Skip to main content

Chief Privacy Officer and Compliance Director (6060U), Ethics, Risk & Compliance Svcs 66177

University of California, Berkeley
San Francisco

Job Details

Chief Privacy Officer and Compliance Director (6060U), Ethics, Risk & Compliance Svcs 66177 About Berkeley

At the University of California, Berkeley, we are committed to creating a community that fosters equity of experience and opportunity, and ensures that students, faculty, and staff of all backgrounds feel safe, welcome and included. Our culture of openness, freedom and belonging make it a special place for students, faculty and staff.

The University of California, Berkeley, is one of the world's leading institutions of higher education, distinguished by its combination of internationally recognized academic and research excellence; the transformative opportunity it provides to a large and diverse student body; its public mission and commitment to equity and social justice; and its roots in the California experience, animated by such values as innovation, questioning the status quo, and respect for the environment and nature. Since its founding in 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world.

We are looking for equity-minded applicants who represent the full diversity of California and who demonstrate a sensitivity to and understanding of the diverse academic, socioeconomic, cultural, disability, gender identity, sexual orientation, and ethnic backgrounds present in our community. When you join the team at Berkeley, you can expect to be part of an inclusive, innovative and equity-focused community that approaches higher education as a matter of social justice that requires broad collaboration among faculty, staff, students and community partners. In deciding whether to apply for a position at Berkeley, you are strongly encouraged to consider whether your values align with our Guiding Values and Principles, our Principles of Community, and our Strategic Plan.

At UC Berkeley, we believe that learning is a fundamental part of working, and our goal is for everyone on the Berkeley campus to feel supported and equipped to realize their full potential. We actively support this by providing all of our staff employees with at least 80 hours (10 days) of paid time per year to engage in professional development activities. To find out more about how you can grow your career at UC Berkeley, visit

Departmental Overview

The Office of Ethics, Risk, and Compliance Services (OERCS) serves as an independent, objective resource to the Chancellor, the Compliance & Enterprise Risk Committee (CERC), and the campus community. Reporting to the Chief Ethics, Risk and Compliance Officer (CERCO), OERCS is responsible for coordinating and monitoring the University's ethics, risk and compliance activities, and for developing a culture of accountability in which risk assessment and risk management (mitigation) are part of all campus practices and decision making activities. It will assist functional managers with mitigating material risks, complying with laws, regulations, and policies, and adhering to the ethical standards of the University.

As a key member of the Office of Ethics, Risk, and Compliance Services (OERCS) reporting to the Deputy Compliance Officer within the Chancellor's Office, the Compliance Director and Chief Privacy Officer (“Privacy Officer”) is responsible for ensuring UC Berkeley's commitment to protecting the privacy of personal information of research subjects, faculty, staff, students and other members of the community, including compliance with FERPA, HIPAA, GDPR, and other policies, state, federal, and international laws and regulations. The Privacy Officer updates and consults on UC Berkeley's policies relating to privacy, anticipating and preparing for emerging issues and new privacy laws and regulations. In collaboration with other campus partners, the Privacy Officer plays a key role in areas such as information security, data privacy classification, research compliance, vendor contract review, data access and deletion requests, records management, and website privacy. The Privacy Officer participates in designing the campus response to privacy breaches and any other related incidents.

The Privacy Officer is responsible for collaboratively developing, implementing, and administering a unified privacy program for the Berkeley campus, and must be able to affect organizational change within the University context of complex information technology infrastructure and operations, and shared governance, mission, and values. The Privacy Officer will work independently on privacy related projects of diverse scope that require the development of innovative strategies for implementing compliance communication, training, and policies and procedures relating to privacy, including areas such as health information, human subjects research, emerging technology, and more.

The Privacy Officer plays a leadership role in a number of strategic committees, including the Compliance and Enterprise Risk Committee (CERC) , the Information Risk Governance Committee (IRGC) (as co-chair, and as lead of the subcommittee focused on privacy), and other IT and/or campus-wide and UC system-wide committees.

Infusing understanding and use of the UC privacy values and principles across the community in routine academic and administrative operations is fundamental to meeting the challenge of shifting expectations, new laws, and emerging technologies. A key responsibility of the Chief Privacy Officer is addressing this need, whether in clarifying the boundaries of personal privacy (which is at the heart of the complex issue of the commingling of University information with personal information) or in promulgating the expectation that University privacy and information security principles extend to relationships with partners and collaborators.


Privacy risk monitoring
  • As lead of the campus privacy program, oversees the assessment and reporting of privacy risks at the campuswide, control unit, or Department levels.
  • Determines significant operational and control risks, implements appropriate process improvements and best practices, and manages campus communications structure to improve control environment.
  • Assesses and inventories data access/use policies and practices of the campus on a rolling basis at the campus, unit, or department level, as appropriate.
  • Advises and facilitates support to control units and Departments in the development of their privacy risk response programs as well as in the incorporation of privacy risk assessments into their initiatives or projects.
  • Identifies and assesses new or emerging risks, monitors how campus risks are changing over time, and performs control-­gap analyses to help in management's risk response.

