Skip to content
Senior Program Manager – Compliance & Privacy
| Company | Gravie |
|---|
| Location | Minneapolis, MN, USA |
|---|
| Salary | $105000 – $175000 |
|---|
| Type | Full-Time |
|---|
| Degrees | Bachelor’s |
|---|
| Experience Level | Senior, Expert or higher |
|---|
Requirements
- Bachelor’s degree
- 7+ years of experience in healthcare or similarly regulated industry
- Demonstrated experience specifically in healthcare compliance requirements
- Existing or development of expert knowledge of healthcare privacy frameworks combined with strategic vision to transform compliance requirements into actionable safeguards
- Experience developing and implementing policies and procedures
- Experience in data privacy, or related field
- Strong analytical skills and ability to interpret complex regulatory requirements
- Excellent written and verbal communication skills with ability to translate regulatory and compliance requirements into actionable guidance
- Proven ability to work independently and prioritize multiple competing demands
- Strong project management and organizational skills
Responsibilities
- Advance healthcare compliance and data privacy programs for a fast growing health benefits company
- Maintain regulatory documents (SPDs, SBCs, etc.)
- Develop and implement a comprehensive SOC 2 audit readiness process and ensure alignment with Trust Services Criteria (TSC)
- Create sustainable compliance infrastructure for ongoing audit maintenance
- Assist with development of a regulatory change management process
- Provide guidance and interpretation of complex regulatory requirements to internal stakeholders
- Serve as primary liaison for researching and responding to external regulatory inquiries
- Direct privacy initiatives, including management of privacy incident response, including investigations, remediation, and regulatory reporting
- Conduct internal compliance investigations, documenting remediation efforts and outcomes
- Map data flows across enterprise systems to identify vulnerabilities, implement appropriate controls, and ensure regulatory compliance throughout information lifecycles
- Monitor privacy regulations (state laws, GLBA, PCI, GDPR) to assess applicability, maintain organizational readiness, and oversee implementation of new requirements
- Collaborate with cross-functional teams (e.g., Legal, IT, Information Security, and Operations) on compliance and data privacy related projects and initiatives
Preferred Qualifications
- Previous start up company experience
- Familiarity with laws impacting health plans, such as the ACA, ERISA, and Section 125
- In-depth knowledge of HIPAA privacy and security requirements
- Privacy certifications such as CIPP, CIPM, CIPT, or CISA
- Experience with SOC 2 audit readiness
- Experience with privacy technology solutions and tools
- Knowledge of state and/or international privacy regulations (CCPA, GDPR, etc.)
