Director of HIPAA Privacy and Security Operations
Charlotte, NC
Full Time
Experienced
Director of HIPAA Privacy and Security Operations
Job Summary: The Director of HIPAA Privacy & Security Operations serves as the organization’s designated HIPAA Privacy and Security Officer. This role is responsible for the strategic leadership, development, and execution of an enterprise-wide privacy, security, and data protection program to ensure compliance with all federal and state regulations, including HIPAA.
Responsible for the foundational responsibilities of privacy compliance, incident investigation, and policy oversight, this position elevates accountability to the enterprise level—driving risk management, cybersecurity strategy, governance, and organizational resilience.
The Director partners across Compliance, Legal, IT, Clinical Operations, and Executive Leadership to protect patient information (PHI/ePHI), mitigate risk, and ensure the secure delivery of care.
Responsible for the foundational responsibilities of privacy compliance, incident investigation, and policy oversight, this position elevates accountability to the enterprise level—driving risk management, cybersecurity strategy, governance, and organizational resilience.
The Director partners across Compliance, Legal, IT, Clinical Operations, and Executive Leadership to protect patient information (PHI/ePHI), mitigate risk, and ensure the secure delivery of care.
Primary Job Responsibilities:
1. Enterprise Privacy & HIPAA Program Leadership - Serve as the organization’s designated HIPAA Privacy Officer and Security Officer. Establish and maintain comprehensive HIPAA privacy and security programs, policies, and procedures. Ensure organizational compliance with HIPAA, HITECH, and applicable state privacy laws. Oversee patient privacy rights processes, disclosures, and regulatory reporting
2. Information Security Strategy - Execute the enterprise information security strategy and roadmap aligned to organizational priorities. Provide compliance oversight of security architecture, identity/access management, encryption, and data protection standards. Integrate security into all technology, clinical, and operational initiatives
3. Risk Management & Regulatory Compliance – Lead enterprise-wide privacy and security risk assessments and gap analyses. Develop mitigation strategies and track remediation efforts. Maintain audit readiness for OCR, CMS, and other regulatory bodies. Oversee third-party/vendor risk management, including Business Associate Agreements
4. Incident Response & Breach Management - Direct investigation and response to privacy and security incidents and breaches. Ensure timely and compliant reporting to regulatory authorities. Lead root cause analysis, corrective action planning, and mitigation strategies. Oversee incident response, disaster recovery, and business continuity planning.
5. Security Operations & Cybersecurity Oversight – Oversee and support administrative, physical, and technical safeguards for ePHI, including vulnerability management, threat detection and response, security monitoring and audit logging, and system access reviews and controls. Ensure continuous monitoring of security posture and operational resilience
6. Organizational Education & Culture - Lead enterprise-wide HIPAA and cybersecurity training programs. Promote a culture of privacy, security, and accountability across all departments. Provide guidance to leadership, clinicians, and staff on privacy/security requirements
7. Governance, Reporting & Leadership Engagement – Serve as primary advisor to executive leadership on privacy and cybersecurity risks. Develop and report key performance indicators (KPIs) and risk metrics. Represent the organization in external audits and regulatory inquiries. Participate and lead cross-functional governance structures (Compliance Committee, Security Committee, etc.)
8. Legal & Cross-Functional Collaboration - Partner with Legal on privacy matters, investigations, and regulatory interpretation. Collaborate with IT to ensure secure management of ePHI. Work with HR on sanctions, training compliance, and workforce accountability
Cross-functional Leadership Responsibilities
Required
Preferred Certifications
Core Competencies
Physical Requirements
1. Enterprise Privacy & HIPAA Program Leadership - Serve as the organization’s designated HIPAA Privacy Officer and Security Officer. Establish and maintain comprehensive HIPAA privacy and security programs, policies, and procedures. Ensure organizational compliance with HIPAA, HITECH, and applicable state privacy laws. Oversee patient privacy rights processes, disclosures, and regulatory reporting
2. Information Security Strategy - Execute the enterprise information security strategy and roadmap aligned to organizational priorities. Provide compliance oversight of security architecture, identity/access management, encryption, and data protection standards. Integrate security into all technology, clinical, and operational initiatives
3. Risk Management & Regulatory Compliance – Lead enterprise-wide privacy and security risk assessments and gap analyses. Develop mitigation strategies and track remediation efforts. Maintain audit readiness for OCR, CMS, and other regulatory bodies. Oversee third-party/vendor risk management, including Business Associate Agreements
4. Incident Response & Breach Management - Direct investigation and response to privacy and security incidents and breaches. Ensure timely and compliant reporting to regulatory authorities. Lead root cause analysis, corrective action planning, and mitigation strategies. Oversee incident response, disaster recovery, and business continuity planning.
5. Security Operations & Cybersecurity Oversight – Oversee and support administrative, physical, and technical safeguards for ePHI, including vulnerability management, threat detection and response, security monitoring and audit logging, and system access reviews and controls. Ensure continuous monitoring of security posture and operational resilience
6. Organizational Education & Culture - Lead enterprise-wide HIPAA and cybersecurity training programs. Promote a culture of privacy, security, and accountability across all departments. Provide guidance to leadership, clinicians, and staff on privacy/security requirements
7. Governance, Reporting & Leadership Engagement – Serve as primary advisor to executive leadership on privacy and cybersecurity risks. Develop and report key performance indicators (KPIs) and risk metrics. Represent the organization in external audits and regulatory inquiries. Participate and lead cross-functional governance structures (Compliance Committee, Security Committee, etc.)
8. Legal & Cross-Functional Collaboration - Partner with Legal on privacy matters, investigations, and regulatory interpretation. Collaborate with IT to ensure secure management of ePHI. Work with HR on sanctions, training compliance, and workforce accountability
Cross-functional Leadership Responsibilities
- Provide direction to cross-functional stakeholders involved in compliance, IT security, and operations.
- Establish clear ownership of controls, processes, and reporting structures across the organization.
Required
- Bachelor’s degree required; Master’s or JD strongly preferred
- 7–10+ years of experience in healthcare privacy, compliance, or information security
- Progressive leadership experience with enterprise-level responsibility
- Deep knowledge of:
- HIPAA Privacy & Security Rules
- Healthcare regulatory environment
- Risk management and audit frameworks
Preferred Certifications
- CHPC, CHPS, CISSP, CISM, or equivalent
Core Competencies
- Strategic leadership and executive presence
- Risk-based decision-making
- Cross-functional collaboration (clinical + IT + legal)
- Crisis and incident management
- Strong communication and change management
Physical Requirements
- Work consistently requires walking, standing, sitting, lifting, reaching, stooping, bending, pushing, and pulling.
- Must be able to lift and support weight of 35 pounds.
- Ability to concentrate on details.
- Use of computers for long periods of time.
Apply for this position
Required*