Talent.com
Privacy Officer & Director IT Security Compliance
Privacy Officer & Director IT Security ComplianceTufts University • Medford, MA, United States
No longer accepting applications
Privacy Officer & Director IT Security Compliance

Privacy Officer & Director IT Security Compliance

Tufts University • Medford, MA, United States
17 days ago
Job type
  • Full-time
Job description

Overview

Tufts Technology Services (TTS) is a university-wide service organization committed to delivering adaptable, results driven technology solutions in support of Tufts' mission of teaching, learning, research, innovation, and sustainability. With staff working remotely, hybrid and on campus across Tufts University, as well as a 24x7 IT Service Desk, we collaborate with schools and divisions to meet the demands of a global, mobile, and diverse community. We promote a collaborative, forward-thinking, flexible work environment, embrace diversity and inclusion, and encourage personal and professional development.

Fostering a culture of organizational citizenship and making others successful, demonstrating integrity, ethical conduct and optimism, active contribution and continuous learning enables staff to serve the goals and values of the University and creates a fulfilling and positive work experience for all.

What You'll Do

This position is 100% remote.

The Privacy Officer and Director IT Security Compliance is a strategic leader within the Office of Information Security (OIS) and the Office of the CIO. This position plays a critical part in shaping university wide initiatives to understand, assess, and enhance data compliance, governance, and privacy practices, enabling researchers, faculty, staff, students, and clinicians to advance Tufts University's diverse mission. This role is responsible for defining the strategic direction, scope, and depth of the privacy and IT security compliance program, optimizing the approach of current activities, proposing new approaches, and establishing a scalable operating model that leverages the current staffing structures (matrixed and / or direct reports). In the capacity of the Privacy Officer, this position maintains a dotted line reporting relationship to the CIO and serves as the designated privacy official responsible and accountable for the Tufts privacy program and strategy. This includes oversite of policies and procedures that safeguard the privacy interests of students, patients, employees, and the broader community. This position leads the development, implementation, operations, and continuous improvement of the Tufts privacy and IT security compliance program in alignment with applicable international, federal, and state regulations, as well as institutional policies and procedures.

Additionally, the position directs and is responsible for the university-wide IT security compliance efforts, monitoring the evolving US and Global regulatory landscapes and collaborating with OIS to ensure that Tufts' IT systems and data management practices remain compliant, resilient, and appropriate for the financial model and risk tolerance of the university. This role also sets the vision for security and privacy awareness initiatives and provides strategic guidance and operational support on research projects, technology solutions, and incident response to ensure alignment on privacy and security standards.

The Privacy Officer is a member of the CIO Council, and as such participates in TTS leadership, strategy and planning activities.

University Privacy Officer :

  • Serves as the university's official Privacy Officer and official HIPAA Privacy Officer.
  • Responsible for building and leading a privacy program that defines, develops, maintains, and implements policies and advises on processes throughout the university that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of personally identifiable information (PII), protected health information (PHI), and other personal data based on local, regional, national, and global laws and based on Tufts risk tolerance.
  • Partners with the CIO, Office of University Counsel, University Compliance Officer, Office of Information Security, and HIPAA Security Officer to make decisions based on the interpretation of laws, contractual obligations, and evaluation of risk to the university for new projects, routine operations and for incident response and reporting.
  • Is responsible for researching the business context and relevant factors to make, enable, and advise on appropriate risk-based decisions for privacy matters impacting contracts, projects, and operational processes including the clinical operations for covered-entities or HIPAA-related entities at the university.

IT Security Compliance Program Leadership :

  • Responsible for defining, developing, monitoring, and reporting on the Tufts IT Security Compliance program. This includes monitoring local, federal, and international legislative and regulatory changes that affect Tufts information security and privacy practices as well as continuous development of business and technical acumen of Tufts programs and processes.
  • Serve as the subject matter expert on data privacy, HIPAA privacy, and on IT security compliance requirements involving university programs, activities, and technical infrastructure.
  • Advises and is involved as needed in programs throughout the university that involve IT processes and access to data with privacy and information security compliance requirements, especially those in the research community, clinical operations, student educational programs, international programs, and developing areas such as student success modeling and enhanced university planning based on human data factors.
  • Stay current by leveraging higher education and industry professional organizations, social forums, classes, conferences, certifications, and public materials, and by building relationships and sharing knowledge with other universities and industry professionals.
  • Privacy and IT Security Compliance operational duties :

