Legal Compliance Privacy Director

We are seeking a strategic and experiencedDirector of Enterprise Incident Response.

This role will manage a team of privacy incident investigators and compliance professionals responsible for identifying, assessing, and managing privacy and security incidents.

This role requires seasoned judgment, diplomacy, exceptional communication skills, and a demonstrated ability to identify and resolve issues proactively.

This role will report to the Chief Privacy and Innovation Governance Officer.

Location:

Bloomfield, CT preferred.

Hybrid.

Open to alignment with one of Cigna's office locations.

Responsibilities


* Lead and manage the enterprise incident response team, ensuring timely and thorough investigation of privacy and cybersecurity incidents


* Develop and maintain incident response protocols, standards, and escalation procedures, in alignment with regulatory requirements, including HIPAA, state and federal privacy laws, data use regulations, and breach notification laws


* Collaborate with Privacy Legal and Compliance Operations, IT, Cigna Information Protection, and Enterprise Risk Management, and other stakeholders to ensure coordinated incident handling and timely resolution


* Oversee root cause analysis and corrective action planning to prevent recurrence of incidents


* Provide executive-level reporting and insights on incident trends, risks, and mitigation strategies


* Serve as a subject matter expert on privacy incident management


* Lead continuous improvement initiatives to enhance the effectiveness and efficiency of the Enterprise Incident Response program


* Collaborate with partners in lines of business, legal, risk management and compliance to drive improvements to the way the enterprise identifies, assesses, responds to, and remediates privacy incidents


* Ensure thorough investigation, careful documentation, and timely resolution of incidents in a high-volume, fast-paced environment


* Develop and deliver training and awareness programs to educate on privacy incident response procedures and best practices


* Drive initiatives to enhance enterprise reporting and metrics


* Monitor and analyze privacy incident metrics and trends to identify areas for improvement and implement proactive measures to enhance the enterprise's privacy posture


* Monitor industry trends, emerging threats, and best practices in privacy incident response and data protection and ensure the Enterprise Incident Response adopts best practices


* Support audits and assessments related to privacy incident response

Qualifications


* Bachelor's degree required


* 10+ years of experience managing complex privacy incidents, with at least 5 years in a management role is required


* Deep knowledge of healthcare privacy regulations, including HIPAA and state and federal privacy laws


* Experience developing controls, procedures, metrics, and reporting for managing an effective Enterprise Inci...