Privacy Program Manager

About Carrot:

Carrot Fertility is the leading global fertility and family-building platform providing care for everyone, everywhere. Trusted by more than a thousand multinational employers, health plans, and health systems, Carrot's comprehensive clinical program delivers industry-leading cost savings for employers and award-winning experiences for millions of people worldwide. From maternity through menopause and pre-pregnancy through parenting, Carrot is dedicated to expanding access and improving outcomes. Carrot empowers members with compassionate, personalized, and inclusive support.

The Role: 

In this role, you will lead Privacy Impact Assessments (PIAs) alongside Legal and Data teams, ensuring privacy risks in new products, technologies, and vendor relationships are mitigated, and security controls are integrated into business operations. You will manage data subject requests (DSRs) related to privacy inquiries from Carrot Members and Customers, collaborating with internal stakeholders and external vendors. Additionally, you will oversee audits of Carrot’s database to meet business and regulatory requirements for account and data deletion requests.

•  

  Key responsibilities include:

  • Managing the Vendor Security Review (VSR) program to assess third-party vendors' security.
  • Leading the development and implementation of Carrot’s data retention program.
  • Configuring and maturing tracking cookie banners and consent workflows to ensure compliance.
  • Contributing to security and privacy audits.
  • Developing training materials to inform teams of data handling responsibilities.
  • Continuously improving privacy and security practices, policies, and standards.

The Team: 

We are a team of dedicated security, compliance, and privacy professionals focused on securing Carrot’s data across its domestic and international locations and operations. Our team is also responsible for responding to security incidents, Customer and Member inquiries, and auditor requests to meet Carrot’s business objectives and contractual commitments.

Minimum Qualifications: 

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
• 5+ years of experience in information security, data privacy, or a related field, preferably within the healthcare industry.
• In-depth knowledge of domestic and international privacy regulations, including:
• California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
• My Health My Data Act (MHMDA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Confidentiality of Medical Information Act (CMIA)
• General Data Protection Regulation (GDPR)
• Understanding of security principles (e.g., encryption, access control, data anonymization / pseudonymization / masking) critical to implementing privacy-by-design strategies.
• Experience operationalizing security and privacy controls in healthcare or other highly regulated environments.

Preferred Qualifications:

• Relevant professional certifications, such as:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Privacy Professional (CIPP)
• Certified Information Privacy Manager (CIPM)
• Certified Information Security Manager (CISM)
• Certified in Healthcare Privacy and Security (CHPS)
• Experience implementing a global data retention schedule framework.
• Experience managing and/or implementing privacy enhancing technologies (PETs), including OneTrust, TrustArc, and BigID.
• Strong understanding of adtech principles, including the use of cookies, tracking pixels, and other digital marketing technologies, in the context of data collection, user consent, and targeted advertising.
• Knowledge of organizational data and infrastructure solutions, such as:
• Microsoft Azure
• Amazon Web Services
• Snowflake

Key Skills:

• Proven experience in developing compliance frameworks and leading privacy initiatives as part of a security-focused team.
• Excellent communication and leadership skills to work with both technical and non-technical team members.
• Ability to disseminate and translate complex regulatory requirements into actionable business requirements, organizational controls, and roadmap tasks.
• Passionate about and current in consumer data privacy and fertility and family forming health care.

Compensation: 

Carrot offers a holistic Total Rewards package designed to support our employees in all aspects of their life inside and outside of work, including health and wellness benefits, retirement savings plans, short- and long-term incentives, parental leave, family-forming assistance, and a competitive compensation package. The starting base salary for this position will range from $110,000-$135,000. Actual compensation may vary from posted base salary depending on your confirmed job-related skills and experience.

Why Carrot?

Carrot has received national and international recognition for its pioneering work, including Best Diversity, Equity, & Inclusion Product from the Anthem Awards, Fast Company's Most Innovative Companies, CNBC's 100 Barrier Breaking Startups, and more. Carrot is regularly featured in media reporting on issues related to the future of work, women in leadership, healthcare innovation and diversity, equity, and inclusion, including MSNBC, The Economist, Bloomberg, The Wall Street Journal, CNBC, National Public Radio, Harvard Business Review, and more. 

Carrot teams span more than 40 states across the United States and dozens of countries around the world. Carrot has received numerous workplace awards, including Fortune's Best Workplaces in Healthcare, Quartz’s Best Companies for Remote Workers, and Great Place to Work and Age-Friendly Employer certifications. Learn more at carrotfertility.com.