Senior Program Manager - Compliance & Privacy

Hi, we’re Gravie. Our mission is to improve the way people purchase and access healthcare through innovative, consumer-centric health benefit solutions that people can actually use. Our industry-changing products and services are developed and delivered by a diverse group of unique people. We encourage you to be your authentic self - we like you that way.

A Little More About The role:

We are seeking an experienced Senior Program Manager of Compliance and Privacy to manage various compliance initiatives, and develop and manage data privacy frameworks. This key role will ensure our organization's adherence to complex regulatory requirements impacting the healthcare industry to enhance our strategic compliance posture. 

The ideal candidate brings deep expertise in healthcare compliance, including familiarity with laws such as the ACA and ERISA, along with demonstrated success in data privacy program management. 

You will:

-Advance healthcare compliance and data privacy programs for a fast growing health benefits company.

-Maintain regulatory documents (SPDs, SBCs, etc.).  

-Develop and implement a comprehensive SOC 2 audit readiness process and ensure alignment with Trust Services Criteria (TSC).

-Create sustainable compliance infrastructure for ongoing audit maintenance.

-Assist with development of a regulatory change management process.

-Provide guidance and interpretation of complex regulatory requirements to internal stakeholders.

-Serve as primary liaison for researching and responding to external regulatory inquiries.

-Direct privacy initiatives, including management of privacy incident response, including investigations, remediation, and regulatory reporting.

-Conduct internal compliance investigations, documenting remediation efforts and outcomes. 

-Map data flows across enterprise systems to identify vulnerabilities, implement appropriate controls, and ensure regulatory compliance throughout information lifecycles.

-Monitor privacy regulations (state laws, GLBA, PCI, GDPR) to assess applicability, maintain organizational readiness, and oversee implementation of new requirements.

-Collaborate with cross-functional teams (e.g., Legal, IT, Information Security, and Operations) on compliance and data privacy related projects and initiatives.

You bring: 

-Bachelor's degree 

-7+ years of experience in healthcare or similarly regulated industry

-Demonstrated experience specifically in healthcare compliance requirements

-Existing or development of expert knowledge of healthcare privacy frameworks combined with strategic vision to transform compliance requirements into actionable safeguards.

-Experience developing and implementing policies and procedures

-Experience in data privacy, or related field

-Strong analytical skills and ability to interpret complex regulatory requirements

-Excellent written and verbal communication skills with ability to translate regulatory and compliance requirements into actionable guidance

-Proven ability to work independently and prioritize multiple competing demands

-Strong project management and organizational skills

Extra credit: 

-Previous start up company experience

-Familiarity with laws impacting health plans, such as the ACA, ERISA, and Section 125.

-In-depth knowledge of HIPAA privacy and security requirements 

-Privacy certifications such as CIPP, CIPM, CIPT, or CISA

-Experience with SOC 2 audit readiness 

-Experience with privacy technology solutions and tools

-Knowledge of state and/or international privacy regulations (CCPA, GDPR, etc.)

Gravie: 

In order to transform health insurance and build a health plan everyone can love, we need talented people doing amazing work. In exchange, we offer a great overall employee experience with opportunities for career growth, meaningful mission-driven work, and an above average total rewards package.

The salary range for this position is $105,000 - $175,000 annually. Numerous factors including, but not limited to, education, skills, work experience, certifications, etc. will be considered when determining compensation. 

Our unique benefits program is the gravy, i.e., the special sauce that sets our compensation package apart. In addition to standard health and wellness benefits, Gravie’s package includes alternative medicine coverage, flexible PTO, up to 16 weeks paid parental leave, paid holidays, a 401k program, cell phone reimbursement, transportation perks, education reimbursement, and 1 week of paid paw-ternity leave. 

A Little More About Us:

We know healthcare. Our company was founded and is still led by industry veterans who have started and grown several market-leading companies in the space.

We have raised money from top tier investors who share the same long-term vision as we do of building an industry defining company that will endure over the long run. We are well capitalized.

Our customers like us. Our revenue churn is in the low single digits, in an industry where greater than 20% churn is common.

Our culture is unique. We tend to be non-hierarchical, merit-driven, opinionated but kind people who thrive working in a high-performance, fast-paced environment. People at Gravie care deeply about making a positive impact in the lives of the people we serve. We may not be the right place for everybody, but if you get energized by doing work every day that focuses on putting consumers at the front of the line, we could be a great place for you. It takes unique people and diverse perspectives to deliver our results. We encourage you to be your authentic self – we like you that way.