Job Information
Stanford University Senior Privacy Officer - School of Medicine (SoM) in Stanford, California
Senior Privacy Officer - School of Medicine (SoM)
Business Affairs, Redwood City, California, United States
Compliance Legal
Post Date May 10, 2024
Requisition # 103217
Stanford University is not just about finding your “next job,” but where we hope you will discover a rewarding career, as well as life-changing experience filled with rich traditions, a deep passion for collaboration and innovation, an unparalleled respect for diversity and creative freedom, and a culture of excellence. As one of the world’s premier research institutions, Stanford devotes tremendous resources toward the betterment of humanity. Hundreds of initiatives — in everything from medicine to engineering, the environment, peace, and national security — create an atmosphere humming with intelligence and excitement.
Stanford seeks a seasoned privacy professional to serve as a senior privacy expert in the University Privacy Office (UPO), with a leadership role and focus for Stanford’s School of Medicine (SoM). Final job-level will be based on candidate experience and expertise. As the successful candidate, you will work in an entrepreneurial academic community to provide proactive guidance and support to SoM administration, faculty, and staff in all aspects of privacy for the SoM, collaborate with UPO colleagues to implement the University privacy program in the SoM, and oversee SoM’s application of Stanford’sMinimum Privacy Standards. This position serves as the focal point for addressing privacy issues in relation to SoM objectives, serves as a key member of the university privacy team, and liaises with the university and hospital privacy teams to harness resources and support the protection of information entrusted to the University related to students, faculty, administration and staff, research participants, and other key constituents.
The position sits within the University Privacy Office (UPO) in the Office of the Chief Risk Officer (OCRO). The senior privacy expert reports primarily to the Stanford University Chief Privacy Officer and, when necessary, is accountable to the Hospital Chief Privacy Officer for HIPAA-specific matters. The University Privacy Office is one of seven functional units within OCRO, which also includes Enterprise Risk Management (ERM), Internal Audit, the Office of Ethics and Compliance, Risk Management and Insurance, Global Risk Management, and Information Security (which reports dually to University Information Technology). OCRO’s role spans Stanford and enjoys strong institutional support and commitment. OCRO strives to be a valued partner and advisor. Across the Stanford ecosystem, OCRO supports Stanford’s missions by providing strategic consultation, independent assurance, and a catalyst for coordinated, balanced action on risk and compliance matters.
Note: There are two potential position levels. Final job-level will be based on candidate experience and expertise.
Core Duties
While managing the SoM risk associated with privacy, the senior privacy expert enables innovation and discovery related to data and promotes academic freedom, balanced with ever-evolving compliance obligations and other privacy considerations. The senior privacy expert supports SoM personnel’s ability to accomplish mission objectives by providing responsive advice and guidance and facilitating timely risk and issue identification and resolution in collaboration and coordination with Stanford’s privacy programs and other risk functions throughout Stanford. The senior privacy expert directs SoM’s implementation of the university’s privacy policies and procedures, oversight and monitoring plans, and privacy education and awareness-building. The senior privacy expert’s priorities include:
Service
Prioritize service to the SoM’s academic and research enterprises in collaboration with UPO and the Research Data Governance and Privacy function.
Provide privacy support to SoM leadership and collaborate with SoM’s leadership on all privacy-related matters.
Anticipate and address privacy issues as they arise, respond to internal and external inquiries, concerns, and complaints, and prepare formal responses.
Develop and direct strategic plans for the SoM’s privacy program in the context of the overall UPO plan, and regularly evaluate the program’s effectiveness.
Manage and conduct privacy audits, reviews, and investigations, including follow-up activities to assess and report on implemented corrective actions, as necessary.
Educate and guide faculty, staff, and students; increase awareness and proficiency around privacy issues to reduce risk and incidents.
Support
Support and oversee SoM practices to protect personal and institutional information in a manner consistent with University values and applicable laws and regulations.
Stay current in the dynamic regulatory environment.
Support university investigations into privacy-related allegations and incidents (including investigations into unauthorized access, use, and/or disclosures of Protected Health Information (PHI) and Personal Identifiable Information (PII), as needed. Work with UPO leadership to develop corrective action plans and subsequent monitoring plans.
May provide input to university leadership on school and/or institutional privacy policies and guidelines.
