Privacy Analyst at Capitalrx

About Judi Health Judi Health is an enterprise health technology company providing a comprehensive suite of solutions for employers and health plans, including: • Capital Rx, a public benefit corporation delivering full-service pharmacy benefit management (PBM) solutions to self-insured employers, • Judi Health™, which offers full-service health benefit management solutions to employers, TPAs, and health plans, and • Judi®, the industry’s leading proprietary Enterprise Health Platform (EHP), which consolidates all claim administration-related workflows in one scalable, secure platform. Together with our clients, we’re rebuilding trust in healthcare in the U.S. and deploying the infrastructure we need for the care we deserve. To learn more, visit www.judi.health. Position Summary We are seeking a dynamic and experienced privacy professional to join Capital Rx’s Privacy Office as a Privacy Analyst. In this key role, you will be responsible for leading or supporting a variety of crucial activities that significantly impact Capital Rx, its clients, and members. You will help refine existing processes and build out new processes to help ensure Capital Rx remains in compliance with all applicable federal and state requirements, with a heavy emphasis on HIPAA and state privacy law (e.g., CCPA/CPRA), as well as an underlying of developing AI laws and frameworks. In addition to longer term projects, you will address day-to-day privacy matters including member access requests, incident responses, and regulatory guidance. You must have a solid grasp of current privacy law as well as industry trends, a strong attention to detail, and the ability to thrive in a fast-paced environment and effectively prioritize multiple tasks. The successful candidate will possess a strong privacy background, excellent communication skills, and the ability to provide clear and actionable guidance to various stakeholders in the organization. Previous experience working in Healthtech an added plus. Position Responsibilities: • Be a key part of the Capital Rx Privacy Office and work closely with the Legal, Compliance, Information Technology Security & Compliance (ITSC), and AI Development teams. • Identify potential gaps, analyze processes and controls, and implement improvements, including software/technology solutions, to help ensure compliance with regulations and best practices while emphasizing opportunities for greater efficiency and automation. • Develop new, and enhance existing, privacy policies, procedures, and training. • Keep current with privacy legislation/regulations and industry trends; analyze and report requirements and impacts on privacy programs, privacy notices, product and service offerings, and business operations. • Work with business units across the company on the technical implementation of privacy compliance including data mapping, privacy impact assessments, and rights requests, and support ongoing operations of these efforts from the Privacy side. • Coordinate with business units regarding data breach and security incident response. • Participate in regular Privacy, Compliance, and ITSC focused internal and externals audits, questionnaires, and vendor assessments. • Support special projects as needed for the Privacy Office. • Responsible for adherence to the Capital Rx Code of Conduct including reporting of noncompliance. Required Qualifications: • Bachelor’s degree or industry-related experience. • 2+ years of hands-on experience working in data / information privacy, with a preference for experience supporting a corporate privacy / data protection program. • Demonstrated high-level understanding of current data protection and privacy legislation, with an emphasis on HIPAA, as well as CCPA/CPRA and other state frameworks. • Experience conducting ongoing privacy compliance and monitoring activities. • Strong project management skills, with the ability to effectively prioritize and manage multiple privacy initiatives. • Excellent communication and interpersonal skills, with the ability to collaborate and influence stakeholders at all levels of the organization. • Passion to continuously develop and expand skills and knowledge base in data privacy. Preferred Qualifications: • Experience administering and/or customizing Privacy SaaS platforms (e.g., OneTrust) to enable process improvement strongly preferred. • CIPT, CIPM, CIPP, CDPSE or similar certification preferred but not required. • Prior experience with a health care provider, payer, or other health care related organization • Prior experience with data governance committees or initiatives. • Experience with AI laws and frameworks. Salary Range$92,000—$115,000 USDAll employees are responsible for adherence to the Capital Rx Code of Conduct including the reporting of non-compliance. This position description is designed to be flexible, allowing management the opportunity to assign or reassign duties and responsibilities as needed to best meet organizational goals. Judi Health values a diverse workplace and celebrates the diversity that each employee brings to the table. We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. By submitting an application, you agree to the retention of your personal data for consideration for a future position at Judi Health. More details about Judi Health's privacy practices can be found at [Upgrade to PRO to see link]