Privacy Lead Consultant
Blue Cross Blue Shield Association · Chicago, IL · 2 wk ago
Engineering$131k–$188k/yrFull-time
Job Description Summary
This role leads BCBSA's privacy compliance efforts, ensuring alignment with HIPAA, state, and international regulations. Builds and operationalizes privacy programs, drives awareness, and supports incident response across the enterprise.
Responsibilities
- Builds and operationalizes BCBSA's privacy program, including conducting privacy impact assessments, HIPAA risk assessments, and responding to privacy incidents impacting BCBSA's business units in compliance with applicable policies, procedures, and legal requirements.
- Collaborates across BCBSA on privacy related matters, including with legal, information security, enterprise risk management, and data governance on privacy-related contracting, privacy risk identification and risk mitigation.
- Supports the BCBSA Incident Response process, including the BCBSA Privacy Response Plan, engagement with Blue System colleagues on Systemwide incident response, and conducts regular exercises of incident response plans.
- Supports the development and operationalizing of BCBSA's privacy training program, as well as supplementing that training with ongoing awareness. This includes online training supplemented with classroom and individual training.
- Collaborates with BCBS organizations to share best practices, and either leads or assists with establishing privacy training and educational sessions internally across BCBSA and externally, across the Blue System.
Requirements
The Posting Range For This Position Is $130,609.00-$187,868.65
Education, Certifications and Experience
- Required: Bachelor's Degree Compliance, Audit, Business; or equivalent experience
- PREFERRED: Juris Doctor
- Experience Required: 7+ Years privacy, planning, administration, audit, or compliance management role
Knowledge, Skills and Abilities
- Must have a full understanding of legal and regulatory requirements relating to Privacy in the healthcare sector including Federal and State legislative mandates and requirements to safeguard Protected Health Information (PHI) and/or Personally Identifiable Information (PII).
- Knowledge and experience in project and change management.
- Knowledge of vendor management and contract administration.
- Relationship, facilitation, presentation and communication skills; ability to collaboratively plan, document, and present privacy risks and achieve buy-in from system custodians and business owners.
Additional Posting Information
- Lead and support enterprise privacy initiatives, including the development, implementation, and maintenance of privacy policies, procedures, standards, and controls.
- Design, deliver, and maintain privacy training and awareness programs to promote a strong culture of privacy compliance across BCBSA.
- Provide subject‑matter expertise on privacy regulations and requirements, including HIPAA Privacy and Security Rules, state privacy laws, and emerging domestic and international privacy obligations.
- Assessing and advising on privacy risks associated with vendors, third parties, and Business Associates, including supporting contract reviews, negotiations, and risk mitigation strategies.
- Engaging with external stakeholders—such as regulators, counsel, vendors, or partners—when responding to privacy incidents, investigations, or inquiries.
- Supporting the integration of privacy requirements into business processes, projects, and initiatives, including privacy‑by‑design and privacy‑by‑default practices.
- Monitoring regulatory developments and emerging privacy risks and providing impact assessments and recommendations to leadership.
- Supporting audits, examinations, and assessments related to privacy, and coordinating responses to internal and external audit requests.
- Contributing to enterprise risk management and compliance activities related to privacy, including issue tracking, corrective actions, and reporting.
- Developing and maintaining privacy metrics, documentation, and artifacts to support governance, oversight, and continuous improvement.
- Collaborating across BCBSA to promote consistent, compliant handling of personal and protected information.