Collaboration
Coordinate as needed with the Privacy Office for Stanford Health Care and Stanford Medicine Children’s Health (Hospital Privacy).
Capitalize on the vibrant spirit of partnership across Stanford to serve as a trusted colleague.
Partner with and obtain legal advice from the Office of the General Counsel.
Work closely with the SoM Chief Information Security Officer, staff of the Information Security Office (ISO), and other information security and privacy leaders across Stanford.
Assist in preparing and presenting the results of the UPO’s privacy activities to senior leadership and the Board of Trustees.
Represent UPO on relevant campus committees; provide thought leadership and expertise.
Serve as a representative to the Privacy Governance Council.
Note: The core duties for the role are consistent across the two potential positions levels. A more senior role will add a higher level of responsibility and autonomy to all duties.
Minimum Education and Experience
Bachelor's degree and seven years of relevant audit, privacy, compliance or other relevant experience in higher education, health care, research-based non-profit organizations, or government contracting or combination of education and relevant experience.
Seven years of increasingly responsible privacy program experience.
Demonstrated, successful experience in a large, complex research-intensive university or academic medical center with substantial research activities required.
Knowledge of human subject protection principles, clinical trials, and IRB oversight.
Expertise in the applicability of HIPAA rules to clinical and academic research protocols required.
Experience with FERPA, GDPR, PIPL, and California Civil Code section 1798.82 preferred.
Experience coordinating activities between a university and hospital is a plus.
Demonstrated ability to build successful relationships with a wide range of professionals across a complex organization while maintaining the ability to be decisive and forthright in a consensus-driven environment.
Demonstrated working knowledge of information/data security standards, systems and frameworks (e.g., SecDevOps, W3C standards, NIST 800-53, ISO 27001, SOC2 requirements, secure SDLC, HIPAA Security Rule, etc.).
Demonstrated success in providing strong customer service to stakeholders.
Bachelor’s degree required. An advanced degree in law (JD), privacy, or a related field preferred.
CISSP certification is a plus.
Certified Information Privacy Professional or Certified in Healthcare Privacy Compliance designation is a plus.
Membership and leadership in national privacy organizations are a plus.
Additional Minimum Education and Experience Requirements for Consideration at M Level:
Bachelor's degree and ten years or more of relevant audit, privacy, compliance or other relevant experience in higher education, health care, research-based non-profit organizations, or government contracting or combination of education and relevant experience.
Ten or more years of increasingly responsible privacy program experience.
Knowledge, Skills, and Abilities
Knowledge of academic research environment and risks, and comfort in navigating the intersection of research, clinical data, and privacy.
Expert knowledge of HIPAA, especially as it relates to research activities, and HITECH Breach Notification Protocol/Process. Working knowledge of industry-accepted privacy and security frameworks.
Strong project management skills to effectively manage multiple ongoing projects and coordinate activities among many significant stakeholders.
Demonstrated ability to effectively prioritize work and meet deadlines in a fast-paced environment.
Ability to understand, research, analyze, interpret, and apply complex federal, state, and international privacy laws, rules, regulations, and guidelines and constantly changing risk profiles and evolution.
Comfortable with ambiguity and lack of clarity; a flexible approach to problem solving and an understanding of the dynamic and emerging nature of privacy.
Dedication to treating both internal and external stakeholders as clients, while maintaining a flexible customer service approach and orientation that emphasizes service satisfaction and quality.
Agile; appreciation for the complexity of how information flows.
Ability to earn the respect of colleagues at all levels. Effective facilitation skills with diverse groups.
Highly effective written, oral, and interpersonal communication skills to address a variety of sophisticated audiences.
Strong interpersonal, negotiation, and political acumen skills. Able to influence people, solve problems, troubleshoot, think creatively, and resolve conflicts.
Digital proficiency and sound business judgment.
Understanding that this privacy leadership role does not involve the practice of law, which is a function performed by Stanford’s Office of the General Counsel.
Ability to passionately model and demonstrate consistently high standards of professional ethics, integrity, and trust embodied in the values, philosophy, mission, and vision of Stanford University.
Additional Knowledge, Skills, and Abilities Requirements for Consideration at M Level:
Strong leadership, interpersonal, and written and oral communications skills.
