Privacy Analyst

at  Capital Rx

REQUIRED QUALIFICATIONS:

• Bachelor’s degree or industry-related experience.
• 2+ years of hands-on experience working in data / information privacy, with a preference for experience supporting a corporate privacy / data protection program.
• Demonstrated high-level understanding of current data protection and privacy legislation, with an emphasis on HIPAA, as well as CCPA/CPRA and other state frameworks.
• Experience conducting ongoing privacy compliance and monitoring activities.
• Strong project management skills, with the ability to effectively prioritize and manage multiple privacy initiatives.
• Excellent communication and interpersonal skills, with the ability to collaborate and influence stakeholders at all levels of the organization.
• Passion to continuously develop and expand skills and knowledge base in data privacy.

PREFERRED QUALIFICATIONS:

• Experience administering and/or customizing Privacy SaaS platforms (e.g., OneTrust) to enable process improvement strongly preferred.
• CIPT, CIPM, CIPP, CDPSE or similar certification preferred but not required.
• Prior experience with a health care provider, payer, or other health care related organization.
• Prior experience with data governance committees or initiatives.
  Base Salary: $80,000 - $95,000
  This range represents the low and high end of the anticipated base salary range for the NY - based position. The actual base salary will depend on several factors such as: experience, knowledge, and skills, and if the location of the job changes.

ABOUT THE ROLE

We are seeking a dynamic and experienced privacy professional to join Capital Rx’s Privacy Office as a Privacy Analyst. In this key role, you will be responsible for leading or supporting a variety of crucial activities that significantly impact Capital Rx, its clients, and members. You will help refine existing processes and build out new processes to help ensure Capital Rx remains in compliance with all applicable federal and state requirements, with a heavy emphasis on HIPAA and state privacy law (e.g., CCPA/CPRA). In addition to longer term projects, you will address day-to-day privacy matters including member access requests, incident responses, and regulatory guidance.
You must have a solid grasp of current privacy law as well as industry trends, a strong attention to detail, and the ability to thrive in a fast-paced environment and effectively prioritize multiple tasks.
The successful candidate will possess a strong privacy background, excellent communication skills, and the ability to provide clear and actionable guidance to various stakeholders in the organization. Previous experience working in Healthtech an added plus.

POSITION RESPONSIBILITIES:

• Be a key part of the Capital Rx Privacy Office and work closely with the Legal, Compliance, Information Technology Security & Compliance (ITSC) teams.
• Identify potential gaps, analyze processes and controls, and implement improvements, including software/technology solutions, to help ensure compliance with regulations and best practices while emphasizing opportunities for greater efficiency and automation.
• Develop new, and enhance existing, privacy policies, procedures, and training.
• Keep current with privacy legislation/regulations and industry trends; analyze and report requirements and impacts on privacy programs, privacy notices, product and service offerings, and business operations.
• Work with business units across the company on the technical implementation of privacy compliance including data mapping, privacy impact assessments, and rights requests, and support ongoing operations of these efforts from the Privacy side.
• Coordinate with business units regarding data breach and security incident response.
• Participate in regular Privacy, Compliance, and ITSC focused internal and externals audits, questionnaires, and vendor assessments.
• Support special projects as needed for the Privacy Office.