Sr Program Manager, Data Privacy

Our Mission

Our mission is to SAVE AND IMPROVE LIVES BY EMPOWERING HEALTHCARE CONSUMERS. Come be part of remarkable.

Overview

How you can make a difference  

The Sr Program Manager, Data Privacy is responsible for managing the ongoing development and maintenance of HealthEquity’s privacy program, including the development of policies, procedures, privacy controls, training, privacy reviews, and cross-functional business initiatives related to data privacy. This role will work closely with security, legal, compliance, and stakeholders across the company to research, develop, and implement privacy processes, procedures and use cases to ensure compliance with applicable privacy laws, regulations, company policies, and best practices.

What you’ll be doing 

• Manage day-to-day operation of assigned privacy program workflows, including intake, triage, documentation, evidence management, issue tracking, and escalation support.
• Lead day-to-day coordination of the privacy workstream for incidents, including fact gathering, privacy impact analysis support, documentation, and remediation tracking.
• Serve as a primary privacy point of contact for assigned business initiatives and operational privacy matters, coordinating with Security, Legal, and Compliance as appropriate.
• Lead and support information-gathering efforts related to HealthEquity’s complex data environment and apply new or changing privacy practices to new and existing processes and controls.
• Develop and maintain expertise in applicable state and federal privacy laws and regulations, including those involving employee and consumer data privacy, information security, and cybersecurity, as relevant to HealthEquity.
• Maintain policies, procedures, standards, templates, playbooks, and review standars to ensure company compliance, as well as manage the implementation of applicable existing and upcoming privacy laws (CPRA, state laws, federal laws).
• Conduct companywide privacy assessments (NIST, HIPAA, GLBA, etc.) and support Privacy Impact Assessment (PIAs) program for personal data processing activities.
• Identify privacy controls and manage privacy risks; assess control effectiveness and manage risks to the confidentiality of sensitive data including personal information (PII/PHI/NPI).
• Develop training and awareness materials educating workforce on key privacy concepts, controls, and standards for ensuring the confidentiality of sensitive data.
• Conduct privacy review of vendor, partner, client, and data-sharing arrangements, documenting risk positions.
• Assess vendor and software technologies and applications for privacy risks and compliance.
• Support implementation of privacy tooling, automation, and workflow improvements that improve consistency, evidence quality, and program scalability.
• Maintain “regulator-ready” toolkits for response to regulator inquires.
• Work with Product and HR teams to implement compliance (Privacy by Design) across all consumer and worker touchpoints and back-end systems.
• Own or support day-to-day individual rights request operations, including intake, workflow coordination, quality checks, documentation, and SLA tracking.
• Maintain operational dashboards, metrics, and reporting inputs for privacy reviews, requests, incidents, remediation items, and third-party oversight.
• Support audits, regulatory inquiries, client diligence, and internal assurance activities through strong evidence and documentation.

What you will need to be successful

• Bachelor’s Degree, focus on technology or a related field is required.
• Juris Doctorate strongly preferred.
• 8+ years of professional experience in a role involving privacy, legal, or compliance, preferably in a technology setting or highly regulated industry.
• Strong understanding of HIPPA, GLBA, privacy-by-design, data governance, data lifecycle management, and risk-based privacy practices.
• Ability to translate legal, regulatory, and policy requirements into operational processes, controls, templates, and practical guidance.
• Experience conducting privacy assessments and documenting risks, mitigations, exceptions, and remediation actions.
• Working knowledge of data inventories, mapping, classification, minimization, retention, deletion, and secure data handling.
• Experience supporting vendor, partner, and data-sharing reviews, including API-based integrations and third-party privacy diligence.
• Comfort working with automation and AI-assisted tools, including agentic AI capabilities, in a controlled and responsible manner to improve consistency, efficiency, and scalability of privacy operations.
• Familiarity with privacy issues related to AI, machine learning, advanced analytics, and AI-enabled workflow tools, including appropriate governance and human oversight.
• Experience using platforms such as Graphite Connect, OneTrust, AuditBoard, Salesforce, or similar tools to manage assessments, issues, evidence, remediation, and reporting.
• Strong judgment, stakeholder management, and professional presence, with the ability to communicate clearly and credibly on complex or high-visibility matters.

#LI-Remote

This is a remote position.

Salary Range

Benefits & Perks

The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:  

• Medical, dental, and vision 

• HSA contribution and match 

• Dependent care FSA match 

• Uncapped paid time off 

• Paid parental leave 

• 401(k) match 

• Personal and healthcare financial literacy programs 

• Ongoing education & tuition assistance 

• Gym and fitness reimbursement 

• Wellness program incentives 

Onboarding & Travel

This is a remote role, with an in-person onboarding training component. New team members must participate in Trailhead, HealthEquity’s immersive onboarding experience Trailhead is designed to foster meaningful connections, support your integration into the organization, and equip you with a strong understanding of our business. Trailhead participation is a key expectation of this role. Trailhead is held onsite at our headquarters once per quarter. HealthEquity covers all required travel and accommodations. 

This role may begin with a virtual, self-paced onboarding experience, followed by a mandatory onsite Trailhead session at a later date.

HealthEquity is committed to providing reasonable accommodations to team members with qualifying disabilities. Should you be selected for this role and require an accommodation, we will put you in touch with our Benefits Team so you can begin the accommodation request process.

Why work with HealthEquity 

HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. Click here to learn more. 

You belong at HealthEquity!

HealthEquity, Inc. is an equal opportunity employer, and we are committed to being an employer where no matter your background or identity – you feel welcome and included. We ensure equal opportunity for all applicants and employees without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics. HealthEquity is a drug-free workplace. For more information about our EEO policy, or about HealthEquity’s applicant disability accommodation, drug-free-workplace, background check, and E-Verify policies, please visit our Careers page.

HealthEquity uses Microsoft Copilot to transcribe screening interviews between candidates and their direct Talent Partner for note taking and interview summaries. By scheduling a screening interview with us, you consent to Microsoft Copilot’s AI technology recording and transcribing your interview with your Talent Partner. This information will be reviewed for accuracy and then used by HealthEquity to summarize the interview, ensure accuracy, and facilitate our hiring process. We take privacy seriously. You have the option to opt out. If you wish to opt out of this Microsoft Copilot transcription, please notify your Talent Partner in advance of the interview. If we do not receive an opt-out request from you, we will assume that you consent to the use of Microsoft Copilot.

At HealthEquity, our goal is to save and improve lives by empowering healthcare consumers. This shared purpose inspires everything we do, including how we approach hiring. Our process is designed to get to know the real you: your skills, experiences, and potential to make a difference. We value honesty, originality, and the courage to do the right thing, even when it is not the easiest path. Showing up as your authentic self reflects these values and helps us build something truly remarkable together.

As AI is becoming a common tool throughout the application process, we want to be clear about its appropriate use at HealthEquity. Using AI to support resume writing, research, or interview preparation is perfectly acceptable, provided the content is accurate and genuinely represents your qualifications and skills.  For other key parts of our interview process, however, it is important that the ideas, communication, and work you share reflect your own voice, experiences, and thinking. We ask that you participate in our live interviews and complete any assessments without AI assistance unless instructions explicitly indicate otherwise or a specific exception is discussed and approved in advance. This approach ensures fairness, celebrates your individuality, and allows your authentic perspective to shine. Behaviors that do not align with these guidelines may result in disqualification from the hiring process or termination of employment if later discovered. We appreciate your understanding and look forward to learning about the unique contributions only you can bring to HealthEquity.

HealthEquity is committed to your privacy as an applicant for employment.  For information on our privacy policies and practices, please visit HealthEquity Privacy.