The Privacy Administrator provides the thought leadership in the discipline of Privacy and is responsible for establishing and maintaining privacy processes, policies, standards, and procedures. The Privacy Administrator supports privacy investigations and incident response and leads efforts to train and drive awareness entity wide on privacy practices. They also assist in the execution of other GRC related processes including:
IT Control Management and Compliance
Third Party Risk Management
NIST Cybersecurity and HITRUST framework alignment
Risk assessment methodology and execution
Data Loss Prevention
Responsibilities include but are not limited to:
Develops and maintains privacy governance and compliance controls to minimize risk to the organization. This includes, but is not limited to, developing and maintaining of a formal privacy program with corresponding processes, policies, standards and procedures; and ensuring compliance to HIPAA and other State or Federal regulatory requirements.
Establishes and maintains processes to identify gaps in privacy controls. This includes, but is not limited to, reviews / audits of departmental processes, policies, and procedures; reviews / audits of third party vendors; testing of regulatory compliance to HIPAA and other State or Federal requirements; plus development and analysis of metrics.
Develops and maintains a formal privacy and information security training program, as well as supplementing that training with ongoing awareness. This includes online training supplemented with classroom and individual training. Utilizes reports and metrics to demonstrate training compliance and effectiveness.
Provides direction and oversight for BCBSA initiatives related to de-identification, masking, and/or encryption of protected health information (PHI) or other personally identification information (PII).
Maintains the BCBSA System wide Incident Response Guidance (SWIRG), the BCBSA Privacy Response Plan, and List Serves, and performs exercises of the plan internally and with external stakeholders on a periodic basis.
Provides oversight on access to and release of protected health information (PHI) and other personally identifiable information (PII), performing periodic reviews of both.
Required Basic Qualifications:
Minimum of 5 years in a privacy, information security, planning, administration, audit, or resource and compliance management role
Bachelor degree in Information Technology or related field required
Must have a full understanding of legal and regulatory requirements relating to Privacy in the healthcare sector including Federal and State legislative mandates and requirements to safeguard Protected Health Information (PHI) and/or Personally Identifiable Information (PII). This also includes experience with the Health Insurance Portability and Accountability Act (HIPAA)
Experience supporting privacy initiatives; implementing or maintaining policies, processes and procedures; and implementing training and awareness programs
Experience with unified control frameworks, policy management, internal/external audit management, and data loss prevention
Working experience in managing 3rd party risk
Experience in working with GRC technology (e.g., Archer, Open Pages)
Working knowledge of integrating security compliance requirements and artefacts into the project management lifecycle and SDLC
Certified Information Privacy Professional (CIPP), and/or
Certified Information Privacy Professional / Information Technology (CIPP/IT)
Preferred Basic Qualifications:
Knowledge and experience in project and change management.
Knowledge of the BCBS system and practices.
Knowledge of vendor management and contract administration.
MBA or MS degree
Certified Information Systems Security Professional (CISSP)
Certified Information Security Auditor (CISA)
Additional Salary Information: annual performance bonus up to 8%
Internal Number: 2019-3260
About Blue Cross Blue Shield Association
As the association representing our 36 BCBS companies, the Blue Cross Blue Shield Association (BCBSA) provides a strong foundation of national leadership with industry colleagues, government officials, the media and the public. BCBSA employees work in our offices in Chicago and Washington, D.C.