Director, Privacy & Security Enterprise Engagement
Position Purpose
The Director leads the Privacy & Security Enterprise Engagement Officers (EEO) Shared Services Team within Enterprise Privacy & Security Risk Management (EPSRM). This role works with other Shared Services across the organization with a focus on EPSRM. Some of that work includes:
- Leading a team that is aligned to various shared service capabilities within Centene. Include privacy, security compliance, AI governance, Resiliency (e.g., BC/DR), security culture & training, marketing, Human Resources, Physical security, Digital, SSDLC and various other alignments.
- Supporting the Enterprise Engagement Officer team by knowing all controls, requirements, relevant regulations, participating in Legislation reporting and creation on topics relevant to the Team area.
- Building trusted partnerships with Health Plan leadership and key enterprise stakeholders (Enterprise Compliance, Operations, Business Technology Solutions, ITCC, Privacy, Vendor Risk, Legal, etc.) to drive contract assurance, readiness reviews, RFP support, and continuous improvement.
- Ensuring team alignment with EPSRM’s goals and accountability for Health Plan deliverables.
Strategic Leadership
Lead, coach, and scale the Shared Service EEO team to deliver consistent, high-quality engagement across all assigned state Medicaid Health Plans and the Medicare and Marketplace lines of business. Align staffing and resources to shared service and line of business complexity, volume, and key cycles. Ensure the team’s alignment with and achievement of defined goals. Responsible for onboarding, training, allocating and prioritizing tasks, setting goals, and managing performance and career development for team members.
Governance & Shared Service Engagement
Serve as the primary EPSRM engagement leader for Health Plan lines of business; support stakeholders as needed to track obligations, risks, and decisions. Direct and oversee the team’s ongoing efforts to serve as a subject-matter-expert for privacy, security and AI requirements and ensure regulatory, legislative, and contractual privacy, security & AI requirements are understood and operationalized. Provide Executive-ready updates for Health Plan and EPSRM leadership. Build trusted relationships with internal and external stakeholders to resolve blockers and escalate issues effectively. Meet with regulators or other state representatives to answer questions and achieve clarity on the understanding of requirements. Meet with auditors to demonstrate Centene's privacy, security, AI and operational resilience compliance.
Contract Requirements & Assurance
Interpret and operationalize privacy, security, AI, and business continuity obligations from contracts, RFPs, and laws/regulations (e.g., HIPAA, CMS/MARS-E/ARC-AMPE, NCQA, state Medicaid/Exchange). Maintain a centralized requirements & deliverables register or pipeline mapping obligations to owners, timelines, and evidence for audits & assessments. Ensure adequacy of control validation evidence and support gap closure prior to delivery or readiness reviews. Monitor legal and regulatory changes and how they are/will impact contracts and effectively communicating impacts to stakeholders. Direct and oversee the team’s ongoing efforts to discover, assess impact of, and communicate new or changing regulatory, legislative, and contractual requirements related to privacy, security, AI and operational resilience.
Risk Advisory & Compliance
Direct and oversee the team's ongoing efforts to identify and bring awareness to privacy, security, AI and operational resilience risks and control gaps, and champion solutions for those within the context of Centene's business operations and technology environments in partnership with internal and external teams to EPSRM. Deliverable Execution & Evidence Management. Ensure System Security Plans (SSPs) or System Security & Privacy Plans (SSPPs) and other related deliverables are accurate & complete. Establish and mature processes for plan deliverables (i.e., SSPs/SSPPs, BCP plans, incident response attestations, vendor security attestations, etc.). Readiness Reviews, RFPs & Audits. Support the Market Team as they work with market entries, procurements, and renewals—including RFP responses and readiness reviews. Direct and oversee the team’s ongoing efforts to ensure privacy, security, AI and operational resilience objectives are treated as business and technology requirements. Facilitate regulator and client requests with timely, accurate responses aligned to relevant policy. Incident, Vendor & Continuity Readiness. Ensure Health Plans understand EPSRM expectations for activities related to incident response, breach reporting, vendor management, etc. Validate readiness through participation in tabletop exercises and evidence reviews.
Continuous Improvement
Drive enhancements to engagement processes, reporting, and compliance maturity. Support and contribute to EPSRM’s multi-year plan and portfolio reporting.
Key Duties
Lead and manage Shared Services EEO team member performance, onboarding, and career development. Establish Shared Services engagement Objectives & Key Results (OKRs) and deliver reporting at defined intervals. Lead a team of and be a subject-matter expert for privacy, security, and AI requirements, including engagement with regulators and auditors. Coordinate cross-functional inputs for deliverables and ensure timely completion. Performs other duties as assigned. Complies with all policies and standards.
Education/Experience
- Minimum Education: Bachelor's degree in Information Security, Information Technology, Computer Science or other related field. Master's degree preferred.
- Minimum Experience: 8 years of experience with security capabilities, technologies, and architecture. 5 years of experience in leading Business Information Security Officer (BISO), Technology Information Security Officer (TISO), or Technical Enterprise Engagement teams and engaging with executive leaders. 3 years of experience with government sponsored health plan operations and associated regulatory and contractual requirements or similarly regulated industry. 3 + years of supervisory/management experience.
Additional Knowledge, Skills, and Abilities
- Ability to navigate and communicate regulatory, legislative, and contractual privacy and security requirements within the context of business operations and supporting technology environments.
- Ability to engage in a dialogue with business and technology stakeholders to achieve agreement on how to meet privacy and security requirements.
- Ability to lead and develop business and technology facing engagement teams within the context of regulatory, legislative, and contractual privacy and security requirements.
Pay Range
$148,000.00 - $274,200.00 per year
Benefits
Centene offers a comprehensive benefits package including: competitive pay, health insurance, 401K and stock purchase plans, tuition reimbursement, paid time off plus holidays, and a flexible approach to work with remote, hybrid, field or office work schedules. Actual pay will be adjusted based on an individual's skills, experience, education, and other job-related factors permitted by law, including full-time or part-time status. Total compensation may also include additional forms of incentives. Benefits may be subject to program eligibility.
About Centene
Centene is an equal opportunity employer that is committed to diversity, and values the ways in which we are different. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or other characteristic protected by applicable law.