Technical Privacy Manager

This a Full Remote job, the offer is available from: United States Our healthcare system is the leading cause of personal bankruptcy in the U.S. Every year, over 50 million Americans suffer adverse financial consequences as a result of seeking care, from lower credit scores to garnished wages. The challenge is only getting worse, as high deductible health plans are the fastest growing plan design in the U.S. Cedar’s mission is to leverage data science, smart product design and personalization to make healthcare more affordable and accessible. Today, healthcare providers still engage with its consumers in a “one-size-fits-all” approach; and Cedar is excited to leverage consumer best practices to deliver a superior experience. The Role Cedar is seeking an experienced Technical Privacy Manager to join our Legal & Compliance Team. The Technical Privacy Manager will be responsible for developing, implementing, and maintaining Cedar’s technical privacy program, with a strong focus on HIPAA, PCI-DSS, and US state privacy law compliance. This role will involve working closely with Cedar’s engineering, product, and security teams to embed privacy-by-design principles into Cedar’s products and services. The ideal candidate will possess a deep understanding of privacy regulations, technical architectures, and data security best practices within the fintech and healthcare sectors. Responsibilities • Privacy Program Management: • Implement and maintain the company's technical privacy strategy and roadmap. • Implement and manage privacy controls and processes across our systems and applications. • Conduct data mapping efforts, Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new products, features, and system changes. • Monitor and report on privacy program effectiveness and compliance. • Regulatory Compliance: • Work with Cedar’s security team to ensure all technical aspects of our operations comply with HIPAA Security Rule and Privacy Rule requirements as a Business Associate. • Ensure compliance with PCI-DSS requirements for handling cardholder data. • Ensure adherence to US state privacy laws, including the California Consumer Privacy Act (CCPA) and other relevant state-specific regulations. • Participate in incident response efforts related to potential privacy breaches, including investigation, containment, and reporting. • Conduct HIPAA risk assessments and respond to consumer inquiries and data requests (DSARs). • Technical Privacy Expertise: • Provide expert guidance on privacy-by-design and privacy engineering principles to product and engineering teams. • Collaborate with security teams to ensure a cohesive approach to data protection, integrating privacy and security controls. • Evaluate and recommend privacy-enhancing technologies (PETs) and solutions. • Policy and Procedure Development: • Develop and update technical privacy policies, standards, and procedures. • Ensure documentation of privacy controls and compliance activities. • Training and Awareness: • Develop and deliver privacy training programs for technical teams. • Foster a culture of privacy awareness throughout the organization. • Audit and Assurance: • Assist in internal and external audits related to privacy, HIPAA, PCI-DSS, and US state privacy law compliance. • Work with legal and security teams to respond to regulatory inquiries and ensure audit readiness. • Help Cedar respond to client questions and diligence regarding Cedar’s privacy and security posture. What we look for in an ideal candidate: • Education: • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree preferred. • Experience: • At least 5 years of experience in technical privacy, data protection, or cybersecurity roles, with a significant focus on HIPAA, PCI-DSS, and US state privacy laws (e.g., CCPA). • Previous experience in a fintech or healthcare technology environment. • Solid understanding of cloud computing environments (e.g., AWS, Azure, GCP) and their privacy implications. • Experience with other privacy frameworks and regulations such as GDPR, and other relevant data protection laws. • Technical Skills: • Deep knowledge of data encryption, access controls, data anonymization, and pseudonymization techniques. • Familiarity with secure software development life cycle (SSDLC) and privacy-by-design principles. • Understanding of network security, system hardening, and vulnerability management. • Certifications (Preferred): • CIPP/US, CIPP/E, CIPT, HCISPP, CISSP, or an equivalent privacy and security certification. • Soft Skills: • An enthusiasm for building a great privacy function in a company that’s still growing and scaling • Excellent communication and interpersonal skills, with the ability to articulate complex technical and privacy concepts to diverse audiences. • Strong analytical and problem-solving abilities. • Ability to work independently and as part of a cross-functional team. • High level of integrity and ethical conduct. Compensation Range and Benefits • Salary Range*: $148,750 - $175,000 • This role is equity eligible • This role offers a competitive benefits and wellness package • Subject to location, experience, and education #LI-REMOTE What do we offer to the ideal candidate? • A chance to improve the U.S. healthcare system at a high-growth company! Our leading healthcare financial platform is scaling rapidly, helping millions of patients per year • Unless stated otherwise, most roles have flexibility to work from home or in the office, depending on what works best for you • For exempt employees: Unlimited PTO for vacation, sick and mental health days–we encourage everyone to take at least 20 days of vacation per year to ensure dedicated time to spend with loved ones, explore, rest and recharge • 16 weeks paid parental leave with health benefits for all parents, plus flexible re-entry schedules for returning to work • Diversity initiatives that encourage Cedarians to bring their whole selves to work, including three employee resource groups: be@cedar (for BIPOC-identifying Cedarians and their allies), Pridecones (for LGBTQIA+ Cedarians and their allies) and Cedar Women+ (for female-identifying Cedarians) • Competitive pay, equity (for qualifying roles), and health benefits, including fertility & adoption assistance, that start on the first of the month following your start date (or on your start date if your start date coincides with the first of the month) • Cedar matches 100% of your 401(k) contributions, up to 3% of your annual compensation • Access to hands-on mentorship, employee and management coaching, and a team discretionary budget for learning and development resources to help you grow both professionally and personally About us Cedar was co-founded by Florian Otto and Arel Lidow in 2016 after a negative medical billing experience inspired them to help improve our healthcare system. With a commitment to solving billing and patient experience issues, Cedar has become a leading healthcare technology company fueled by remarkable growth. "Over the past several years, we've raised more than $350 million in funding & have the active support of Thrive and Andreessen Horowitz (a16z). As of November 2024, Cedar is engaging with 26 million patients annually and is on target to process $3.5 billion in patient payments annually. Cedar partners with more than 55 leading healthcare providers and payers including Highmark Inc., Allegheny Health Network, Novant Health, Allina Health and Providence. This offer from "Cedar" has been enriched by Jobgether.com and got a 85% flex score. Apply tot his job Apply To this Job