Privacy Design & Governance Director, Privacy-by-Design (Remote)
Inspira Financial, Oak Brook, IL, United States
About Inspira Financial
Take the next step in your journey at Inspira Financial. You will help businesses and individuals thrive today, tomorrow, and into retirement. Become part of a people‑centric and client‑obsessed community that drives results and delivers our mission with unwavering integrity.
Location and Remote Eligibility While some roles are based at one of our office locations, remote roles can sit in any of the following states: AL, AZ, FL, GA, IA, IL, IN, MI, MN, MO, NC, NE, PA, SC, TN, TX, UT, VA, and WV. Remote status and role locations are subject to change. Relocation is not provided.
Employees within a 90‑minute radius of our Oak Brook, IL headquarters are required to adhere to the company in‑office guidelines of a minimum of four days per month from 10 am to 2 pm (one of the four days must be a Monday or Friday). This requirement does not apply to support specialist positions.
Job Summary & Responsibilities Reporting to the Chief Privacy Officer (CPO), the Director of Privacy Design and Governance serves as the privacy lead for product development, ensuring that privacy is embedded into products and data initiatives from concept and design through development, deployment, and decommissioning. In this role, the Director advances a comprehensive privacy program aligned with HIPAA, GLBA, applicable state privacy laws, and emerging federal and industry standards—including privacy frameworks, control mapping, and privacy standards for AI/ML and vendor data handling.
Acting as a strategic partner to Product, Data Science, Legal, Security, Marketing, and Operations, the Director conducts privacy impact assessments and risk assessments, defines data‑minimization and retention strategies, identifies safeguards and controls, and provides clear guidance on compliant data use and disclosures and individual privacy rights. Through strong cross‑functional leadership and measurable governance, the Director enables business innovation while ensuring regulatory compliance and fostering trust, transparency, and accountability across all product and data practices.
Duties & Responsibilities
Build and maintain a privacy control framework that maps requirements across HIPAA, GLBA, state privacy laws, FTC expectations, and other applicable federal regulations.
Manage comprehensive standards addressing data sharing, de‑identification, artificial intelligence and machine learning, and vendor data handling.
Manage the organization’s privacy‑by‑design framework, ensuring privacy considerations are embedded early in new product development, marketing initiatives, and business processes.
Lead a privacy advisory program that provides timely, practical, and risk‑based guidance to business units on compliant data use and sharing.
Assist the CPO with stakeholder engagement and change management efforts, ensuring privacy requirements are clearly communicated, understood, and adopted across all departments.
Develop and manage the Privacy Impact Assessment (PIA) process to evaluate risks associated with new systems, projects, and technologies involving PHI, PII and NPPI.
Partner with Product, Engineering, and Security teams to define privacy control requirements and technical guardrails within design and deployment lifecycles.
Support Marketing, IT, Security, Legal and Data Sciences teams in ensuring compliant practices related to data profiling and tracking technologies.
Advise business units on individual rights processing (access, correction, deletion, opt‑out) and ensure operational readiness for consumer privacy requests.
Assist CPO in the maintenance of privacy policies and procedures, workforce training, and deliver targeted privacy training for business units.
Monitor evolving HIPAA, GLBA, state, and federal privacy regulations, assessing their impact on organizational operations and policies.
Provide guidance and thought leadership on emerging privacy trends, regulatory expectations, and enforcement priorities.
Provide guidance and monitor compliance with the records retention policy to ensure proper administration in accordance with applicable laws and best practices.
Supervisory Responsibilities
Recruit, interview, hire, and train new staff.
Oversee the daily workflow of the department.
Provide constructive and timely performance evaluations.
Preferred Qualifications Education & Experience
Bachelor’s degree in Healthcare Administration, Risk Management, Information Systems, Legal Studies, Public Policy, or a related field (JD or MBA/MHA preferred).
Relevant privacy certifications (CIPP/US, CIPM, CHPC, CHPS, or equivalent) preferred.
5–8 years of privacy, compliance, or data governance experience within a HIPAA‑regulated organization.
Skills & Abilities
In‑depth knowledge of the HIPAA Privacy, Security, and Breach Notification Rules, GLBA Safeguards and Privacy Rules, and major U.S. state privacy laws.
Expertise in privacy‑by‑design, PIAs, and risk analysis.
Demonstrated experience in privacy program development, policy design, risk management, and cross‑functional advisory work.
Exceptional communication, leadership, and stakeholder management skills, with the ability to influence at all levels.
Strong analytical and problem‑solving skills; ability to translate regulatory requirements into actionable guidance.
Excellent writing and communication skills for policies, training, and executive reporting.
Cross‑functional collaboration and leadership experience across Legal, Security, IT, and Product.
Vendor risk and contract review advisory experience.
Ability to foster a culture of privacy accountability and continuous improvement.
Other Requirements
Infrequent travel.
Occasionally lift up to 25 pounds.
Prolonged periods of sitting at a desk and working on a computer.
Pay Range $120,000 – $145,000 per year (varying by location, skills, and experience).
Compensation & Benefits The compensation package may include incentive and bonus opportunities. Inspira provides industry‑leading benefits such as healthcare, 401(k) savings plan, company holidays, paid time off, parental leave, and an employee assistance program.
