ZEISS Group

Privacy & Compliance Manager

ZEISS Group

full-time

Posted on:

Location Type: Remote

Location: CaliforniaColoradoUnited States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Cyber Security

About the role

  • Oversee the day-to-day operation of Meditec’s U.S. privacy program, including development and maintenance of policies, procedures, training, and privacy governance documentation.
  • Lead incident investigation and response, including breach assessment, remediation, and notifications to regulatory agencies and other stakeholders as required.
  • Monitor and interpret international, federal, and state privacy and data protection laws (e.g., GDPR, HIPAA, CCPA/CPRA) and ensure Meditec’s collection, retention, use, and disclosure of data comply with applicable requirements.
  • Conduct routine audits and assessments of privacy and data protection practices; draft reports of findings and present recommendations for technical and operational improvements.
  • Lead project management efforts for implementation of new privacy tools, controls, and processes.
  • Draft, review and negotiate a broad range of privacy, information security, and product security agreements, including Business Associate Agreements (BAAs), Data Transfer Agreements, customer-supplied questionnaires, and cybersecurity documentation.
  • Serve as a subject matter expert on privacy and data protection, providing guidance to product engineering, IT, security, and business teams.
  • Act as a liaison with Meditec affiliates and ZEISS Corporate Data Protection Office as the Data Protection Coordinator.
  • Develop and deliver privacy training and workforce education addressing the handling of PHI, PII, and confidential information to foster a privacy-aware culture.
  • Manage and oversee U.S. federal and state Aggregate Spend / Open Payments reporting, including data collection, validation, remediation, and submission activities.
  • Actively monitor and manage external vendors, ensuring accurate data aggregation from multiple source systems.
  • Evaluate data quality issues and obtain additional information from internal stakeholders or third parties when required.
  • Perform analysis related to Healthcare Professionals (HCPs), including license verification, CMS validation failures, and residency determinations.
  • Prepare and review aggregate spend submission reports and determine completeness and accuracy for Meditec entities.
  • Submit aggregate spend data through the CMS Open Payments Portal and support company officers during attestation.
  • Investigate and resolve Open Payments disputes in collaboration with internal and external partners in accordance with federal guidelines.
  • Review, route, approve, and release payment for commercial sponsorship requests, ensuring adherence to company compliance policies.
  • Monitor and update sponsorship and transparency guidance as regulations and internal policies evolve.
  • Support compliance-related audits, investigations, and training initiatives as directed by U.S. Compliance Counsel.

Requirements

  • Bachelor’s degree required
  • Five (5) or more years of experience in data privacy / data protection
  • Three (3) or more years experience in healthcare compliance (with focus on aggregate spend / Open Payments / Sunshine Act reporting).
  • Strong understanding of GDPR, HIPAA, CCPA/CPRA, and healthcare transparency laws.
  • Working knowledge of CMS Open Payments reporting requirements.
  • Familiarity with security and risk frameworks (e.g., NIST, ISO 27001) preferred
  • Excellent analytical, organizational, and problem-solving skills.
  • Strong written and verbal communication skills with the ability to influence at all organizational levels.
  • Proven ability to manage vendors, complex data workflows, and cross-functional projects.
  • Proficiency in Microsoft Word, Excel, and PowerPoint.
  • Proactive, detail-oriented, and adaptable to changing regulatory and business priorities.
Benefits
  • Medical
  • Vision
  • Dental
  • 401k Matching
  • Employee Assistance Programs
  • Vacation and sick pay
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
data privacydata protectionaggregate spend reportingOpen Payments reportingGDPRHIPAACCPACMS Open PaymentsNISTISO 27001
Soft Skills
analytical skillsorganizational skillsproblem-solving skillswritten communicationverbal communicationinfluencing skillsvendor managementproject managementdetail-orientedadaptability