Privacy Manager

Our healthcare system is the leading cause of personal bankruptcy in the U.S. Every year, over 50 million Americans suffer adverse financial consequences as a result of seeking care, from lower credit scores to garnished wages. The challenge is only getting worse, as high deductible health plans are the fastest growing plan design in the U.S.

Cedar’s mission is to leverage data science, smart product design and personalization to make healthcare more affordable and accessible. Today, healthcare providers still engage with its consumers in a “one-size-fits-all” approach; and Cedar is excited to leverage consumer best practices to deliver a superior experience.

Cedar is seeking an experienced Privacy Manager to join our Legal & Compliance Team.

The Privacy Manager will be responsible for developing, implementing, and maintaining Cedar’s privacy program, with a strong focus on HIPAA, PCI-DSS, and U.S. state privacy law compliance. This role will report directly to the Data Privacy Officer, and involve working closely with Cedar’s engineering, product, and security teams to embed privacy-by-design principles into Cedar’s products and services. The ideal candidate will possess a deep understanding of privacy regulations, data governance models, and data security best practices within the fintech and healthcare sectors.

• Develop, implement, and maintain the company's enterprise-wide data privacy program, including policies, procedures, and controls.
• Serve as the initial point of contact for most data privacy matters, providing guidance to internal teams on the privacy by design framework.
• Monitor and track all program development activities and progress.
• Conduct regular privacy risk assessments and impact assessments (PIAs/DPIAs) for new products, services, and processing activities.

• Ensure continuous compliance with all applicable federal, state, and international data protection laws, including but not limited to:
• Health Insurance Portability and Accountability Act (HIPAA) and HCH Act.
• Other state privacy laws (e.g., VCDPA, CPA, etc.).
• Oversee and manage responses to data subject access requests (DSARs) and other individual rights requests.

• Develop and update privacy policies, standards, and procedures.
• Ensure documentation of privacy controls and compliance activities.

• Develop and deliver privacy training programs for various Cedar teams, including Product, Client Managers, and Human Resources.
• Foster a culture of privacy awareness throughout the organization.

• Assist in internal and external audits related to privacy, HIPAA, PCI-DSS, and U.S. state privacy law compliance.
• Work with legal and security teams to respond to regulatory inquiries and ensure audit readiness.
• Help Cedar respond to client questions and diligence regarding Cedar’s privacy and security posture.

Lead and manage the privacy incident response process, including investigation, containment, notification, and remediation of potential privacy breaches.

Collaborate with Legal and Security teams to maintain an up-to-date and effective incident response plan.

Escalate critical privacy matters to the Data Privacy Officer and the executive leadership team.

• Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree preferred.
• Experience: At least 5 years of experience in data privacy, data protection, or data governance roles, with a significant focus on HIPAA and U.S. state privacy laws (e.g., CCPA). Previous experience in a fintech or healthcare technology environment.
• Certifications (Preferred): CIPP/US, CIPT, CISSP, or an equivalent privacy and security certification.
• Soft Skills: An enthusiasm for building a great privacy function in a company that’s still growing and scaling;
  Excellent communication and interpersonal skills, with the ability to articulate complex technical and privacy concepts to diverse audiences;
  Strong analytical and problem‑solving…