[Hiring] Senior Privacy Specialist Cyber Security and Privacy Operations @Fresenius Medical Care

Role Description

• Monitor and assess alerts, cases, and reports for potential privacy incidents (e.g., unauthorized access, data exfiltration, misdirected communications).
• Perform initial triage to classify incidents involving Personal Data (PII/PHI).
• Lead or support end-to-end investigation of privacy incidents.
• Analyze impacted data elements, systems, and individuals; determine root cause and scope of exposure.
• Document incident findings in accordance with legal and compliance requirements.
• Evaluate breach thresholds under regulations (HIPAA, GDPR, state breach laws).
• Coordinate with Legal on breach notification obligations.
• Support preparation of regulatory filings and communications to affected individuals.
• Participate in incident response war rooms and crisis management efforts.
• Ensure alignment between technical containment and privacy obligations.
• Maintain detailed incident records and case documentation.
• Track incident metrics (e.g., time to detect/respond, incident trends).
• Provide reporting to leadership, regulators, and audit teams.
• Enhance privacy incident response playbooks and workflows.
• Conduct tabletop exercises and training sessions.
• Contribute to privacy program maturity and continuous improvement initiatives.
• Participate in projects collaborating with stakeholders as needed.
• Monitor the Privacy Office inbox and provide timely guidance and responses to inquiries.
• Develop and deliver privacy training and awareness initiatives to promote a culture of data protection and compliance.
• Draft and review privacy policies and procedures to ensure alignment with applicable regulations and organizational standards.

Qualifications

• Bachelor’s degree in Cybersecurity, Information Security, Law, Privacy, Healthcare or related field (or equivalent experience).

Requirements

• 5+ years of experience in Privacy Operations.
• Experience building or leading a Privacy Incident Response function preferred.
• Direct interaction with regulators or auditors.
• Knowledge of data mapping, data governance, and privacy engineering.
• Handling data breach or privacy incidents.
• Strong understanding of data protection regulations (HIPAA, GDPR, CCPA, etc.).
• Familiarity with privacy principles and data classification.
• Understanding of the incident response lifecycle (NIST/SANS framework familiarity).
• Certifications such as:
• CIPP (US/E, or equivalent)
• CIPM / CIPT
• CISSP, CISM, or GIAC (GCIA, GCIH)
• Certified Healthcare Compliance Professional (CHC) or Certified Healthcare Privacy Compliance (CHPC)
• Experience in healthcare or other regulated industries.

Benefits

• Comprehensive benefits package including medical, dental, and vision insurance.
• 401(k) with company match.
• Paid time off.
• Parental leave.

Company Description

Fresenius Medical Care is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sexual orientation, gender identity, parental status, national origin, age, disability, military service, or other non-merit-based factors.