Privacy Manager

Employment Type: Full Time

Position Overview

Gravie is seeking a Privacy Manager to play a critical role in safeguarding sensitive information and ensuring Gravie’s compliance with a complex landscape of privacy laws and regulations. This individual will be responsible for developing, implementing, and monitoring privacy policies and procedures, managing privacy incidents, and collaborating cross-functionally to embed privacy-by-design principles across the organization. This role requires a strong understanding of the Health Insurance Portability and Accountability Act (HIPAA) and broader healthcare privacy practices, particularly within the payer/plan/carrier environment.

Responsibilities

• Assist in the development, implementation, and maintenance of comprehensive privacy policies, procedures, and training programs in alignment with applicable laws and industry best practices.
• Conduct regular privacy risk assessments and impact analyses to identify and mitigate potential privacy vulnerabilities.
• Monitor changes in privacy laws and regulations, assessing their impact on company operations and recommending necessary adjustments to policies and practices.
• Lead or assist in the investigation and resolution of privacy incidents, including potential breaches of Protected Health Information (PHI) and other sensitive data.
• Manage the incident response lifecycle from detection and containment to eradication, recovery, and post-incident analysis.
• Maintain accurate records of all privacy incidents, investigations, and remediation efforts.
• Ensure timely and compliant breach notification processes as required by HIPAA and state laws.
• Collaborate closely with the Information Security team on data protection initiatives, ensuring privacy requirements are integrated into security controls and data governance frameworks.
• Advise on privacy-by-design principles for new products, systems, and processes.
• Participate in vendor due diligence processes, particularly regarding Business Associate Agreements (BAAs) and data handling practices.
• Prepare for and support internal and external privacy audits, including HIPAA compliance assessments.
• Assist in the preparation and maintenance of documentation for SOC 2 (Service Organization Control 2) audits related to privacy criteria.
• Contribute to regulatory reporting requirements related to privacy.
• Serve as a subject matter expert on privacy matters, providing guidance and support to internal departments (e.g., Legal, IT, HR, Product, Operations, Sales).
• Review and approve language related to privacy in member communications, contracts, and marketing materials.
• Manage privacy-related inquiries and requests from members, clients, and regulatory bodies.

Requirements

• Bachelor's degree in a relevant field (e.g., Healthcare Administration, Information Systems, Legal Studies, Business).
• 3-5 years of progressive experience in privacy compliance within a relevant industry.

Company Information

Hi, we’re Gravie. Our mission is to improve the way people purchase and access healthcare through innovative, consumer-centric health benefit solutions that people can actually use. Our industry-changing products and services are developed and delivered by a diverse group of unique people. We encourage you to be your authentic self - we like you that way.