"Director of Privacy"

Position Summary: Rutgers, The State University of New Jersey, is seeking a Director of Privacy for University Ethics and Compliance (UEC) with University Finance and Administration (UFA.) Reporting to the Associate Vice President and Deputy Chief University Compliance Officer, this position serves as the Rutgers Privacy Officer, responsible for the strategic direction, oversight, and execution of a comprehensive university-wide privacy program. The Director of Privacy ensures compliance with privacy regulations impacting higher education and healthcare, including the Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), Gramm-Leach-Bliley Act (GLBA), and General Data Protection Regulation (GDPR). This position supports the implementation of the seven elements of an effective compliance program as outlined by the Federal Sentencing Guidelines.

• Implements a university-wide privacy compliance framework that supports individual choice and manages risk across healthcare, academic, and administrative settings.
• Oversees the development, maintenance, and enforcement of privacy-related policies and procedures, consent and authorization forms, business associate agreements, and related documentation.
• Partners with management, departments, and committees to align privacy practices with federal and state laws, as well as institutional strategy and risk mitigation.
• Participates in the development and continual enhancement of the privacy component of the university's compliance program, including the integration of HIPAA, FERPA, GLBA, and GDPR policies.
• Serves as a liaison to the IRBs and other oversight bodies to promote compliant data access and research practices.
• Oversees or coordinates privacy training and education efforts for faculty, staff, students, contractors, business associates, and volunteers.
• Conducts audits and monitoring activities across university operations and third-party relationships to assess adherence to privacy regulations and internal policies.
• Leads the intake, investigation, documentation, and resolution of privacy complaints and incidents in collaboration with the Office of General Counsel and other appropriate offices.
• Coordinates response and mitigation efforts for suspected or confirmed privacy breaches, working closely with the Office of Information Security.
• Serves as a privacy consultant across the institution and liaises with external regulatory agencies during investigations and compliance reviews.
• Tracks regulatory changes and industry best practices to maintain a current and responsive privacy program.
• Supervises and develops privacy staff within the UEC and supports their understanding and implementation of compliance policies.
• Promotes consistent application of privacy policies and disciplinary action when violations occur.
• Supports the university's diversity, equity, and inclusion efforts through inclusive compliance practices.
• Performs other related duties as assigned.

Minimum Education and Experience: Bachelor's degree and at least eight (8) years of relevant privacy compliance management experience; or an equivalent combination of education and/or experience.

Equipment Utilized: Microsoft Office tools (Word, Excel, PowerPoint).