Head of Governance, Global Privacy Office

Cigna   •  

Bloomfield, CT

Industry: Healthcare


5 - 7 years

Posted 45 days ago


Serve as Lead for Privacy Governance. The role is a direct report to the VP Global Privacy and head of US Healthcare Compliance and is part of the leadership team for the function. The role is responsible for creating and overseeing a consistent and comprehensive enterprise-wide compliance program providing privacy compliance infrastructure. The individual in this role will manage a team of privacy compliance experts to provide a consistent and best-in-class privacy program, working with corporate functions including ERM, Government Affairs, Legal, and audit. The role will be responsible for developing and implementing an enterprise framework for policies, procedures, and controls; operating models with business units and other stakeholders; issue management and assessment frameworks; and training and awareness campaigns. The role will also lead or support significant regulatory change management projects like CCPA. The role will also engage with regulators on enterprise level exams or issues. In addition to establishing a compliance program designed to meet all applicable global federal, and state regulatory obligations, the individual in this role will meet regularly with the heads of in-scope business segments to ensure that they are informed of compliance program status, notified of compliance risks, and can contribute to building a culture of compliance across his/her business segment. For each area of responsibility, the role is responsible for developing an end-to-end effective compliance program, including leading/participating in governance committees; supporting development / implementation of controls; providing risk-based effective advice to senior management levels; providing effective oversight and issue management; conducting risk assessments and monitoring and testing activities; engaging with regulators; and driving training and awareness to support business knowledge of compliance.


  • Policies and procedures
  • Responsible for an enterprise policy framework including global principles and specific regulatory or jurisdictional requirements to enable users to understand the range of privacy requirements.
  • Identifies regulatory requirements globally to ensure captured in the policy framework. Develops processes with legal for flow of new regulations to keep policy framework up-to-date.
  • Ensures policies and procedures include roles and responsibilities and operating models for clarity of business-owned and compliance-owned obligations.
  • Issue Management and Assessments
  • Establishes and embeds privacy triggers into enterprise processes such as for new products or SDLC.
  • Establishes framework for identifying, tracking, and reporting on privacy issues and risks.
  • Governance
  • Leads/participates on governance committees or activities with other corporate functions on control infrastructure such as Risk.
  • Engages with regulators or auditors on program-level exams; works with Government Affairs and legal to assist compliance or operational impact of policy-maker proposals.
  • Training, awareness, and communications.
  • Develops enterprise-level training content.
  • Develops the privacy communication plan for the enterprise and communication messages.
  • Manages the privacy mailbox for the function.
  • Ensures regulatory risk management:
  • Proactively identifies risks of non-compliance applicable to in scope business areas.
  • Facilitates the development and understanding of risk appetite to align with in-scope business leaders, the ELT and the Board of Directors.
  • Develops procedures and controls:
  • Oversees development of procedures and control operations to conform to regulatory policies and standards within risk appetite.
  • Partners with business leadership to execute strategic and financial objectives while maintaining compliance. Works to identify unique and innovative approaches.
  • Facilitates optimization of the number, depth, and impact of regulatory compliance controls in coordination with other oversight groups (financial audit, CIP, etc.)
  • Establishes appropriate metrics/procedures with business leadership.
  • Develops training and education programs, both standardized and specialized, as needed:
  • Leads appropriate leadership communications and engagement:
  • Develops reporting for regulatory changes, risk assessments, and issue management appropriate for the business segment leads, CCO, ELT and Board.
  • Has the ability to identify, develop and present escalation items to senior leadership.
  • Supports appropriate investigations and disciplinary action:
  • Supports the identification of matters that require investigation and potential disciplinary matters.
  • Per corporate policies, may lead or assist in investigations of violations and provide findings and recommendations to leadership.
  • Provides perspective to the CCO and ELT on the appropriateness of disciplinary actions across all levels of associates to ensure consistency and sufficient disciplinary actions that limit repeated violations.
  • Oversees corrective action implementation:
  • Oversees corrective actions taken with respect to compliance issues, gaps or incidents. Evaluates appropriateness of corrective action timeliness and delays.
  • Assists to prioritize resource deployment for corrective actions and operational improvements while taking into account strategic, operational, customer, financial and business needs.
  • Evaluates compliance program effectiveness:
  • Coordinates oversight needs across corporate units
  • Provides thought leadership to streamline and optimize coordinated implementation, such as regarding common policy and standards, training programs, enterprise tools and platforms, shared service organizations, and other activities.


  • Exceptional integrity, critical thinking, and leadership stature.
  • 5+ years of leadership in privacy legal or compliance, preferably in health care or regulated industry.
  • Masters and/or JD degree preferred.
  • IAPP privacy certifications preferred.
  • Proven track record and experience program building, managing people and leading teams; minimum 3 years of management experience.
  • Process improvement knowledge and experience.
  • Successful project management experience in highly matrixed environment, with proven results.
  • Strong facilitation, influencing, negotiating and relationship building skills to work across matrix partner areas.
  • Excellent written and oral communication skills.
  • Strong planning/organizing/prioritizing skills with ability to meet changing priorities and critical deadlines.
  • Takes personal accountability for team and organizational results.