Requisition ID: 933345
Store #: X00181 N.A. Compliance - OH CSC
Position: Full-Time
Total Rewards: Benefits/Incentive InformationGENERAL FUNCTIONThe Director - Data Protection (EyeMed) leads and oversees all ongoing activities related to the development, implementation, maintenance of, and adherence to the Company's privacy and data protection program. This includes compliance with state and federal privacy regulations and the Company's internal privacy policies and procedures.
MAJOR DUTIES AND RESPONSIBILITIES- Builds and oversees a strategic and comprehensive privacy program that develops, maintains, and implements policies and processes that enable consistent and compliant privacy practice.
- Works with Sr. Management, security, legal and compliance to establish governance for the privacy program.
- Collaborates with information security officer to ensure alignment between security and privacy compliance.
- Establishes ongoing process to track, investigate, and report inappropriate access and disclosure of protected information.
- Establish process for receiving, documenting, tracking, investigating and taking action on complaints concerning the Company's privacy policies and procedures in coordination and collaboration with other similar functions.
- Manages all required breach determination and notification processes under HIPAA and applicable state breach rules, requirements.
- Oversees, develops, and delivers ongoing privacy training to Company workforce.
- Manages privacy complaints, breaches and investigations by regulatory authorities.
- Interacts and provide reporting analysis to executive-level leadership on all privacy issues.
- Assists the identification, implementation, and maintenance of the Company's privacy policies and procedures in coordination with Company management and legal counsel.
- Initiate and oversees periodic privacy risk assessments for the Company, including all mitigation and remediation plans/efforts
- Maintain current knowledge and compliance of state and federal privacy regulations applicable to Operations
- Ensures the Company maintains appropriate privacy and confidentiality consents authorization forms and information notices and materials reflecting current privacy practices
BASIC QUALIFICATIONS- Bachelor's Degree
- 10 years experience as a privacy officer.
- Thorough knowledge and experience with privacy laws in North America, including HIPAA and state privacy regulations.
- Experience and skill at writing policies and procedures, directing and managing external privacy counsel and providing opinions/guidance to the Company on privacy issues.
- Experience and thorough knowledge of business agreements.
- In-depth experience with data privacy compliance and incident management, including implementation of breach response protocol, oversight of regulatory, individual notifications/compliance.
- Experience with budget oversight, management.
- Strong interpersonal relationships, cross cultural sensitivity, builds effective teams
PREFERRED QUALIFICATIONS- Juris Doctorate (J.D.) from an accredited law school.
- Bachelor's degree in a healthcare-related field.
- Privacy certification, such as Certified Information Privacy Professional (CIPP).
This posting is for an existing vacancy within our business. Employee pay is determined by multiple factors, including geography, experience, qualifications, skills and local minimum wage requirements. In addition, you may also be offered a competitive bonus and/or commission plan, which complements a first-class total rewards package. Benefits may include health care, retirement savings, paid time off/vacation, and various employee discounts.