PRINCIPAL DUTIES AND RESPONSIBILITIES:

• Monitor and assess alerts, cases, and reports for potential privacy incidents (e.g., unauthorized access, data exfiltration, misdirected communications). Perform initial triage to classify incidents involving Personal Data (PII/PHI).
• Lead or support end-to-end investigation of privacy incidents. Analyze impacted data elements, systems, and individuals; determine root cause and scope of exposure. Document incident findings in accordance with legal and compliance requirements.
• Evaluate breach thresholds under regulations (HIPAA, GDPR, state breach laws). Coordinate with Legal on breach notification obligations. Support preparation of regulatory filings and communications to affected individuals.
• Participate in incident response war rooms and crisis management efforts. Ensure alignment between technical containment and privacy obligations.
• Maintain detailed incident records and case documentation. Track incident metrics (e.g., time to detect/respond, incident trends). Provide reporting to leadership, regulators, and audit teams.
• Enhance privacy incident response playbooks and workflows. Conduct tabletop exercises and training sessions. Contribute to privacy program maturity and continuous improvement initiatives.
• Participate in projects collaborating with stakeholders as needed
• Monitor the Privacy Office inbox and provide timely guidance and responses to inquiries.
• Develop and deliver privacy training and awareness initiatives to promote a culture of data protection and compliance.
• Draft and review privacy policies and procedures to ensure alignment with applicable regulations and organizational standards

PHYSICAL DEMANDS AND WORKING CONDITIONS:

• The physical demands and work environmental characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

SUPERVISION:

• Will not be responsible for direct supervision.

EDUCATION:

Minimum

• Bachelor’s degree in Cybersecurity, Information Security, Law, Privacy, Healthcare or related field (or equivalent experience).

EXPERIENCE AND REQUIRED SKILLS:

• 5+ years of experience in Privacy Operations. Experience building or leading a Privacy Incident Response function preferred.
• Direct interaction with regulators or auditors, Knowledge of data mapping, data governance, and privacy engineering.
• Handling data breach or privacy incidents
• Strong understanding of: Data protection regulations (HIPAA, GDPR, CCPA, etc.), Privacy principles and data classification, Incident response lifecycle (NIST/SANS framework familiarity)

Certifications such as:

• CIPP (US/E, or equivalent)
• CIPM / CIPT
• CISSP, CISM, or GIAC (GCIA, GCIH)
• Certified Healthcare Compliance Professional (CHC) or Certified Healthcare Privacy Compliance (CHPC)
• Experience in healthcare or other regulated industries.
  

The rate of pay for this position will depend on the successful candidate’s work location and qualifications, including relevant education, work experience, skills, and competencies.

Annual Rate: $88,000.00 - $147,000.00

Benefit Overview: This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave.

Fresenius Medical Care is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sexual orientation, gender identity, parental status, national origin, age, disability, military service, or other non-merit-based factors