Privacy Compliance Analyst

Privacy Compliance Analyst

Requirements

• BA/BS degree
• 2-4 years of relevant work experience
• Extensive knowledge and experience in United States health and general privacy compliance requirements
• Demonstrated capacity to understand, compare, analyze, and communicate complex regulatory and business challenges
• Experience defining, drafting, and implementing policies and training materials
• Experience conducting ongoing privacy compliance and monitoring activities
• Demonstrated organization, facilitation, communication, and presentation skills
• Strong project management skills, including ability to think end-to-end and manage multiple priorities/projects simultaneously for multiple stakeholders
• Excellent interpersonal skills; a team player with ability to collaborate at all levels of the organization
• Strong analytical capability and problem-solving skills, with attention to detail
• Keen judgement, integrity, and tact
• Strong written and verbal communication
• Self-starter with the ability to work independently

Responsibilities

• Assist in the development of, and ongoing updates to, PointClickCare’s privacy policies, controls, and training materials
• Assist in the unification/consolidation of privacy policies across PointClickCare’s subsidiaries
• Identify, communicate, and document privacy risks, privacy policy gaps, and privacy policy exceptions
• Stay informed of relevant regulatory and industry changes, trends, and best practices and assess the potential impact of these changes on PointClickCare
• Meet regularly with the Product Management and Clinical Solutions teams to ensure ‘privacy-by-design’ consistency in all PointClickCare services
• Assist in responding to internal and external privacy impact assessments, privacy questionnaires, and other privacy compliance questions
• Assist the Security and Trust team on all privacy-related matters encompassed within security assessments/audits (e.g., for HITRUST CSF, SOC 2 Type II, etc.)
• Assist the Security and Trust team in analyzing the privacy implications and reporting obligations associated with information security incidents/events
• Work with Cloud Operations and other data storage teams to ensure alignment with privacy policies and data retention policies
• Perform privacy risk/impact/compliance assessments of certain sub-business associates and other third-party service providers
• Assist with responses to data/records requests
• Successfully set priorities, perform tasks in an orderly fashion, and meet deadlines
• Prepare agenda for and support legal and regulatory committees
• Travel 2-3x per year

Preferred Qualifications

• Privacy-related certifications desired (e.g., CIPP, CIPM, etc.)
• Familiarity with Canadian health and general privacy laws (e.g., PIPEDA, PHIPA, etc.)
• SaaS business experience
• Health information exchange experience