The University of North Carolina at Chapel Hill seeks a dynamic privacy expert to join the Institutional Privacy Office. The Associate Privacy Officer works with the Chief Privacy Officer throughout the University community to develop, operate and monitor effective compliance that supports the activities of a Tier 1 research higher education institution. This position reports directly to the Chief Privacy Officer.
The mission of the Institutional Privacy Office is to monitor compliance with federal and state privacy regulations, as well as general industry privacy standards for restricted or sensitive information collected, used, and/or retained by the University. This office provides the centralized oversight for compliance relating to applicable laws, regulations and policies that govern privacy related activities for the University. The Institutional Privacy Office is committed to University outreach including training and assisting members of the user community in conducting their activities to the highest level of integrity, confidentiality and professionalism.
This position supports the ongoing development of the Institutional Privacy Office including:
o Develop, implement, and maintain University privacy-focused policies, procedures and guidelines that comply with Federal and State regulations in coordination with appropriate members of the Organization, including legal counsel, information technology security group, sponsored research executive team.
o Conducting, coordinating, and documenting investigations of potential non-compliance with privacy requirements.
o Develop a privacy communication and awareness plan for the University.
o In the case of a breach assist the Chief Privacy Officer, the Information Security Office, and the involved business unit in coordination of notifications or any other support as deemed necessary.
o Ensure University Units follow the established policies to ensure all procurement of material or services from vendors are compliant with established privacy guidelines including assisting University units in developing mitigation action plans for issues that might arise.
o In the absence of the Chief Privacy Officer, serve as the University centralized contact and authority for privacy issues including complaints, incidents or breaches.
o Establish relationships to exchange privacy best practices and consulting authority that adds value to the University.
o Coordinate communications at all levels – staff, faculty, students, customers, executives, vendors – and to diverse constituencies (technical and non-technical).
o Develop, maintain, enhance and deliver privacy related training for the University.
o Stay current on industry trends for this position including ever changing federal and state regulations, business publications, industry councils, etc
Information Technology Services: http://its.unc.edu/
Interested applicants must go to the UNC-CH job search page to apply for this position:
The University of North Carolina at Chapel Hill is an equal opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or status as a protected veteran.
Required Education and Experience
Bachelor’s degree is required.
One to three years of experience in privacy compliance or risk management.
One to three years of experience in privacy compliance or risk management within higher education.
Three to five years of experience in a legal or regulatory capacity.
Extensive experience reviewing and approving legal contracts and research related agreements.
Experience working in a heavily regulated, monitored and audited environment.
Advanced degree in law (J.D.) or related field is preferred.
Working knowledge and experience monitoring state and federal privacy laws, regulations and best practices surrounding:
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accounting Act (HIPAA)
North Carolina’s Identity Theft Protection Act (NC ID Theft Act)
One or more of the following certifications:
Certified Information Privacy Professional (CIPP)
Certified in Healthcare Privacy Compliance (CHPC)
Experience working in a Top 50 research university with an academic medical center
Experience working at a R1, research-extensive university, under the Carnegie Foundation’s classification of colleges and universities
Experience working at a public university with over $500 million in research funding
A successful candidate will have a proven record of the following:
The position must have the ability to interface with, and gain respect of, stakeholders at all levels and functions within the University.
Must have a sense of urgency and demonstrated commitment to high standards of ethics, regulatory compliance, customer service and process integrity.
Ability to translate new proposed regulation, assess the impacts of such new regulations, and apply to University’s current practices for compliance.
Ability to propose, develop, and maintain policies and procedures.
Diplomacy skills and the ability to moderate between competing priorities.
Ability to develop cooperative agreements with appropriate constituents.
Ability to explain federal and state regulation issues and policies to all levels and rank.
Ability to give presentations on federal and state regulatory issues to a broad range of audiences.
Excellent oral and written communication skills.
Interpersonal communication, human relations and team building skills.
Ability to foster and maintain good working relationships with faculty, administrators, students, senior management, and other University leaders.