Skip to content

Director – Privacy Officer

Posted: 03/31/2022

Position Title: Director – Privacy Officer
Open Positions: 1
Posted Date: March 31, 2022
Location: Lee’s Summit, MO (310 Building)
Department: Compliance and Risk
Supervisor: Brian Schatz
Apply online at:
Summary GEHA is a leader in health services for federal employees and related customers, serving our chosen markets with low-cost offerings and best-in-class customer care, sustained by a nimble and efficient organization.
As a condition of employment, all GEHA employees must be fully vaccinated against COVID-19 unless a medical or religious exemption is approved.
The Privacy Officer is responsible for GEHA’s Privacy Program including: development and oversight of GEHA’s data privacy strategy; daily operations of the program; monitoring program effectiveness; investigation and tracking of incidents and breaches; and ensuring compliance with the Office of Personnel Management (OPM), federal, and state privacy obligations. GEHA’s privacy team, under this position’s leadership, will be responsible for partnering with a wide range of business stakeholders and governance/risk teams (e.g., Data Governance, and Cybersecurity and Information Protection, Information Governance and Risk Management, Compliance) to guide GEHA in understanding its data privacy risks and advise on how to effectively manage those risks in service to our members.
Key Duties
• Oversee the Privacy Program for GEHA and its subsidiaries.
• Serve as a subject matter expert in relevant global, federal, and state data privacy and information security statutes, regulations, and sub-regulatory guidance relating to GEHA’s business, including but not limited to HIPAA.
• Counsel and support GEHA on privacy and data protection issues in connection with the development and implementation of technology, processes, products, and services.
• Evaluate data uses for compliance with agreements including BAAs and other contractual requirements, applicable laws, regulations, and policies.
• Partner with the business to implement and embed privacy-by-design and appropriate risk management principles.
• Partner with the business, IT, Analytic, and governance/risk teams to embed privacy requirements and controls into projects, products, and healthcare services.
• Oversight of third-party privacy risk management processes, in collaboration with the Vendor Management Office and other governance/risk teams.
• Act as the liaison with regulatory bodies, including the US Department of Health and Human Services’ Office of Civil Rights (HHS OCR) and the Office of Personnel Management (OPM), in any compliance reviews or investigations.
• Lead and support the professional development of members of the Privacy team.
Government Employees Health Association, Inc.
• Subject matter expert in major privacy laws applicable to health plans (e.g., HIPAA, CPRA/CCPA, GDPR).
• Requires a Bachelor’s degree (120 credit hours) from an accredited college/university in discipline to be managed, or equivalent work experience.
• Requires a minimum 8 (8) years experience leading substantive aspects of a privacy program at a health plan or equivalent (e.g., Privacy Officer, Director, Manager, Team Lead).
• Five (5) years of people leadership
• Strong analytic and problem-solving capabilities and the ability to identify solutions and recommendations that effectively address business and control needs along with how to train and guide others in this area.
• The ability to build and maintain collaborative relationships with a variety of people and teams, from technical subject matter experts to senior executives.
• Requires a proven record of achieving objectives through collaborative leadership
• Experience interacting with regulators regarding statutory/regulatory requirements, compliance issues/risks, and regulatory audits.
• Strong communication skills and the ability to communicate appropriately at all levels of the organization.
• Juris Doctor from an accredited law school.
• Nationally recognized privacy certification, such as those offered by the Health Care Compliance Association and the International Association of Privacy Professionals.
GEHA is an Equal Opportunity Employer, which means we will not discriminate against any individual based on sex, race, color, national origin, disability, religion, age, military status, genetic information, veteran status, pregnancy, marital status, gender identity, and sexual orientation, as well as all other characteristics and qualities protected by federal, state, or local law. We celebrate diversity and are committed to creating an inclusive environment for all employees.
As a condition of employment, all GEHA employees must be fully vaccinated against COVID-19 unless a medical or religious exemption is approved.

Scroll To Top