EEO Statement I’m sorry, no EEO statement was included in the original description; however, please ensure compliance with applicable equal‑employment‑opportunity regulations.
#J-18808-Ljbffr
Location and Remote Eligibility While some roles are based at one of our office locations, remote roles can sit in any of the following states: AL, AZ, FL, GA, IA, IL, IN, MI, MN, MO, NC, NE, PA, SC, TN, TX, UT, VA, and WV. Remote status and role locations are subject to change. Relocation is not provided.
Employees within a 90‑minute radius of our Oak Brook, IL headquarters are required to adhere to the company in‑office guidelines of a minimum of four days per month from 10 am to 2 pm (one of the four days must be a Monday or Friday). This requirement does not apply to support specialist positions.
Job Summary & Responsibilities Reporting to the Chief Privacy Officer (CPO), the Director of Privacy Design and Governance serves as the privacy lead for product development, ensuring that privacy is embedded into products and data initiatives from concept and design through development, deployment, and decommissioning. In this role, the Director advances a comprehensive privacy program aligned with HIPAA, GLBA, applicable state privacy laws, and emerging federal and industry standards—including privacy frameworks, control mapping, and privacy standards for AI/ML and vendor data handling.
Acting as a strategic partner to Product, Data Science, Legal, Security, Marketing, and Operations, the Director conducts privacy impact assessments and risk assessments, defines data‑minimization and retention strategies, identifies safeguards and controls, and provides clear guidance on compliant data use and disclosures and individual privacy rights. Through strong cross‑functional leadership and measurable governance, the Director enables business innovation while ensuring regulatory compliance and fostering trust, transparency, and accountability across all product and data practices.
Duties & Responsibilities
Build and maintain a privacy control framework that maps requirements across HIPAA, GLBA, state privacy laws, FTC expectations, and other applicable federal regulations.
Manage comprehensive standards addressing data sharing, de‑identification, artificial intelligence and machine learning, and vendor data handling.
Manage the organization’s privacy‑by‑design framework, ensuring privacy considerations are embedded early in new product development, marketing initiatives, and business processes.
Lead a privacy advisory program that provides timely, practical, and risk‑based guidance to business units on compliant data use and sharing.
Assist the CPO with stakeholder engagement and change management efforts, ensuring privacy requirements are clearly communicated, understood, and adopted across all departments.
Develop and manage the Privacy Impact Assessment (PIA) process to evaluate risks associated with new systems, projects, and technologies involving PHI, PII and NPPI.
Partner with Product, Engineering, and Security teams to define privacy control requirements and technical guardrails within design and deployment lifecycles.
Support Marketing, IT, Security, Legal and Data Sciences teams in ensuring compliant practices related to data profiling and tracking technologies.
Advise business units on individual rights processing (access, correction, deletion, opt‑out) and ensure operational readiness for consumer privacy requests.
Assist CPO in the maintenance of privacy policies and procedures, workforce training, and deliver targeted privacy training for business units.
Monitor evolving HIPAA, GLBA, state, and federal privacy regulations, assessing their impact on organizational operations and policies.
Provide guidance and thought leadership on emerging privacy trends, regulatory expectations, and enforcement priorities.
Provide guidance and monitor compliance with the records retention policy to ensure proper administration in accordance with applicable laws and best practices.
Supervisory Responsibilities
Recruit, interview, hire, and train new staff.
Oversee the daily workflow of the department.
Provide constructive and timely performance evaluations.
Preferred Qualifications Education & Experience
Bachelor’s degree in Healthcare Administration, Risk Management, Information Systems, Legal Studies, Public Policy, or a related field (JD or MBA/MHA preferred).
Relevant privacy certifications (CIPP/US, CIPM, CHPC, CHPS, or equivalent) preferred.
5–8 years of privacy, compliance, or data governance experience within a HIPAA‑regulated organization.
Skills & Abilities
In‑depth knowledge of the HIPAA Privacy, Security, and Breach Notification Rules, GLBA Safeguards and Privacy Rules, and major U.S. state privacy laws.
Expertise in privacy‑by‑design, PIAs, and risk analysis.
Demonstrated experience in privacy program development, policy design, risk management, and cross‑functional advisory work.
Exceptional communication, leadership, and stakeholder management skills, with the ability to influence at all levels.
Strong analytical and problem‑solving skills; ability to translate regulatory requirements into actionable guidance.
Excellent writing and communication skills for policies, training, and executive reporting.
Cross‑functional collaboration and leadership experience across Legal, Security, IT, and Product.
Vendor risk and contract review advisory experience.
Ability to foster a culture of privacy accountability and continuous improvement.
Other Requirements
Infrequent travel.
Occasionally lift up to 25 pounds.
Prolonged periods of sitting at a desk and working on a computer.
Pay Range $120,000 – $145,000 per year (varying by location, skills, and experience).
Compensation & Benefits The compensation package may include incentive and bonus opportunities. Inspira provides industry‑leading benefits such as healthcare, 401(k) savings plan, company holidays, paid time off, parental leave, and an employee assistance program.
EEO Statement I’m sorry, no EEO statement was included in the original description; however, please ensure compliance with applicable equal‑employment‑opportunity regulations.
#J-18808-Ljbffr