NuVasive, Inc. Sr. Privacy Specialist in San Diego, California

Sr. Privacy Specialist

US, US, CA - San Diego

Minimum Level of Education Required:Bachelors Degree

Percentage of Travel:Up to 25%

Location:CA - San Diego


Job Description

Summary Statement:

NuVasive, Inc. is seeking to hire an experienced Privacy Specialist capable of implementing, adapting, and building out its Global Privacy Program, data security and information governance. The candidate will report to the Risk Management Leader/Privacy Officer and the position is part of the Global Risk & Integrity Department (GRI).

In collaboration with the Company’s Privacy Officer and GRI Leaders, this candidate will help implement security safeguards, including but not limited to: security risk analysis and management, monitoring and reviewing system access, following up on and mitigating security incidents. This individual also participates in project planning, implementation and post-implementation activities to support corporate policies and procedures concerning safeguarding of the organization’s confidential information. The position actively helps ensure the organization is in compliance with HIPAA, GDPR and other applicable federal, state and international laws, regulations and guidance concerning the safeguarding of confidential information; company policies and procedures concerning safeguarding of confidential information; and the organization’s rules regarding business ethics and professional conduct.

Key Responsibilities:

Top 3 Responsibilities:

  1. Coordinates the development, modification, implementation and evaluation of organization-wide information privacy and security policies and procedures, as required by HIPAA, GDPR and other applicable federal, state and international laws, regulations and guidance;

  2. Maintains current knowledge of applicable privacy laws, and accreditation standards (as applicable) and develops and implements organizational information privacy and security training;

  3. Monitors advancement in information privacy technologies to ensure organizational adoption and compliance.

Primary Job Duties:

  1. Collaborates with the Privacy Officer, GRI team members, and other stakeholders (e.g., Legal, Human Resources, Accounting, Information Technology, Clinical Services and Sales) to further develop (and ensure compliance with) various aspects of the organization’s Global Privacy Program , including but not limited to the following:

· Facilitates the creation and implementation of the Company’s information privacy policies and procedures;

· Performs privacy gap analyses, security risk assessments, and ongoing compliance monitoring activities in coordination with the Company’s other compliance and operational assessment functions;

· Assesses effectiveness of the Company’s privacy, data security and corporate record programs while recommending improvement opportunities;

· Reports to the Corporate Risk Management Committee (CRMC) and the Corporate Integrity Steering Committee (CISC) on a periodic basis regarding the status of the organization’s privacy initiatives.

  1. Develops and implements organizational information privacy and security training and awareness program, as required by HIPAA, GDPR and other applicable laws, in conjunction with the Privacy Officer and other GRI team members. Delivers initial and ongoing privacy and security training.

  2. Collaborates with internal and external legal counsel and appropriate department heads to ensure the Company has and maintains appropriate privacy and confidentiality agreements, information notices and materials reflecting current organization and legal practices and requirements.

  3. Establishes and maintains processes and procedures to track access, use and disclosure of data, including “protected health information” as defined by HIPAA, “personal data” as defined by GDPR, and other individually identifiable information.

  4. Identifies potential areas of compliance vulnerability and risk, develops and implements corrective action plans for resolution of issues and concerns.

  5. Reviews processes and procedures for compliance with regulatory and audit requirements;

  6. Performs periodic reviews of systems, applications and network configurations, access and activity to ensure compliance with data security policies, procedures, standards and legal and regulatory compliance. Documents the review results and maintains records for audit and reporting purposes.

  7. Responds to potential violations of rules, regulations, policy, procedures and standards of conduct by investigating and evaluating the situation and circumstances.

Other Duties and Responsibilities:

· Leads by example to implement effective policy and procedures;

· Demonstrates the ability to work under stress, interruptions and tight deadlines;

· Able to understand complex business strategy, interpret what will be needed to achieve objectives, and formulate a plan of action to close the gap;

· Highly motivated, self-starter who collaborates well with others;

· Performs other duties and provides support in varied areas, as assigned.

