The Privacy Manager develops and monitors privacy policies, manages incidents, ensures compliance with privacy laws, and collaborates across teams to implement privacy-by-design principles.
Hi, we’re Gravie. Our mission is to improve the way people purchase and access healthcare through innovative, consumer-centric health benefit solutions that people can actually use. Our industry-changing products and services are developed and delivered by a diverse group of unique people. We encourage you to be your authentic self - we like you that way.
A Little More About The role:
We’re looking for a Privacy Manager to play a critical role in safeguarding sensitive information and ensuring Gravie’s compliance with a complex landscape of privacy laws and regulations. This individual will be responsible for developing, implementing, and monitoring privacy policies and procedures, managing privacy incidents, and collaborating cross-functionally to embed privacy-by-design principles across the organization. This role requires a strong understanding of the Health Insurance Portability and Accountability Act (HIPAA) and broader healthcare privacy practices, particularly within the payer/plan/carrier environment..
You will:
● Assist in the development, implementation, and maintenance of comprehensive privacy policies, procedures, and training programs in alignment with applicable laws and industry best practices.
● Conduct regular privacy risk assessments and impact analyses to identify and mitigate potential privacy vulnerabilities.
● Monitor changes in privacy laws and regulations, assessing their impact on company operations and recommending necessary adjustments to policies and practices.
● Lead or assist in the investigation and resolution of privacy incidents, including potential breaches of Protected Health Information (PHI) and other sensitive data.
● Manage the incident response lifecycle from detection and containment to eradication, recovery, and post-incident analysis.
● Maintain accurate records of all privacy incidents, investigations, and remediation efforts.
● Ensure timely and compliant breach notification processes as required by HIPAA and state laws.
● Collaborate closely with the Information Security team on data protection initiatives, ensuring privacy requirements are integrated into security controls and data governance frameworks.
● Advise on privacy-by-design principles for new products, systems, and processes.
● Participate in vendor due diligence processes, particularly regarding Business Associate Agreements (BAAs) and data handling practices.
● Prepare for and support internal and external privacy audits, including HIPAA compliance assessments.
● Assist in the preparation and maintenance of documentation for SOC 2 (Service Organization Control 2) audits related to privacy criteria.
● Contribute to regulatory reporting requirements related to privacy.
● Serve as a subject matter expert on privacy matters, providing guidance and support to internal departments (e.g., Legal, IT, HR, Product, Operations, Sales).
● Review and approve language related to privacy in member communications, contracts, and marketing materials.
● Manage privacy-related inquiries and requests from members, clients, and regulatory bodies.
You bring:
● Bachelor's degree in a relevant field (e.g., Healthcare Administration, Information Systems, Legal Studies, Business).
● 3-5 years of progressive experience in privacy compliance within the healthcare industry, with a strong preference for experience on the payer, health plan, or carrier side.
● Demonstrated in-depth knowledge of HIPAA (Privacy, Security, and Breach Notification Rules) is required.
● Understanding of other privacy frameworks and regulations strongly preferred, including:
o Gramm-Leach-Bliley Act (GLBA)
o General Data Protection Regulation (GDPR)
o Various state-specific privacy laws (e.g., CCPA, CPRA, VCDPA, CPA).
● Proven experience in privacy incident response and tracking.
● Familiarity with information security principles and practices, and experience collaborating with InfoSec teams.
● Experience with audit readiness and/or SOC 2 preparation is a plus.
● Strong analytical, problem-solving, and critical thinking skills.
● Excellent written and verbal communication skills, with the ability to translate complex legal and technical concepts into clear, actionable guidance.
● High level of integrity, discretion, and ethical conduct.
Extra credit:
● Certified Information Privacy Professional (CIPP/US, CIPP/E)
● Certified Information Privacy Manager (CIPM)
● Certified in Healthcare Privacy and Security (CHPS)
Gravie:
In order to transform health insurance and build a health plan everyone can love, we need talented people doing amazing work. In exchange, we offer a great overall employee experience with opportunities for career growth, meaningful mission-driven work, and an above average total rewards package.
The salary range for this position is $90,000 - $150,000 annually. Numerous factors including, but not limited to, educations, skills, work experience, certifications, etc. will be considered when determining compensation.
Our unique benefits program is the gravy, i.e., the special sauce that sets our compensation package apart. In addition to standard health and wellness benefits, Gravie’s package includes alternative medicine coverage, flexible PTO, up to 16 weeks paid parental leave, paid holidays, a 401k program, cell phone reimbursement, transportation perks, education reimbursement, and 1 week of paid paw-ternity leave.
A Little More About Us:
● We know healthcare. Our company was founded and is still led by industry veterans who have started and grown several market-leading companies in the space.
● We have raised money from top tier investors who share the same long-term vision as we do of building an industry defining company that will endure over the long run. We are well capitalized.
● Our customers like us. Our revenue churn is in the low single digits, in an industry where greater than 20% churn is common.
● Our culture is unique. We tend to be non-hierarchical, merit-driven, opinionated but kind people who thrive working in a high-performance, fast-paced environment. People at Gravie care deeply about making a positive impact in the lives of the people we serve. We may not be the right place for everybody, but if you get energized by doing work every day that focuses on putting consumers at the front of the line, we could be a great place for you. It takes unique people and diverse perspectives to deliver our results. We encourage you to be your authentic self – we like you that way.
Top Skills
Ccpa
Cpa
Cpra
Gdpr
Glba
Hipaa
Soc 2
Vcdpa
Similar Jobs
.png)
Healthtech • Pharmaceutical • Telehealth
Lead the roadmap for patient identity and privacy, ensuring secure data governance. Collaborate with teams to implement privacy frameworks and enhance user data protection while driving business growth.
Top Skills:
Authentication ProtocolsCcpaConsent FrameworksGdprPrivacy Governance
.png)
eCommerce • Information Technology • On-Demand • Professional Services • Software
Lead and manage the company's Data Privacy & Compliance program, collaborating with various teams to implement privacy strategies, compliance processes, and training initiatives.
Top Skills:
Agile Project ManagementCompliance ToolsData SystemsEmerging TechnologiesSoftware Development
Healthtech
The Privacy Program Manager will enhance Alma's Privacy Program, handling compliance audits, privacy risks, and ethical AI use across the organization.
Top Skills:
CipmCippCiptCissp
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
