Data Protection & Compliance Officer
My client is looking for a Data Protection and Compliance Officer (DPCO) to ensure their company is compliant with the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and Statement on Standards for Attestation Engagements (SSAE-18)
The DPCO will report to the CFO.
To be successful in this role, you should have in-depth knowledge of GDPR, HIPAA/HITRUST, SOC 2 and local data protection laws and be familiar with the medical industry and the nature of its data processing activities. This role will be responsible for ensuring GDPR, HIPAA/HITRUST and SOC 2 compliance through transparent data protection policies, systems and procedures.
- Act as point of contact with EU residents, supervisory authorities and internal teams
- Identify and evaluate the company's data processing activities
- Provide advice and instructions on how to conduct Data Protection Impact Assessments (DPIAs)
- Coordinate all Compliance Audit Activity
- Monitor data management procedures and compliance within the company
- Organize and participate in meetings with managers to ensure privacy by design at all levels
- Maintain records of processing operations
- Ensure we address all queries from data subjects within legal timeframes (e.g. delete their information from our databases)
- Liaise with other organisations that process data on our behalf
- Write and update detailed guides on data protection policies
- Perform audits and determine whether we need to alter our procedures to comply with regulations
- Offer consultation on how to deal with privacy breaches
- Arrange for training on GDPR, and HIPAA/HITRUST compliance for employees
- Follow up with changes in law and issue recommendations to ensure compliance
- The person appointed or designated the role of DPCO must have a thorough knowledge of the HIPAA Privacy and Security Rules and the solutions available that will allow him or her to develop a HIPAA compliance program.
- The DPCO is responsible for developing training programs and executing training courses. These should be designed to help employees understand HIPAA compliance and how any changes implemented will affect their specific duties.
- The DPCO is responsible for monitoring HHS' and the state's regulatory requirements. When new regulations or guidelines are introduced, the Officer must adjust the organization's HIPAA compliance program to reflect the changes.
- Other duties as assigned
- Experience in data protection and legal compliance
- Work experience in data protection and legal compliance is a plus
- Solid knowledge of/experience with GDPR and national data protection laws
- Solid knowledge of/experience with HIPAA/HITRUST requirements and implementation
- Solid knowledge of/experience with SSAE-18/SOC 2 requirements and audits
- Knowledge of data processing operations in the medical sector is preferrable
- Familiarity with computer security systems/critical security controls
- Ability to handle confidential information
- Ethical, with the ability to remain impartial and report all noncompliances
- Organizational skills with attention to detail
Additional Skills/Certifications (optional)
- Paralegal/Medical Secretary Experience
Morgan McKinley is acting as an Employment Agency in relation to this vacancy.
Please note that any references to salary or pay rates in this advertisement and in the salary refinement section are indicative only and should only be used as a guide.