Position Summary:

UTHealth Houston's Information Technology group is seeking a candidate who is interested in a career leading our institution in privacy and data confidentiality. The Assistant or Deputy Privacy Officer supports UTHealth Houston's enterprise-wide privacy program by coordinating efforts in privacy compliance, risk assessment, policy development, training, incident response, and data governance. The position involves monitoring adherence to federal, state, and international privacy laws (such as Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), General Data Protection Regulation (GDPR)), managing privacy-related requests, overseeing third-party compliance, and coordinating organization-wide training and awareness. The ideal candidate will possess strong project management and communication skills, a deep understanding of privacy laws, and experience in higher education or healthcare settings. Preferred qualifications include advanced degrees or certifications in privacy and data confidentiality.

This position will require working on-site for much of the time, especially during the initial training period. You will need to have experience with privacy as well as knowledge of laws in this area. It would be nice to have some experience with the U.S. Department of Health and Human Services' Office for Civil Rights.

What we do here changes the world. UTHealth Houston is Texas' resource for healthcare education, innovation, scientific discovery, and excellence in patient care. That's where you come in.

Once you join us you won't want to leave. It's because we reward our team for the excellent service they provide. Our total rewards package includes the benefits you'd expect from a top healthcare organization (benefits, insurance, etc.), plus:

• 100% paid medical premiums for our full-time employees
• Generous time off (holidays, preventative leave day, both vacation and sick time - all of which equates to around 37-38 days per year)
• The longer you stay, the more vacation you'll accrue!
• Longevity Pay (Monthly payments after two years of service)
• Build your future with our awesome retirement/pension plan!

We take care of our employees! As a world-renowned institution, our employees' wellbeing is important to us. We offer work/life services such as...

• Free financial and legal counseling
• Free mental health counseling services
• Gym membership discounts and access to wellness programs
• Other employee discounts including entertainment, car rentals, cell phones, etc.
• Resources for child and elder care
• Plus many more!

Position Key Accountabilities:

• Provides guidance and support to stakeholders on privacy laws, policies, and processes for UTHealth Houston's enterprise-wide privacy program
• Regularly reviews data processing activities to identify potential privacy risks, ensuring compliance with data protection laws and internal privacy policies. Ensures that UTHealth Houston complies with applicable state, federal, and international laws, University policies and procedures, and industry privacy standards, including Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), General Data Protection Regulation (GDPR)), Texas medical records privacy law, and other privacy and data confidentiality related laws and standards.
• Coordinates, develops and implements the University's privacy and data confidentiality compliance policies, standards and activities in collaboration with applicable offices and/or satellite campuses. Proactively defines and updates privacy policies, procedures, and processes for UTHealth Houston, determining the business impact and compliance strategies for new regulations in the privacy and data protection space.
• Works with the Chief Privacy Officer to plan, develop, and implement privacy training programs, notifications and communications. Creates outreach programs that focus on campus-wide compliance and best practices with privacy and data confidentiality requirements. Help drives a company culture that focuses on privacy and information protection.
• Works closely with different departments within UTHealth Houston and external partners to integrate privacy considerations into business operations. Works closely with stakeholders, gathering requirements for inventory and related tools, vetting tools/vendors, and working with operations and others to implement data inventorying and classification tools.
• Assists in investigating and responding to potential data breaches or privacy incidents, including reporting to relevant authorities when necessary. Collaborates with information security and compliance teams to evaluate whether security incidents potentially involve personal or sensitive data, and provides guidance on the appropriate investigation and remediation of such incidents. Monitors systems and processes for receipt of privacy and data confidentiality inquiries, concerns, and potential breaches of protected privacy data and information. Conducts timely investigations and breach analyses of incidents. Assists in the cooperation with outside agencies, Office of Civil Rights, other legal entities, and organization officers in any compliance reviews or investigations. Responsible for drafting and coordinating any data breach notifications.
• Maintains current knowledge of applicable federal and state privacy laws and accreditation standards, and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance.
• Coordinates on matters relating to data protection and/or classification. Coordinate privacy and information governance efforts including having oversight responsibility for the data inventory project.
• Conducts data privacy risk assessments to identify potential vulnerabilities and develop mitigation strategies.
• Manages data subject access requests, data correction requests, and data deletion requests in accordance with applicable regulations.
• Works with procurement, sponsored projects, and legal affairs in reviewing contracts with third-parties to ensure they comply with data privacy requirements.
• Manages Human Resources activities of department in regards to: recruiting and selection, hiring and termination, training, professional development, mentoring, counseling, performance evaluations, and salary planning.
• Performs other duties as assigned.

Certification/Skills:

• Understanding compliance and policies in the context of institutions of higher education or healthcare, and how that relates to privacy and data confidentiality regulation requirements.
• Demonstrated knowledge of privacy laws and regulations.
• Excellent oral and written communication skills and experience with preparing and performing informational presentations, including the ability to respond to questions from faculty, staff, students, patients, and the general public in both small and large group settings.
• Excellent organizational and project management skills and ability to perform all duties with accuracy, timeliness, and trust, in a professional, competent, and courteous manner, exercising independent judgment and sound decision-making skills. Ability to collaborate with multiple entities to plan and accomplish objectives, and coordinate multiple, large, and complex projects from conception to completion. Demonstrated experience with Microsoft Office suite, databases, and presentation software.
• Innovative, forward-thinking, and results-oriented with a passion to solve complex problems in a creative and pragmatic way and to translate laws and regulations into actionable policies and procedures that enable business objectives.
• Strong collaboration skills across all levels of the organization.
• Knowledge of privacy and data confidentiality regulations pertinent to higher education, including, but not limited to: FERPA, HIPAA, GDPR, state medical records privacy laws, and other privacy and data confidentiality-related laws and standards preferred.
• Licensed Attorney by the State Bar of Texas (SBOT) preferred

Minimum Education:

Bachelor's Degree in a related field required. Graduate of an education program approved by the credentialing body for the required credential(s). Law or related field preferred. May substitute required education with equivalent years of experience beyond the minimum experience requirement.

Minimum Experience:

At least 6 years of experience with privacy and data confidentiality compliance, or equivalent experience required. Experience as an investigator/administrator with the ability to read, understand, and explain law and policy to a diverse range of audiences is preferred.

Physical Requirements:

Exerts up to 10 pounds of force occasionally and/or a negligible amount frequently to move objects.

Security Sensitive:

This position is a security-sensitive position pursuant to Texas Education Code §51.215 and Texas Government Code §411.094. To the extent that a position requires the holder to research, work on, or have access to critical infrastructure as defined in Texas Business and Commerce Code §117.001(2), the ability to maintain the security or integrity of the infrastructure is a minimum qualification to be hired for and to continue to be employed in that position. Personnel in such positions, and similarly situated state contractors, will be routinely reviewed to determine whether factors such as criminal history or continuous connections to the government or political apparatus of a foreign adversary might prevent the applicant, employee, or contractor from maintaining the security or integrity of the infrastructure. A foreign adversary is a nation listed in 15 C.F.R. §791.4.

Residency Requirement:

Employees must permanently reside and work in the State of Texas.