  • Track, promote, and communicate to appropriate stakeholders at least annually the strategic posture and overall compliance stance for in-scope privacy and IT security components of regulations such as US state privacy laws, GDPR, PIPL, HIPAA, GLBA, FERPA, PCI, etc.
  • Develop materials and training programs to enable researchers and others to self-assess and self-design research projects and methods to address needed security and privacy practices. Review research proposals and contracts as needed for security and privacy concerns. Oversee vendor security reviews and currency of list of privacy and security approved IT tools for use by researchers.
  • Oversee IT security and privacy support to the Tufts Institutional Research Boards (IRBs) to monitor and advise on privacy and security in research studies, especially concerning the privacy and confidentiality requirements of the research Common Rule.
  • Partners with Office of the CIO, procurement, Office of University Counsel, and Tech Transfer to develop and maintain appropriate processes for contracts, click through agreements, vendor privacy statements, and vendor terms and conditions for IT security, compliance, and privacy concerns.
  • Promote and partner with TTS directorates as needed for development of materials, services, and programs to include privacy and security best practices in request and project reviews, and in the design, implementation, and entire lifecycle of handling in-scope data.
  • Promote and partner in projects to implement compliance with new rules and regulations such as GLBA Safeguards Rule and proposed new areas such as NSPM-33.
  • Partner with Office of Information Security to conduct required formal and informal risk assessments and ensure results and follow-up actions are tracked and managed.
  • Participate in incident response and coordination with OIS, CIO, Risk Management Office, and Office of University Counsel. Do analysis if breach notifications are likely. In partnership with Office of University Counsel, ensure incidents are tracked and incident and routine reports are sent to appropriate agencies such as HHS.
  • Oversee development, delivery, and tracking of security and privacy awareness and training programs.
  • What We're Looking For

    Basic Requirements :

  • The knowledge and skills that are typically acquired through a bachelor's degree and 10+ years of experience in roles that involve IT Security compliance, privacy, and IT technology
  • Familiarity of typical expectations of data privacy and IT security components of common laws and regulations
  • Experience reading laws and regulations and interpreting applicability
  • Reasonable knowledge of technology aspects of regulatory requirements and experience working with IT subject matter experts to create program requirements, documents, and success criteria
  • The contextual awareness and cultural skills sufficient to lead privacy strategy in the higher education research institution context, across educational, research, administrative, and clinical domains
  • Comfortable balancing risk, protection, and business needs with the ability to remain calm and effective under stress
  • Experience maintaining a high level of integrity and demonstrating trust and sound business judgement on handling sensitive and confidential information
  • Ability to work independently, prioritize workflows, meet demanding deadlines, and manage multi-faceted projects and community needs
  • Ability to analyze, explain, and present complex information and recommendations clearly
  • Excellent analytical, verbal, and written communication skills including active listening and emotional intelligence
  • Demonstrated solution-oriented skills in collaboration, teamwork, and problem-solving to achieve goals
  • Demonstrated skills in providing excellent service to customers and ability to establish and maintain open and trusting work relationships
  • Strong attention to detail
  • Demonstrated leadership and management skills including the ability to understand when and how to escalate concerns through appropriate chains of command
  • Perpetually curious and driven to learn new skills especially involving privacy and cybersecurity
  • Enjoy working with and being an integral member of a tight-knit team
  • Preferred Qualifications :

