Director Data Protection

The Director of Data Protection at EyeMed will lead and oversee all activities related to the development, implementation, and maintenance of the Company’s privacy and data protection program. This role ensures compliance with state and federal privacy regulations and the Company’s internal privacy policies and procedures.

• Build and oversee a strategic and comprehensive privacy program that develops, maintains, and implements policies and processes for consistent and compliant privacy practice.
• Collaborate with Sr. Management, security, legal, and compliance to establish governance for the privacy program.
• Work with the information security officer to ensure alignment between security and privacy compliance.
• Establish ongoing processes to track, investigate, and report inappropriate access and disclosure of protected information.
• Manage all required breach determination and notification processes under HIPAA and applicable state breach rules.
• Oversee, develop, and deliver ongoing privacy training to the Company workforce.
• Manage privacy complaints, breaches, and investigations by regulatory authorities.
• Provide reporting analysis to executive-level leadership on all privacy issues.
• Assist in the identification, implementation, and maintenance of the Company’s privacy policies and procedures.
• Initiate and oversee periodic privacy risk assessments for the Company.
• Maintain current knowledge and compliance of state and federal privacy regulations applicable to Operations.

• Bachelor’s Degree.
• 10 years of experience as a privacy officer.
• Thorough knowledge and experience with privacy laws in North America, including HIPAA and state privacy regulations.
• Experience in writing policies and procedures and managing external privacy counsel.
• In-depth experience with data privacy compliance and incident management.
• Experience with budget oversight and management.
• Strong interpersonal relationships and cross-cultural sensitivity.
• Preferred: Juris Doctorate (J.D.) from an accredited law school, Bachelor’s degree in a healthcare-related field, Privacy certification such as Certified Information Privacy Professional (CIPP).