations required.
• Proven ability to effectively and timely manage multiple initiatives and cross-departmental projects.
• Substantive experience dealing with health care regulators, law and regulatory enforcement agencies.
• Demonstrated leadership, ability to drive results and engage senior leaders, and ability to influence cross-organizational stakeholders and decision makers with different operational responsibilities. Proven track record of building consensus, forging coalitions and leveraging professional relationships to achieve strategic objectives and to create an effective "culture of compliance."

Preferred Experience & Skills:
• Extensive corporate investigations experience preferred.
• Strong familiarity with health plan systems and applications preferred.
• Strong program and project management experience preferred.
• Knowledge of California privacy laws and regulations preferred.

Job Criteria:
Start Date:
Position Type: Full-Time Permanent
Years of Experience Required:
Education Required:
Overnight Travel:
Vacation Time:

Contact Information:
Contact Name: Blue Shield of California Company Type:
Company: Blue Shield of California

Send ad to a friend


© 2023 Job Spider
Privacy Policy | CC Marketing Sites | Site Map | Links