  • Juris Doctor (JD) degree or Master's degree or similar advanced, graduate degree
  • Experience in research compliance, practices, and procedures
  • Detailed knowledge and understanding of the importance of global privacy laws and US regulations, including but not limited to HIPAA, GDPR, PIPL, PCI, FERPA, GLBA
  • Experience working with NIST 800-171 and CMMC
  • Experience working in privacy program at a HIPAA Covered Entity
  • Experience working in a privacy program which complied with GDPR
  • Experience successfully building and leading a privacy function that embeds data privacy and security as a competitive advantage and strategic business enabler
  • Ability to apply a risk-based analysis to privacy issues and demonstrate creativity and flexibility in developing solutions that satisfy both business needs and legal obligations
  • Passionate about privacy and Information Security, is a continuous learner, and understands how data, technology, and people are likely to interact
  • Privacy certifications, such as CIPP, CIPM, and / or CIPT offered by IAPP
  • Healthcare privacy and information certifications, such as CHPS offered by AHIMA, or CHPC offered by HCCA
  • Information Security certifications such as CISSP, CAP, and / or HCISSP offered by ISC2
  • Familiarity with non-profit or academic environments
  • Pay Range

    Minimum $141,000.00, Midpoint $176,300.00, Maximum $211,500.00

    Salary is based on related experience, expertise, and internal equity; generally, new hires can expect pay between the minimum and midpoint of the range.

    Create a job alert for this search

    Director It Security • Medford, MA, United States

    Related jobs
    Sr. Director - IT Risk & Governance

    Sr. Director - IT Risk & Governance

    MFS Investment Management • Boston, MA, US
    Full-time
    Director, Governance and IT Risk.At MFS, you will find a culture that supports you in doing what you do best.Our employees work together to reach better outcomes, favoring the strongest idea over t...Show more
    Last updated: 1 day ago • Promoted
    Head of Privacy, SpeCare and North America

    Head of Privacy, SpeCare and North America

    Sanofi • Cambridge, MA, US
    Full-time
    Head Of Privacy, SpeCare And North America.Ready to push the limits of what's possible? Join Sanofi in one of our corporate functions and you can play a vital part in the performance of our entire ...Show more
    Last updated: 30+ days ago • Promoted
    Director, Compliance

    Director, Compliance

    Soteria Reinsurance Ltd. • Boston, MA, United States
    Full-time
    Job Description : ## • •The Role • •As a Director within the Fidelity Enterprise Services Compliance team, you will serve as a trusted business partner promoting a culture of commitment to compliance, r...Show more
    Last updated: 14 days ago • Promoted
    Director, Commercial IT

    Director, Commercial IT

    Entegris • North Billerica, MA, US
    Full-time
    In this role, you will play a crucial role in understanding and optimizing the application of technology to business processes related to Sales, Marketing, Service, and Customer Support.You will co...Show more
    Last updated: 30+ days ago • Promoted
    Director of Compliance

    Director of Compliance

    Kelly • Braintree, MA, United States
    Permanent
    Ability to work remotely 1 day a week.Position qualifies for comprehensive benefits and a performance-based bonus.Kelly is seeking a Director of Compliance to work for our client, a multifaceted re...Show more
    Last updated: 12 days ago • Promoted
    Senior Privacy Officer, BioLife

    Senior Privacy Officer, BioLife

    Takeda Pharmaceuticals • Cambridge, MA, US
    Full-time
    Join Takeda as the Senior Privacy Officer within the Plasma Derived Therapies (PDT) Ethics & Compliance (E&C) team, where you will provide strategic privacy support to the Global BioLife Plasma Ser...Show more
    Last updated: 22 days ago • Promoted
    Director, Global Compliance Testing

    Director, Global Compliance Testing

    Manulife Financial • Boston, MA, United States
    Full-time
    We are looking for an experienced and proactive Director to join the Global Compliance Testing team.The successful candidate will lead our regulatory control testing and assurance function for part...Show more
    Last updated: 2 days ago • Promoted
    Compliance Director

    Compliance Director

    Codman Square Health Center • Boston, MA, US
    Full-time
    Reporting to the Chief Operating Officer this position is responsible for developing and coordinating compliance programs that monitor operational and programmatic compliance.This position for the ...Show more
    Last updated: 30+ days ago • Promoted
    Director of Compliance (Braintree)

    Director of Compliance (Braintree)

    Kelly • Braintree, MA, US
    Part-time +1
    Ability to work remotely 1 day a week.Position qualifies for comprehensive benefits and a performance-based bonus.Kelly is seeking a Director of Compliance to work for our client, a multifaceted re...Show more
    Last updated: 10 days ago • Promoted
    Director, Compliance (Investment Services)