Demonstrated abilities to interact, coordinate, and collaborate with other senior staff across the University to establish strategic plans and objectives.
Demonstrated excellent judgment and sound decision making to obtain viable solutions.
Demonstrated ability to interact with all levels of staff to include executives and University's most senior staff using special skills such as influence or negotiation.
Demonstrated ability to control and manage planning, staffing, budgeting, and expense priorities.
Demonstrated ability to recommend and/or implement changes to methods or policy.
PHYSICAL REQUIREMENTS:
Frequently perform desk-based computer tasks, seated work and use light/ fine grasping.
Occasionally use a telephone, stand, walk, twist, bend, stoop, squat, write by hand, sort, and file paperwork or parts.
Rarely lift, carry, push, and pull objects that weigh up to 10 pounds.
WORKING CONDITIONS:
- May have occasional extended or weekend work hours during peak business cycles.
WORK STANDARDS:
Interpersonal Skills: Demonstrates the ability to work well with Stanford colleagues and clients and with external organizations.
Promote Culture of Safety: Demonstrates commitment to personal responsibility and value for safety; communicates safety concerns; uses and promotes safe behaviors based on training and lessons learned.
Subject to and expected to comply with all applicable University policies and procedures, including but not limited to the personnel policies and other policies found in the University's Administrative Guide,http://adminguide.stanford.edu.
This position is open to remote and hybrid work arrangements, with a preference for hybrid.
This role is open to candidates anywhere in the United States. Stanford University hasfive Regional Pay Structures. The compensation for this position will be based on the location of the successful candidate. Salary to be determined based on candidate experience.
The expected pay range for the L position is $137,000 to $183,000 per annum for remote positions.
The expected pay range for the L position is $155,000 to $192,000 per annum for hybrid positions.
The expected pay range for the M position is $144,000 to $188,000 per annum for remote positions.
The expected pay range for the M position is $186,000 to $209,397 per annum for hybrid positions.
Stanford University provides pay ranges representing its good faith estimate of what the university reasonably expects to pay for a position. The pay offered to a selected candidate will be determined based on factors such as (but not limited to) the scope and responsibilities of the position, the qualifications of the selected candidate, departmental budget availability, internal equity, geographic location, and external market pay for comparable jobs.
At Stanford University, base pay represents only one aspect of the comprehensive rewards package. The Cardinal at Work website (https://cardinalatwork.stanford.edu/benefits-rewards) provides detailed information on Stanford’s extensive range of benefits and rewards offered to employees. Specifics about the rewards package for this position may be discussed during the hiring process.
Why Stanford is for You
Imagine a world without search engines or social platforms. Consider lives saved through first-ever organ transplants and research to cure illnesses. Stanford University has revolutionized the way we live and enrich the world. Supporting this mission is our diverse and dedicated 17,000 staff. We seek talent driven to impact the future of our legacy. Our culture and unique perks empower you with:
Freedom to grow . We offer career development programs, tuition reimbursement, or course auditing. Join a TedTalk, film screening, or listen to a renowned author or global leader speak.
A caring culture . We provide superb retirement plans, generous time-off, and family care resources.
A healthier you . Climb our rock wall or choose from hundreds of health or fitness classes at our world-class exercise facilities. We also provide excellent health care benefits.
Discovery and fun . Stroll through historic sculptures, trails, and museums.
Enviable resources . Enjoy free commuter programs, ridesharing incentives, discounts and more!
The job duties listed are typical examples of work performed by positions in this job classification and are not designed to contain or be interpreted as a comprehensive inventory of all duties, tasks, and responsibilities. Specific duties and responsibilities may vary depending on department or program needs without changing the general nature and scope of the job or level of responsibility. Employees may also perform other duties as assigned.
Consistent with its obligations under the law, the University will provide reasonable accommodations to applicants and employees with disabilities. Applicants requiring a reasonable accommodation for any part of the application or hiring process should contact Stanford University Human Resources atstanfordelr@stanford.edu. For all other inquiries, please submit acontact form.
Stanford is an equal employment opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law.
Additional Information
Schedule: Full-time
Job Code: 2373
Employee Status: Regular
Grade: L
Requisition ID: 103217
Work Arrangement : Hybrid Eligible, Remote Eligible
Stanford University
-
- Stanford University Jobs
