The Role

Cedar is seeking an experienced Privacy Manager to join our Legal & Compliance Team.

The Privacy Manager will be responsible for developing, implementing, and maintaining Cedar’s privacy program, with a strong focus on HIPAA, PCI-DSS, and US state privacy law compliance. This role will report directly to the Data Privacy Officer, and involve working closely with Cedar’s engineering, product, and security teams to embed privacy-by-design principles into Cedar’s products and services. The ideal candidate will possess a deep understanding of privacy regulations, data governance models, and data security best practices within the fintech and healthcare sectors.

Responsibilities

Privacy Program Development and Management

• Develop, implement, and maintain the company's enterprise-wide data privacy program, including policies, procedures, and controls.
• Serve as the initial point of contact for most data privacy matters, providing guidance to internal teams on the privacy by design framework.
• Monitor and track all program development activities and progress.
• Conduct regular privacy risk assessments and impact assessments (PIAs/DPIAs) for new products, services, and processing activities.

Regulatory Compliance

• Ensure continuous compliance with all applicable federal, state, and international data protection laws, including but not limited to:
• Health Insurance Portability and Accountability Act (HIPAA) and HITECH Act.
• California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA).
• Other state privacy laws (e.g., VCDPA, CPA, etc.).
• Oversee and manage responses to data subject access requests (DSARs) and other individual rights requests.

• Policy and Procedure Development:
• Develop and update privacy policies, standards, and procedures.
• Ensure documentation of privacy controls and compliance activities.
• Training and Awareness:
• Develop and deliver privacy training programs for various Cedar teams, including Product, Client Managers, and Human Resources.
• Foster a culture of privacy awareness throughout the organization.
• Audit and Assurance:
• Assist in internal and external audits related to privacy, HIPAA, PCI-DSS, and US state privacy law compliance.
• Work with legal and security teams to respond to regulatory inquiries and ensure audit readiness.
• Help Cedar respond to client questions and diligence regarding Cedar’s privacy and security posture.

Incident Response and Investigation

• Lead and manage the privacy incident response process, including investigation, containment, notification, and remediation of potential privacy breaches.

• Collaborate with Legal and Security teams to maintain an up-to-date and effective incident response plan.

• Escalate critical privacy matters to the Data Privacy Officer and the executive leadership team.

What we look for in an ideal candidate:

• Education:
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree preferred.
• Experience:
• At least 5 years of experience in data privacy, data protection, or data governance roles, with a significant focus on HIPAA and US state privacy laws (e.g., CCPA).
• Previous experience in a fintech or healthcare technology environment.
• Certifications (Preferred):
• CIPP/US, CIPT, CISSP, or an equivalent privacy and security certification.
• Soft Skills:
• An enthusiasm for building a great privacy function in a company that’s still growing and scaling
• Excellent communication and interpersonal skills, with the ability to articulate complex technical and privacy concepts to diverse audiences.
• Strong analytical and problem-solving abilities.
• Ability to work independently and as part of a cross-functional team.
• High level of integrity and ethical conduct.

Compensation Range and Benefits

• Salary*: $148,750 - $175,000
• This role is equity eligible
• This role offers a competitive benefits and wellness package

*Subject to location, experience, and education

#LI-REMOTE