Lead Data Privacy Engineer
Role details
Job location
Tech stack
Job description
We are seeking a Lead Data Privacy Engineer to assist in leading our Data Protection Engineering, Monitoring, and Audit efforts. This role is responsible for embedding privacy by design principles into systems and processes, designing and maintaining technical controls to safeguard personal data (PII), and ensuring compliance with privacy regulations while supporting business objectives. The position requires a strong technical database background and deep knowledge of privacy laws and security and privacy frameworks, working closely with cross functional teams to maintain a robust data security & privacy posture.
What we expect of you -
- Drive strategy, planning, prioritizing, and execution of data security and privacy initiatives to protect unstructured and structured data in hybrid environments.
- Design and Implementation of Privacy Enhancing Technologies (PETs), lead privacy-preserving solutions planning, design, development, implementation, and monitoring.
- Drive and support technical components compliance/audit processes.
- Provide expert guidance on secure systems architecture, design and implementation in alignment with privacy engineering principles.
- Continuous monitoring of emerging technologies, regulatory developments and industry trends to recommend enhancements to organizational privacy posture. Develop and maintain data protection dashboard, metrics roadmap, and scorecards.
- Apply threat modeling and risk analysis methodologies to mitigate privacy and security risks. Facilitate risk-based approach to develop, manage, and maintain data protection controls.
- Collaborate with engineering, product, legal, and compliance teams to translate privacy and regulatory requirements (e.g., GDPR, CCPA, HIPAA) into technical designs, policies, and guardrails.
- Foster a privacy by design culture and embed privacy requirements into engineering documentation.
- Lead and contribute to enterprise data governance activities, including data discovery, classification, data loss prevention, audit, and incident response.
- Lead project teams of talented professionals to deliver data security capabilities.
Requirements
- 7+ years of hands-on experience in security engineering, privacy engineering, privacy enhancing technologies or related fields.
- 7+ years of experience with privacy and data protection regulations (GDPR, CCPA, HIPAA, etc.) and translating them into technical requirements.
- 5+ years of experience in one or more programming or scripting languages (e.g. Python, Java, Go, Rust, or similar).
- 5+ years of experience in designing and implementing cryptographic or data protection systems (e.g. encryption, tokenization, key management).
- 5+ years of experience in performing privacy threat modeling, data flow mapping, and conducting DPIAs/PIAs.
- 5+ years of experience in working in CI/CD environments, Infrastructure as Code (IaC), and automating security/privacy checks.
- 5+ years of data security technology experience, including data classification, DLP, insider risk, encryption, web content filtering and CASB., * Professional Certifications such as CDPSE, CIPP, CIPT, CIPM, CISSP, or equivalent.
- Experience with security controls alignment to key regulations like NIST, FIPS 140-2, ISO, HITRUST, HIPAA, PCI, CPRA, GDPR
- Experience supporting regulatory audits, investigations, or independent assessments.
- Experience building and scaling privacy platforms or features in a fast-paced environment (e.g. developing & automating processes, leveraging AI ML).
- Familiarity with Data Loss Prevention (DLP) systems and data mapping tools.
- Familiarity with cloud platforms (AWS, Azure, GCP) and various data technologies (SQL, NoSQL databases, data lakes, etc.).
- Experience implementing controls at scale in regulated environments.
- Experience aligning technical infrastructure with regulatory obligations.
- Hands-on experience with secure system architecture, data encryption, tokenization, access controls or secure API design.
- Experience in healthcare, insurance, or highly regulated industries.
- Strong analytical abilities, verbal/written communication, and interpersonal skills
- Demonstrated experience in secure system design and alignment with organizational/regulatory requirements.
- Excellent communication and ability to explain complex technical and legal concepts to diverse audiences., Bachelor degree from accredited university or equivalent work experience (HS diploma + 4 years relevant experience).
Benefits & conditions
$106,605.00 - $284,280.00
This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company's equity award program.
Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.
Great benefits for great people
We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.
This full-time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well-being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.
