JOB DETAIL

Job Summary

We are currently looking for a Senior Associate with HIPAA experience for our Data Protection Managed Services team. BDO is the go-to firm for multi-national companies to meet their complex data protection and compliance needs. Leveraging our global network, expertise, and technology, our professionals deploy a client centric, agile approach to work seamlessly and efficiently to identify, mitigate and manage risk within client organizations. Our professionals work with clients to implement holistic privacy and data governance programs that can adapt to global data protection requirements and obligations while aligning to their business strategies. Professionals will engage in all aspects of a data protection program and will work with clients directly to address their needs and execute tasks.

Job Duties

Job Responsibilities

• Conduct general privacy and HIPAA-specific assessments by interviewing key client stakeholders and documenting observations, risks and recommendations
• Assist clients with HIPAA compliance efforts and remediation activities
• Develop aspects of the client policies and procedures (e.g., Privacy Notice, Privacy Policies, Data Management) based on industry best practices, client privacy standards, and regulatory requirements
• Assist with individual rights requests/consumer rights requests fulfillment within given time constraints
• Execute and evaluate Privacy Impact Assessments (PIAs) and work with client stakeholders to determine risk remediation plans, as needed
• Assist with the development of privacy training and awareness content
• Conduct data mapping exercises to maintain records of processing, data inventories, data flow diagrams, and/or Article 30 registers
• Monitor regulatory updates, guidance, and case law to remain current on global regulations and help clients identify areas of opportunity for improving their data privacy practices
• Implement and execute processes using privacy-enhancing technologies such as OneTrust and TrustArc
• Effectively communicate with key stakeholders and leadership regarding status, issues, and priorities to achieve expected outcomes
• Play an active role in mentoring, providing support, and sharing knowledge with junior members of the team

Qualifications, Knowledge, Skills and Abilities

Education:

• A Bachelor's Degree, required
• IAPP or equivalent training, a plus
• IAPP or other relevant privacy certifications, a plus
• Law degree or certifications related to healthcare law or healthcare compliance, a plus

Experience and Skills:

• Minimum of 3-5 years of experience in a privacy or privacy-adjacent field (e.g., information security, IT, or legal)
• Minimum of 3 years of experience with and knowledge of the US-based Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act
• Consulting experience on HIPAA-related privacy compliance and remediation activities or planning and managing a HIPAA-related privacy compliance efforts internally
• Demonstrated consulting, interpersonal and client relationships skills
• Demonstrated proficiency in Microsoft Office, with focus on Word, PowerPoint, Visio, and Excel
• Ability to thrive in a fast-paced environment to meet client and regulatory deadlines
• Ability to self-manage daily tasks
• Organized and proficient at managing multiple sources of data and information
• Ability to work in a collaborative environment
• Experience with Privacy Enhancing Technology (e.g., OneTrust, TrustArc), a plus