NuVasive, Inc. is seeking to hire an experienced Privacy Specialist capable of developing and maintaining its Global Privacy Program, data security and information governance. The candidate will report to the Risk Management Leader/Privacy Officer and the position is part of the Global Risk & Integrity Department (GRI).
In collaboration with the Company’s Privacy Officer and GRI Leaders, this candidate will help implement security safeguards, including but not limited to: security risk analysis and management, monitoring and reviewing system access, following up on and mitigating security incidents. This individual also participates in project planning, implementation and post-implementation activities to support corporate policies and procedures concerning safeguarding of the organization’s confidential information. The position actively helps ensure the organization is in compliance with HIPAA, GDPR and other applicable federal, state and international laws, regulations and guidance concerning the safeguarding of confidential information; company policies and procedures concerning safeguarding of confidential information; and the organization’s rules regarding business ethics and professional conduct.
Top 3 Responsibilities:
- Coordinates the development, modification, implementation and evaluation of organization-wide information privacy and security policies and procedures, as required by HIPAA, GDPR and other applicable federal, state and international laws, regulations and guidance;
- Maintains current knowledge of applicable privacy laws, and accreditation standards (as applicable) and develops and implements organizational information privacy and security training;
- Monitors advancement in information privacy technologies to ensure organizational adoption and compliance.
Primary Job Duties:
- Collaborates with the Privacy Officer, GRI team members, and other stakeholders (e.g., Legal, Human Resources, Accounting, Information Technology, Clinical Services and Sales) to further develop (and ensure compliance with) various aspects of the organization’s Global Privacy Program , including but not limited to the following:
- Facilitates the creation and implementation of the Company’s information privacy policies and procedures;
- Performs privacy gap analyses, security risk assessments, and ongoing compliance monitoring activities in coordination with the Company’s other compliance and operational assessment functions;
- Assesses effectiveness of the Company’s privacy, data security and corporate record programs while recommending improvement opportunities;
- Collaborates with internal and external legal counsel and appropriate department heads to ensure the Company has and maintains appropriate privacy and confidentiality agreements, information notices and materials reflecting current organization and legal practices and requirements.
- Establishes and maintains processes and procedures to track access, use and disclosure of data, including “protected health information” as defined by HIPAA, “personal data” as defined by GDPR, and other individually identifiable information.
- Identifies potential areas of compliance vulnerability and risk, develops and implements corrective action plans for resolution of issues and concerns.
- Reviews processes and procedures for compliance with regulatory and audit requirements;
- Performs periodic reviews of systems, applications and network configurations, access and activity to ensure compliance with data security policies, procedures, standards and legal and regulatory compliance. Documents the review results and maintains records for audit and reporting purposes.
- Responds to potential violations of rules, regulations, policy, procedures and standards of conduct by investigating and evaluating the situation and circumstances.
Other Duties and Responsibilities:
- Leads by example to implement effective policy and procedures;
- Demonstrates the ability to work under stress, interruptions and tight deadlines;
- Able to understand complex business strategy, interpret what will be needed to achieve objectives, and formulate a plan of action to close the gap;
- Highly motivated, self-starter who collaborates well with others;
- Performs other duties and provides support in varied areas, as assigned.
· Perform duties in compliance with applicable FDA and state regulations as well as standards including, but not limited to, ISO 13485.
Nature and Scope:
- Guided by GRI functional area strategy; implements policies and defines approach to privacy strategy achievement;
- Works on issues where analysis of situations or data requires an in-depth knowledge of organizational and business objectives;
- Establishes and assures adherence to budgets, schedules, work plans, and performance requirements;
- Regularly interacts with senior management on matters concerning the GRI functional areas.
- Requires the ability to change the thinking of, or gain acceptance from, others in sensitive situations, without damage to the relationship.