Director, HIPAA Security & Regulatory Officer


Full Time Executive-level / Director
Planned Parenthood logo
Planned Parenthood
Planned Parenthood Federation of America is a nonprofit organization that provides sexual health care in the United States and globally.
Apply now Apply later

Planned Parenthood Federation of America (PPFA) is the national umbrella organization for the nation’s leading network of women’s health care providers, educators, and advocates, serving women, men, teens and families. Planned Parenthood Action Fund (PPAF) is the advocacy and political arm of PPFA. For over 100 years, Planned Parenthood has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions.  
Planned Parenthood Federation of America (PPFA) and Planned Parenthood Action Fund (PPAF) seeks a HIPAA Security & Regulatory Director. This job reports to the Senior Director, Shared Services in the Information Security Department of PPFA. The Information Security Department provides information security policies, procedures, and technical systems in order to maintain the confidentiality, integrity, and availability of all organizational healthcare information systems and their associated data.


  • The HIPAA Security & Regulatory Director is responsible for the ongoing management of information security policies, procedures, and technical systems in order to maintain the confidentiality, integrity, and availability of all organizational healthcare information systems and their associated data. The HIPAA Security & Regulatory Director is responsible for reviewing existing and pending State and Federal legislation related to Privacy and Security, company policies, and advising management on possible risks, and works closely with the HIPAA Privacy Officer/Privacy Officer and the Corporate Compliance Officer to achieve the goals of PPFA. This role provides subject matter expertise to elements of the National, Affiliates, Ancillaries, and trusted business partners.


  • Responsible for achieving and maintaining a level of subject matter expertise related to HIPAA Security with a thorough familiarity with HIPAA Privacy, and general Privacy tenets. Maintains working knowledge of both Federal and State legislative and regulatory initiatives affecting Privacy and Security at the National Office, its Affiliates, and its Ancillaries. Interprets and translates requirements for regulation implementation and compliance.
  • Coordinates an annual information security gap analysis against PHI and HIPAA security requirements. This includes an assessment of current industry risk to ensure appropriate mitigation strategies.
  • Integrate with third-party risk management team to ensure vendor risks are identified and appropriately mitigated
  • Monitors the following regulatory bodies: ○Health and Human Services ○ Health and Human Services, Office of Civil Rights ○ Health and Human Services, Office of the National Coordinator ○ Federal Trade Commission ○ Food and Drug Administration ○ Payment Card Industry Data Security Standards Council
  • Monitors the following federal legislation: ○ HIPAA (both Privacy and Security)○21st Century Cures Act ○ Family Educational Rights and Privacy Act (FERPA) ○ PCI DSS ○ State legislation (i.e., CCPA, NY Shield Act, etc.)
  • Will serve as the HIPAA Security Officer for PPFA.
  • Monitors security framework bodies for trends (NIST, HITRUST, CIS, SANS, etc.).
  • Develops and maintains the HIPAA Security manual and related materials in conjunction with HIPAA Privacy and Corporate Compliance Officer.
  • Ensures the ongoing integration of information security requirements and best practices with business strategies and operations.
  • Establishes with management and operations a mechanism to track access to protected health information on both a proactive and retroactive basis, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
  • Supports and advises the cyber incident management team and crisis management team during incidents involving breaches of PHI, PCI, and PII.
  • Supports investigations of information security violations and computer crime in conjunction with OGC and Global Security Service (GSS). Works effectively with the PPFA Office of General Counsel and Human Resources, and external law enforcement to resolve these instances.
  • Reviews instances of noncompliance and works effectively to correct deficiencies.
  • Coordinates with the Information Security Awareness Team regarding training initiatives to educate the workforce about information security and HIPAA.
  • Works with PPFA, vendors, outside consultants, and other third parties as necessary to provide consultation guidance and best practices on information security controls within the Affiliate.


  • Works closely with the Privacy Officer and Corporate Compliance Officer.
  • Advises the CISO, OGC Privacy Officer, Office of General Counsel staff, and the Corporate Compliance Officer regarding matters related to information security (both paper and electronic-based).
  • Serves as a liaison between the National Office and Affiliates/Ancillaries regarding HIPAA and other regulations.
  • Coordinates with the Information Security Awareness Team regarding training initiatives to educate the workforce about information security and HIPAA.
  • Serves as a member of the PPFA Risk Management Committee.
  • Works with organization administration, legal counsel, and other related parties to represent the organization’s information security interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standards.
  • Manages the Affiliate HIPAA Security Committee.
  • Publishes the monthly HIPAA Security Newsletter.

Knowledge, Skills, and Abilities (KSAs)

  • Knowledge:
  • Bachelor’s degree and 6+ years of broad-based Privacy and Security and previously stated regulations experience or 12+ years experience of broad-based Privacy and Security and previously stated regulations experience.
  • Expertise in HIPAA Privacy and Security and related Acts (e.g. 21st Century Cures Act, etc.)
  • Familiarity with information technology platforms used in healthcare entities and their potential risks and vulnerabilities.
  • Expertise in the following areas: enterprise program management leadership with a proven track record of delivery success as measured by customer satisfaction.
  • Experience in the healthcare industry is required and Affiliate experience is a plus.
  • CHPS, HCISPP, CIPP Certifications are required.
  • Knowledge of modern information security technologies and vendor solutions to include but not limited to strong authentication, network security, endpoint security,
  • cloud/SaaS/PaaS security, security information and event management, SSDLC, mobile security, privacy, and regulatory compliance.
  • Skills:
  • Extremely strong oral and written communications skills.
  • Solid service delivery experience in a cross-functional environment is required.
  • Strong executive presence, communication, and collaboration skills with Senior Leadership
  • Conducting webinars and public speaking.
  • Business management skills (budgeting, planning, presentation development, organization theory, quality management) are required.
  • Abilities:
  • Experience leading, coordinating vendor solution delivery and partnering effectively with vendors to meet affiliate and PPFA business needs.
  • Program and project management methodology experience.
  • Experience with information security frameworks: HIPAA, PCI DSS, NIST CSF, ISO 27001, HITRUST CSF.


  • Up to 10% travel on occasion. This position is a remote position.
This job description is not intended to be all inclusive. The employee will also perform other reasonable duties as assigned by the supervisor or other management.
Management reserves the right to amend job responsibilities, duties and orders as needsprevail. This document is for management communication only and is not intended to imply a written or implied contract of employment.
Starting Salary: $150K
Final offers for this job will be based on capabilities and will be made within the parameters of the PPFA compensation program. Total offer package to include generous vacation + sick leave + paid holidays, individual/family provided medical, dental and vision benefits effective day 1, life insurance, short/long term disability, paid family leave and 401k. We also offer voluntary opt in for Flexible Spending Account (FSA) and Transportation/Commuter accounts.   
We value a truly diverse workforce and a culture of inclusivity and belonging. Our goal is to attract qualified candidates and encourage applications from all individuals without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law.  We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.
PPFA participates in the E-Verify program and is an Equal Opportunity Employer
Job region(s): Worldwide/Anywhere
Job stats:  0  0  0
  • Share this job via
  • or

Explore more Remote Work and WFH career opportunities