Reporting to the Chief Privacy Officer (CPO), the Director of Privacy Design and Governance serves as the privacy lead for product development, ensuring that privacy is embedded into products and data initiatives from concept and design through development, deployment, and decommissioning. In this role, the Director advances a comprehensive privacy program aligned with HIPAA, GLBA, applicable state privacy laws, and emerging federal and industry standards, including privacy frameworks, control mapping, and privacy standards for AI/ML and vendor data handling.

Acting as a strategic partner to Product, Data Science, Legal, Security, Marketing, and Operations, the Director conducts privacy impact assessments and risk assessments, defines data-minimization and retention strategies, identifies safeguards and controls, and provides clear guidance on compliant data use and disclosures, and individual privacy rights. Through strong cross-functional leadership and measurable governance, the Director enables business innovation while ensuring regulatory compliance and fostering trust, transparency, and accountability in all product and data practices.

Duties & Responsibilities:

• Build and maintain a privacy control framework that maps requirements across HIPAA, GLBA, state privacy laws, FTC expectations, and other applicable federal regulations.
• Manage comprehensive standards addressing data sharing, de-identification, artificial intelligence and machine learning, and vendor data handling.
• Manage the organization’s privacy-by-design framework, ensuring privacy considerations are embedded early in new product development, marketing initiatives, and business processes.
• Lead a privacy advisory program that provides timely, practical, and risk-based guidance to business units on compliant data use and sharing.
• Assist the CPO with stakeholder engagement and change management efforts, ensuring privacy requirements are clearly communicated, understood, and adopted across all departments.

• Develop and manage the Privacy Impact Assessment (PIA) process to evaluate risks associated with new systems, projects, and technologies involving PHI, PII and NPPI.
• Partner with Product, Engineering, and Security teams to define privacy control requirements and technical guardrails within design and deployment lifecycles.
• Support Marketing, IT, Security, Legal and Data Sciences teams in ensuring compliant practices related to data profiling and tracking technologies.
• Advise business units on individual rights processing (access, correction, deletion, opt-out) and ensure operational readiness for consumer privacy requests.

• Assist CPO in the maintenance of privacy policies and procedures, workforce training, and deliver targeted privacy training for business units.

• Monitor evolving HIPAA, GLBA, state, and federal privacy regulations, assessing their impact on organizational operations and policies.
• Provide guidance and thought leadership on emerging privacy trends, regulatory expectations, and enforcement priorities.
• Provide guidance and monitor compliance with the records retention policy to ensure proper administration in accordance with applicable laws and best practices.

Supervisory Responsibilities:

• Recruits, interviews, hires, and trains new staff.
• Oversees the daily workflow of the department.
• Provides constructive and timely performance evaluations.

#LI-Remote