Additional Responsibilities/Requirements:

· Perform duties in compliance with applicable FDA and state regulations as well as standards including, but not limited to, ISO 13485.

Nature and Scope:

· Guided by GRI functional area strategy; implements policies and defines approach to privacy strategy achievement;

· Responsible for accomplishing results through management of teams or other professionals; exercises control over resources, policy formulation and planning;

· Works on issues where analysis of situations or data requires an in-depth knowledge of organizational and business objectives;

· Establishes and assures adherence to budgets, schedules, work plans, and performance requirements;

· Regularly interacts with senior management or executive levels on matters concerning the GRC functional areas.

· Requires the ability to change the thinking of, or gain acceptance from, others in sensitive situations, without damage to the relationship.

Supervisory Responsibilities:

· Manages activities of multiple sections or departments. Exercises supervision in terms of costs, methods, and staffing. In some instances this role may have subordinate employees.

Basic Qualifications

· Bachelor’s degree required, with a minimum experience between 3-5 years in the field of privacy;

· International Association of Privacy Professionals (IAPP), Health Care Compliance Association (HCCA) or other privacy industry certifications preferred;

Preferred Qualifications

· Experience in developing policies, procedures, training programs, compliance assessment and monitoring tools and techniques;

· Experience in hands on and collaborative approach to solving and/or resolving issues, as well as planning and executing complex projects;

· Sound working knowledge of current international, Federal and State healthcare and privacy laws and regulations and skills in researching international, Federal and State laws, rules and regulations;

· Independent and objective thinker, able to advance ideas and influence others, manages conflicts in an open and constructive manner;

· Must possess attention to detail, logical reasoning, able to formulate ideas and opinions to implement short and long term plans and solutions;

· Must be able to interpret, correlate and implement programs that maintain compliance with rules, laws and regulations;

· Demonstrates the ability to think strategically and assist the organization and management of a cross functional team is necessary;

· Must be able to manage and prioritize multiple tasks/projects, work autonomously, and meet deadlines;

· Must have strong organizational skills to operate independently with considerable initiative, applying a high level of discretion, sound judgement, and confidentiality;

· Must possess excellent written and verbal communication skills;

· Must maintain congenial, professional and collaborative relationships with internal and external parties; and

· Proficient working knowledge of Microsoft Office.

Working Conditions:

· The position is core hours and work days are Monday through Friday during business hours and may require late hours and/or weekends to complete work assignments;

· Periodically is on call for 7x24 support;

· Works in an air conditioned office environment.

Physical Requirements:

· The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions;

· Required to sit, walk, stand, see, hear, speak, finger dexterity, and user of personal computer with a keyboard to perform essential job duties;

· Must be able to occasionally lift and/or move objects weighing up to 25 pounds;

· Must have transportation to travel to various locations within Southern California for meetings and events;

· Must be able to travel to the to other locations in the Unites States, and overseas when necessary. Approximate travel time 15-20%.

NuVasive is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability. The “EEO is the Law” poster options are available here at .

About NuVasive

NuVasive, Inc. (NASDAQ: NUVA) is the leader in spine technology innovation, focused on transforming spine surgery and beyond with minimally invasive, procedurally-integrated solutions designed to deliver reproducible and clinically-proven surgical outcomes.The Company’s portfolio includes access instruments, implantable hardware, biologics, software systems for surgical planning, navigation and imaging solutions, magnetically adjustable implant systems for spine and orthopedics, and intraoperative monitoring service offerings. With $962 million in revenues (2016), NuVasive has an approximate 2,300 person workforce in more than 40 countries serving surgeons, hospitals and patients. For more information, please visit

©2015 NuVasive®, Inc. Privacy at Terms and Conditions at

NuVasive is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability. The “EEO is the Law” poster options are available here at .

Nuvasive is committed to working with and providing reasonable accommodation to individuals with disabilities. If you are an individual with a disability who requires reasonable accommodation to complete any part of our application process, including the use of this website, please contact us at