Privacy Lead Consultant

Job Description Summary:

This role leads BCBSA's privacy compliance efforts, ensuring alignment with HIPAA, state, and international regulations. Builds and operationalizes privacy programs, drives awareness, and supports incident response across the enterprise.

Responsibilities include but are not limited to:

• Builds and operationalizes BCBSA's privacy program, including conducting privacy impact assessments, HIPAA risk assessments, and responding to privacy incidents impacting BCBSA's business units in compliance with applicable policies, procedures, and legal requirements.
• Collaborates across BCBSA on privacy related matters, including with legal, information security, enterprise risk management, and data governance on privacy-related contracting, privacy risk identification and risk mitigation.
• Supports the BCBSA Incident Response process, including the BCBSA Privacy Response Plan, engagement with Blue System colleagues on Systemwide incident response, and conducts regular exercises of incident response plans.
• Participates in the development and operationalizing of BCBSA's privacy training program, as well as supplementing that training with ongoing awareness. This includes online training supplemented with classroom and individual training.
• Collaborates with BCBS organizations to share best practices, and either leads or assists with establishing privacy training and educational sessions internally across BCBSA and externally, across the Blue System.

The posting range for this position is:
$130,609.00-$187,868.65

Required Education, Certifications and Experience:

Education:

• Required Bachelor's Degree Compliance, Audit, Business; or equivalent experience
• Preferred Juris Doctor

Experience:

• Required 7+ Years privacy, planning, administration, audit, or compliance management role

Knowledge Skills and Abilities:

• Must have a full understanding of legal and regulatory requirements relating to Privacy in the healthcare sector including Federal and State legislative mandates and requirements to safeguard Protected Health Information (PHI) and/or Personally Identifiable Information (PII). This also includes experience with the Health Insurance Portability and Accountability Act (HIPAA).
• Knowledge and experience in project and change management.
• Knowledge of vendor management and contract administration.
• Relationship, facilitation, presentation and communication skills; ability to collaboratively plan, document, and present privacy risks and achieve buy-in from system custodians and business owners.

Certifications & Licenses

• Required: Certified Information Privacy Professional (CIPP) - IAPP

Additional Posting Information:

• Lead and support enterprise privacy initiatives, including the development, implementation, and maintenance of privacy policies, procedures, standards, and controls.
• Design, deliver, and maintain privacy training and awareness programs to promote a strong culture of privacy compliance across BCBSA.
• Provide subject‑matter expertise on privacy regulations and requirements, including HIPAA Privacy and Security Rules, state privacy laws, and emerging domestic and international privacy obligations.
• Support and participate in HIPAA and privacy risk assessments, including control evaluations, gap analyses, and remediation planning.
• Assist the Compliance and Privacy Official with privacy investigations, including intake, analysis, documentation, and resolution of privacy complaints and potential violations.
• Support and coordinate privacy incident response and breach notification activities, including fact‑finding, regulatory analysis, internal coordination, and external notifications as required.
• Serve as a point of contact for privacy‑related matters across the enterprise, providing guidance to business areas, legal, compliance, IT, and other stakeholders.
• Assessing and advising on privacy risks associated with vendors, third parties, and Business Associates, including supporting contract reviews, negotiations, and risk mitigation strategies.
• Engaging with external stakeholders—such as regulators, counsel, vendors, or partners—when responding to privacy incidents, investigations, or inquiries.
• Supporting the integration of privacy requirements into business processes, projects, and initiatives, including privacy‑by‑design and privacy‑by‑default practices.
• Monitoring regulatory developments and emerging privacy risks and providing impact assessments and recommendations to leadership.
• Supporting audits, examinations, and assessments related to privacy, and coordinating responses to internal and external audit requests.
• Contributing to enterprise risk management and compliance activities related to privacy, including issue tracking, corrective actions, and reporting.
• Developing and maintaining privacy metrics, documentation, and artifacts to support governance, oversight, and continuous improvement.
• Collaborating across BCBSA to promote consistent, compliant handling of personal and protected information.

#LI_HYBRID