    Director, Compliance (Investment Services)

    Jobot • Boston, MA, United States
    Full-time
    Oversight and compliance in alternative assets - Top Benefits and Bonus Structure!.This Jobot Job is hosted by : Amanda Cohen. Are you a fit? Easy Apply now by clicking the "Apply" button and sen...Show more
    Last updated: 2 days ago • Promoted
    Privacy Manager

    Privacy Manager

    Roku • Boston, MA, US
    Full-time
    Teamwork makes the stream work.Roku is changing how the world watches TV.Roku is the #1 TV streaming platform in the U.Canada, and Mexico, and we've set our sights on powering every television in t...Show more
    Last updated: 29 days ago • Promoted
    Director, Compliance Technology & Operations

    Director, Compliance Technology & Operations

    Manulife Insurance Malaysia • Boston, MA, United States
    Full-time
    Nous utilisons des • •pour fournir des statistiques qui nous aident à vous offrir la meilleure expérience sur note site.Vous y trouverez des renseignements sur les témoins, ou vous pouvez les désac...Show more
    Last updated: 13 days ago • Promoted
    Director, Compliance Governance and Oversight - Fidelity Digital Assets

    Director, Compliance Governance and Oversight - Fidelity Digital Assets

    Fidelity Investments Inc. • Boston, MA, United States
    Full-time
    As a member of the Fidelity Digital Assets, LLC ("FDA") Compliance team, this role will serve as an informed and trusted business partner, who promotes an environment of ethical conduct and dedicat...Show more
    Last updated: 30+ days ago • Promoted
    Risk Consulting Cyber Compliance Data Protection / Privacy - Managing Director (Location Flexible)

    Risk Consulting Cyber Compliance Data Protection / Privacy - Managing Director (Location Flexible)

    RSM US LLP • Boston, MA, United States
    Full-time
    We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their ful...Show more
    Last updated: 30+ days ago • Promoted
    Director, Privacy

    Director, Privacy

    Zelis Healthcare Inc. • Boston, MA, United States
    Full-time
    Zelis is modernizing the healthcare financial experience across payers, providers, and healthcare consumers.We serve more than 750 payers, including the top five national health plans, regional hea...Show more
    Last updated: 30+ days ago • Promoted
    Director, Global Compliance Testing

    Director, Global Compliance Testing

    Manulife Insurance Malaysia • Boston, MA, United States
    Full-time
    Nous utilisons des • •pour fournir des statistiques qui nous aident à vous offrir la meilleure expérience sur note site.Vous y trouverez des renseignements sur les témoins, ou vous pouvez les désac...Show more
    Last updated: 6 days ago • Promoted
    Global Platform Team Lead and Senior Director - IT Security

    Global Platform Team Lead and Senior Director - IT Security

    Boston Consulting Group (BCG) • Boston, MA, United States
    Full-time
    Global Platform Team Lead and Senior Director - IT Security.Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greates...Show more
    Last updated: 30+ days ago • Promoted
    Director, Compliance Governance and Oversight - Fidelity Digital Assets

    Director, Compliance Governance and Oversight - Fidelity Digital Assets

    Fidelity Investments • Boston, MA, United States
    Full-time
    As a member of the Fidelity Digital Assets, LLC (“FDA”) Compliance team, this role will serve as an informed and trusted business partner, who promotes an environment of ethical conduct and dedicat...Show more
    Last updated: 30+ days ago • Promoted
    Sr. Director - IT Risk & Governance

    Sr. Director - IT Risk & Governance

    MFS International Australia Pty Ltd • Boston, MA, United States
    Full-time
    Director - IT Risk & Governance page is loaded## Sr.Director - IT Risk & Governancelocations : Bostontime type : Full timeposted on : Posted Yesterdayjob requisition id : MFS-231434At MFS, you ...Show more
    Last updated: 8 hours ago • Promoted • New!
    Director, Global Compliance Testing

    Director, Global Compliance Testing

    Manulife • Boston, MA, US
    Full-time
    Global Compliance Testing Director.We are looking for an experienced and proactive Director to join the Global Compliance Testing team. The successful candidate will lead our regulatory control test...Show more
    Last updated: 9 days ago • Promoted