Director, Privacy

You could be the one who changes everything for our 28 million members. Centene is transforming the health of our communities, one person at a time. As a diversified, national organization, you'll have access to competitive benefits including a fresh perspective on workplace flexibility.

Position Purpose:

The Director leads the Privacy & Security Enterprise Engagement Officers (EEO) Market Team within Enterprise Privacy & Security Risk Management (EPSRM). This role translates privacy, security, artificial intelligence (AI), business continuity, and related obligations from client contracts-including laws and regulations-into actionable enterprise requirements. The Director builds trusted partnerships with Health Plan leadership and key enterprise stakeholders (Enterprise Compliance, Operations, Business Technology Solutions, ITCC, Privacy, Vendor Risk, Legal, etc.) to drive contract assurance, readiness reviews, RFP support, and continuous improvement. The position ensures team alignment with EPSRM's goals and accountability for Health Plan deliverables.

• Lead, coach, and scale the Market EEO team to deliver consistent, high-quality engagement across all assigned state Medicaid Health Plans and the Medicare and Marketplace lines of business

• Align staffing and resources to market and line of business complexity, volume, and key cycles

• Ensure the team's alignment with and achievement of defined goals

• Responsible for onboarding, training, allocating and prioritizing tasks, setting goals, and managing performance and career development for team members

• Serve as the primary EPSRM engagement leader for Health Plan lines of business; support stakeholders as needed to track obligations, risks, and decisions

• Direct and oversee the team's ongoing efforts to serve as a subject-matter-expert for privacy, security and AI requirements and ensure regulatory, legislative, and contractual privacy, security & AI requirements are understood and operationalized

• Provide Executive-ready updates for Health Plan and EPSRM leadership

• Build trusted relationships with internal and external stakeholders to resolve blockers and escalate issues effectively

• Meet with regulators or other state representatives to answer questions and achieve clarity on the understanding of requirements

• Meet with auditors to demonstrate Centene's privacy, security, AI and operational resilience compliance

• Interpret and operationalize privacy, security, AI, and business continuity obligations from contracts, RFPs, and laws/regulations (e.g., HIPAA, CMS/MARS-E/ARC-AMPE, NCQA, state Medicaid/Exchange)

• Maintain a centralized requirements & deliverables register or pipeline mapping obligations to owners, timelines, and evidence for audits & assessments

• Ensure adequacy of control validation evidence and support gap closure prior to delivery or readiness reviews

• Monitor legal and regulatory changes and how they are/will impact contracts and effectively communicating impacts to stakeholders

• Direct and oversee the team's ongoing efforts to discover, assess impact of, and communicate new or changing regulatory, legislative, and contractual requirements related to privacy, security, AI and operational resilience

• Direct and oversee the team's ongoing efforts to identify and bring awareness to privacy, security, AI and operational resilience risks and control gaps, and champion solutions for those within the context of Centene's business operations and technology environments in partnership with internal and external teams to EPSRM

• Ensure System Security Plans (SSPs) or System Security & Privacy Plans (SSPPs) and other related deliverables are accurate & complete

• Establish and mature processes for plan deliverables (i.e., SSPs/SSPPs, BCP plans, incident response attestations, vendor security attestations, etc.)

• Lead EPSRM contributions to new market entries, procurements, and renewals-including RFP responses and readiness reviews

• Direct and oversee the team's ongoing efforts to ensure privacy, security, AI and operational resilience objectives are treated as business and technology requirements

• Facilitate regulator and client requests with timely, accurate responses aligned to relevant policy

• Ensure Health Plans understand EPSRM expectations for activities related to incident response, breach reporting, vendor management, etc.

• Validate readiness through participation in tabletop exercises and evidence reviews

• ?Drive enhancements to engagement processes, reporting, and compliance maturity

• Support and contribute to EPSRM's multi-year plan and portfolio reporting

• Performs other duties as assigned

• Complies with all policies and standards

Education/Experience:

Minimum Education:

Bachelor's degree in Information Security, Information Technology, Computer Science or other related field. Master's degree preferred.

Licensure / Certifications:

CISSP, CISM, CIPP/US, AIGP, CRISC, or CISA or reputable equivalent preferred

Minimum Experience:

• 8 years of experience with security capabilities, technologies and architecture

• 5 years of experience in leading Business Information Security Officer (BISO), Technology Information Security Officer (TISO), or Technical Enterprise Engagement teams and engaging with executive leaders

• 3 years of experience with government sponsored health plan operations and associated regulatory and contractual requirements or similarly regulated industry

• 3 + years of supervisory/management experience

Additional knowledge, skills, and abilities necessary to perform the role:

• Contracts : Assess & interpret contract/regulatory obligations into control-based capabilities for operational delivery across multiple stakeholders

• Regulations/Laws : State & Federal Privacy, Cybersecurity & AI laws & regulations applicable to healthcare payors and related business entities (i.e., HIPAA/HITECH, CCPA/CPRA, CPA, CTDPA, CAIA, VPA, COPPA, TCPA, etc.)

• Frameworks : NIST 800-53, CMS/MARS-E/ARC-AMPE, NCQA, SOC 2, HITRUST, ISO 27001, etc.

• Industries : Healthcare Payor or Exchange, Healthcare Compliance, Healthcare Risk, or other highly regulated government contracted industry with highly sensitive data activities

• Leadership : Ability to navigate and communicate regulatory, legislative, and contractual privacy, security and AI requirements within the context of business operations and supporting technology environments; ability to lead and develop business and technology facing engagement teams within the context of regulatory, legislative, and contractual privacy, security and AI requirements

• Communication : Effective Executive communication and stakeholder influence across multiple services, such as Legal, Compliance, InfoSec, Technology, and Health Plan operations; experience speaking with regulators & auditors

Pay Range: $145,100.00 - $268,800.00 per year

Centene offers a comprehensive benefits package including: competitive pay, health insurance, 401K and stock purchase plans, tuition reimbursement, paid time off plus holidays, and a flexible approach to work with remote, hybrid, field or office work schedules. Actual pay will be adjusted based on an individual's skills, experience, education, and other job-related factors permitted by law, including full-time or part-time status. Total compensation may also include additional forms of incentives. Benefits may be subject to program eligibility.

Centene is an equal opportunity employer that is committed to diversity, and values the ways in which we are different. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or other characteristic protected by applicable law.

Qualified applicants with arrest or conviction records will be considered in accordance with the LA County Ordinance and the California Fair Chance Act