THIS IS A REMOTE POSITION

PURPOSE AND SCOPE:

The Manager, Global Privacy Operations provides input into the design, implementation, and oversight of the organization’s global privacy program. This role is accountable for managing privacy risk assessments, privacy impact assessments, and processing activity records across all regions, providing guidance to business owners to embed privacy‑by‑design principles, and enabling business operations. The Manager also assists with privacy investigations, delivers privacy training, supports the development and maintenance of privacy policies, and contributes to cross‑functional privacy projects to ensure consistent operational execution of privacy requirements worldwide.

PRINCIPAL DUTIES AND RESPONSIBILITIES:

• Program Leadership & Governance: Support the HIPAA and global privacy program strategy and roadmap. Draft, implement, and maintain privacy policies, standards, SOPs, and controls.
• HIPAA Compliance: Drive adherence to HIPAA Privacy, Security, and Breach Notification Rules, including safeguards and patient rights.
• Global Privacy Compliance: Operationalize and drive compliance with global privacy laws (i.e., GDPR, LGPD, PIPL) applicable to FME’s healthcare, business and corporate operations.
• A key responsibility is leading the coordination and completion of global privacy reviews with business owners and other stakeholders, identifying risks and providing guidance aligned with privacy by design principles. These include managing:
• Data Protection Impact Assessment. Coordinate with business owners and other stakeholders across functions to complete assessments, identify risks and consult with legal colleagues, HIPAA Privacy Officer, and EU Data Protection Officer (DPO) when necessary.
• Privacy Impact Assessments for other geographic regions (including US, Canada, LATAM, APAC, EMEA). Support local and regional appointed privacy contacts and business owners by managing global privacy assessments and documentation.
• Other privacy assessments: Support the creation, completion and periodic reviews of other privacy assessments including Transfer Impact Assessments, Legitimate interest Assessments, etc. when required.
• Privacy Risk Management: Manage the evaluation and treatment of privacy risks identified in privacy reviews with the risk owner.
• Incident Response: Support privacy incidents investigations, perform breach assessments, and coordinate notifications.
• Training & Awareness: Support the design, updating and delivery of HIPAA and global privacy training programs.
• Audit Readiness: Coordinate internal/external audits and maintain evidence repositories.
• Regulatory Intelligence: Track changes in U.S. and global privacy laws and recommend program enhancements.
• Normally receives little instruction on day-to-day work, general instructions on new assignments.
• Provides assistance to junior level staff with more complex tasks that require a higher level of understanding of functions.
• Mentors other staff as applicable.
• Performs other related duties as assigned.

PHYSICAL DEMANDS AND WORKING CONDITIONS:

• The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Little to no travel is expected for this position.

SUPERVISION:

• None

EDUCATION AND REQUIRED CREDENTIALS:

• Bachelor's Degree; Advanced Degree desirable or an equivalent combination of education and experience
• HCCA or IAPP certification preferable but not required.

EXPERIENCE AND SKILLS:

• 5-8 years' related experience or an equivalent combination of education and experience
• Strong organization, facilitation and presentation, problem solving and analytical skills
• Able to communicate clearly, make oral presentations and prepare concise reports.
• Self- motivated and initiative.
• Experience in using and preferably administration and configuration of privacy SaaS platforms (e.g. OneTrust) to manage records of Processing Activities, Privacy Assessments, Data Subject Rights requests and Privacy Notice templates.  (Experience using modules to manage privacy incidents, cookie consent management and AI governance are a plus)
• Established experience providing SME leadership in matrix organizations with cross-functional initiatives.
• Ability to interpret global regulatory requirements and translate them into actionable controls.
• Experience with assessing risk for AI/GenAI use cases
• Certifications such as CIPP/E, CIPP/US, CIPT, CIPM, CDPSE, CISSP, CDPO or equivalent are a plus. 

The rate of pay for this position will depend on the successful candidate’s work location and qualifications, including relevant education, work experience, skills, and competencies.

Annual Rate: $122,000.00 - $205,000.00

Bonus Eligible Positions – include language below.
Benefit Overview: This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave and potential for performance-based bonuses depending on company and individual performance.

Fresenius Medical Care maintains a drug-free workplace in accordance with

EO/AA Employer: Minorities/Females/Veterans/Disability/Sexual Orientation/Gender Identity