Skip to main content
HealthPoint

Privacy Design & Governance Director - Remote

4w

HealthPoint

Oak Brook, US · Full-time · $150,000 – $190,000

About this role

Reporting to the Chief Privacy Officer, the Director of Privacy Design and Governance leads privacy integration into product development from concept to decommissioning. They advance a comprehensive privacy program aligned with HIPAA, GLBA, state laws, and emerging standards including AI/ML privacy frameworks.

They build and maintain a privacy control framework mapping regulatory requirements, and manage standards for data sharing, de-identification, and vendor data handling. The Director leads the organization’s privacy-by-design framework, conducts Privacy Impact Assessments, and provides risk-based guidance to business units.

Acting as a strategic partner to Product, Data Science, Legal, Security, Marketing, and Operations, the Director ensures privacy is embedded early in new initiatives. They assist the CPO with stakeholder engagement and change management to drive adoption across departments.

This role enables business innovation by balancing regulatory compliance with trust and transparency. The Director shapes privacy policies and monitors evolving regulations, positioning themselves as a thought leader in privacy governance.

They supervise a team, recruiting and training new staff while overseeing departmental workflow. Constructive performance evaluations ensure continuous improvement within the privacy function.

Requirements

  • Bachelor’s degree in Healthcare Administration, Risk Management, Information Systems, Legal Studies, Public Policy, or a related field (JD or MBA/MHA preferred).
  • Experience building and maintaining privacy control frameworks across multiple regulations (HIPAA, GLBA, state privacy laws, FTC).
  • Knowledge of privacy standards for data sharing, de-identification, artificial intelligence and machine learning, and vendor data handling.
  • Proven ability to lead privacy-by-design integration into product development and business processes.
  • Experience conducting Privacy Impact Assessments (PIAs) and managing risk evaluation for systems involving PHI, PII, and NPPI.
  • Strong cross-functional leadership skills to partner with Product, Data Science, Legal, Security, Marketing, and Operations teams.
  • Supervisory experience including recruiting, training, and managing staff performance.
  • Up-to-date knowledge of emerging privacy regulations and enforcement trends.

Responsibilities

  • Build and maintain a privacy control framework that maps requirements across HIPAA, GLBA, state privacy laws, FTC expectations, and other applicable federal regulations.
  • Manage the organization’s privacy-by-design framework, ensuring privacy considerations are embedded early in new product development, marketing initiatives, and business processes.
  • Lead a privacy advisory program that provides timely, practical, and risk-based guidance to business units on compliant data use and sharing.
  • Develop and manage the Privacy Impact Assessment (PIA) process to evaluate risks associated with new systems, projects, and technologies involving PHI, PII and NPPI.
  • Partner with Product, Engineering, and Security teams to define privacy control requirements and technical guardrails within design and deployment lifecycles.
  • Advise business units on individual rights processing (access, correction, deletion, opt-out) and ensure operational readiness for consumer privacy requests.
  • Monitor evolving HIPAA, GLBA, state, and federal privacy regulations, assessing their impact on organizational operations and policies, and provide thought leadership on emerging trends.
  • Recruit, interview, hire, and train new staff; oversee daily workflow of the department and provide constructive performance evaluations.

Benefits

  • Remote-first work environment with flexible location.
  • Opportunity to lead privacy-by-design initiatives across product development.
  • Cross-functional collaboration with Product, Data Science, Legal, Security, and other teams.
  • Influence on privacy policy, regulatory compliance, and emerging AI/ML privacy standards.