Job Description:
• Partners with either Health Plans or Shared Services to translate privacy, security, artificial intelligence (AI), business continuity, and related requirements from client contracts, laws, and regulations into actionable enterprise controls
• Builds trusted relationships with Health Plan leadership and key stakeholders to ensure contract assurance, readiness reviews, Request for proposal (RFP) support, timely deliverable fulfillment, compliance reporting, and continuous improvement
• Drives early engagement with Enterprise Privacy, Security and Risk Management (EPSRM) visibility and influence across the organization
• Lead EPSRM engagement with Health Plans or Shared Services to ensure privacy, security, AI, and business continuity requirements are clearly understood, implemented, and monitored
• Interpret and translate regulatory, contractual, and legal requirements into operational controls and guide stakeholders on compliance expectations
• Validate and manage compliance evidence, deliverables, and audit readiness, including responses to regulators, clients, and internal/external auditors
• Build and maintain strong relationships with leadership, operational teams, and regulators to remove obstacles, resolve issues, and support consistent compliance practices
• Track regulatory, legislative and contract changes, assess organizational impact, and communicate required actions while supporting scalable control updates
• Oversee the accuracy and completeness of privacy, security, AI, and business continuity documentation, including plans, attestations, questionnaires, and related submissions
• Enhance enterprise engagement processes by driving standardized procedures, governance practices, templates, and continuous improvement efforts
• Support new market entries, RFP responses, contract renewals, and business expansion by providing specialized EPSRM subject‑matter expertise
• Identify risks and control gaps, recommend mitigation strategies, and contribute to improved compliance maturity across the enterprise.
• Performs other duties as assigned.
• Complies with all policies and standards.
Requirements:
• Bachelor's Degree in Information Security, Information Systems, Risk/Compliance, Business, Law, or Compliance related capabilities or equivalent experience as a paralegal required
• Master's Degree in a related field preferred
• Juris Doctor (JD) preferred
• 7+ years privacy/security, risk, or compliance within the managed care, payer/health plan industry required
• 5+ years identifying, analyzing, and communicating security or privacy control requirements within the context of health plan operations, processes, and systems required
• Experience in assessing and interpreting contract and regulatory requirements, translating them into control-based operational capabilities, and ensuring delivery across multiple stakeholders required
• Experience interpreting, implementing and ensuring compliance with State & Federal Privacy, Cybersecurity & AI laws & regulations applicable to healthcare payors and related business entities required
• Licenses/Certifications: CISSP / CISM Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) Upon Hire required
• Certified Information Privacy Professional (CIPP/US ), Artificial Intelligence Governance Professional (AIGP), Certified Risk and Information Systems Control (CRISC) or Certified Information Security Analyst (CISA) or equivalent preferred
Benefits:
• health insurance
• 401K and stock purchase plans
• tuition reimbursement
• paid time off plus holidays
• flexible approach to work with remote, hybrid, field or office work schedules