Privacy policy compliance lead
  • Oversees Privacy and Online Monitoring Policy to ensure monitoring policies are enforced and do not deviate from best practices and established norms.
  • Directs and participates in the development, implementation, and ongoing compliance monitoring of various agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
  • Works with administration, legal counsel, faculty and other related parties to represent the organization's information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.
  • Cooperates with the U.S. Department of Health and Human Service's Office for Civil Rights, State regulators and/or other legal entities in any compliance reviews or investigations.
  • Serves as UC systemwide Privacy Officer designee.

Campus coordination
  • Proposes, leads and / or participates on policy and planning committees and working groups.
  • Stays abreast of activities and initiatives across campus that may have the potential to affect the campus risk profile.
  • Collaborates with Chief Information Security Officer (CISO) and others regarding information systems and electronic systems to protect privacy.
  • Prepares reports for the Compliance, Enterprise Risk Committee (CERC) and Information Risk Governance Committee (IRBC).
  • Co-chairs the Information Risk Governance Committee and General Data Protections Regulations working group.

Privacy breach management
  • Performs required breach risk assessment, documentation, and mitigation. Directs and coordinates HIPAA or privacy breach and incident notification activities. Works with legal counsel and other relevant offices to administer a robust process for receiving, documenting, tracking, investigating, and acting on all complaints concerning violations of privacy policies.

Education and awareness
  • Works within the organization and system-wide to achieve awareness of privacy responsibilities.
  • Directs, delivers, or ensures delivery of privacy compliance training to appropriate campus parties (faculty, staff, students), including clinical practice personnel and management faculty and students, and other appropriate third parties.
  • Assists campus departments with building expertise in privacy laws, policies and best practices. Networks with colleagues at other like institutions to understand and promulgate best practices.
  • Serves as a resource on good privacy configurations and controls. Communicates complex privacy Principles, concepts and regulations in simple and actionable terms.

Electronic Communications
  • As the Electronic Communications Policy (ECP) designated campus officer, partners with IT in the administration of the campus- privacy implementing guidelines for the ECP. Provides interpretative guidance to the campus on ECP.
  • Oversees the nonconsensual access review process, ensuring that access complies with policy and law, that access requests are appropriately documented and approved, and that appropriate notifications are sent. Coordinates with risk services and legal counsel on ECP issues as appropriate.

HIPAA Compliance
  • As designated campus HIPAA liaison, has oversight of campus-wide HIPAA compliance. Performs periodic health information privacy risk assessments and conduct related ongoing compliance monitoring activities.
  • Works with University personnel involved with any aspect of release of protected health information, to help ensure full coordination and cooperation under UCB's policies and procedures and legal requirements.
  • Establishes with management and operations a mechanism to track access to protected health information within the purview of the University of California System as required by law and to allow qualified individuals to review or receive a report on such activity.
  • Serves as a subject matter expert to local Practice HIPAA Officers of health entity on Privacy and Security compliance internal controls, policies, procedures and best practices.
  • Serves on Healthcare and Security Compliance committee in the review of annual “checklist of HIPAA compliance activities” and reporting responsibilities.

Records management
  • As Privacy Information Steward and Records Management Coordinator, the Privacy Officer coordinates and advise on the campus Information, Privacy, and Records Management Program that includes policy, procedures, best practices, and training modules to enhance campus compliance with the Information Practices Act (IPA), Freedom of Information Act (FOIA), Family Education Records Privacy Act (FERPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other legislation and University policy pertaining to the access to and privacy, integrity and disposition of, information and records under UCB's stewardship.
  • Serves as a consultant for campus departments evaluating their record management, retention and disposition practices.
  • Provides relevant tools and resources for Business Officers and record proprietors.
  • Interprets information management policy and legislation, providing advice to senior management, faculty, managers, supervisors, information technology/systems developers and administrators, academic and nonacademic staff, students, media, and the public.
  • Stays current in information and records management principles, regulations, and best practices for higher education through reading, professional associations, collaboration, and training.
  • Works collaboratively with clinical and other applicable organization units in overseeing patient rights to inspect, amend, and restrict access to protected health information when appropriate.

Required Qualifications
  • Expert knowledge of the ethics and compliance profession, theories and systems of internal control, and professional compliance and investigations standards.
  • Extensive privacy and compliance experience required.
  • Expert knowledge and experience in the following areas: FERPA, HIPAA, Confidentiality of Medical Information Act (CMIA), California Consumer Privacy Act , California Online Privacy Protection Act (CalOPPA), GDPR, federal and state and applicable international privacy laws.
  • Expert knowledge of organizational ethics and compliance policies, procedures and programs. Demonstrated grasp of ROI concepts.
  • Technical expertise regarding information systems sufficient to coordinate, consult, and collaboration with the Chief Information Security Officer and others regarding electronic systems to protect privacy.
  • Expert interpersonal skills, service orientation, and active listening skills; highly effective team leadership skills to motivate without direct authority.
  • Highly developed ability to concisely present complex risk findings and make recommendations verbally and in writing.
  • Expert analytical skills; ability to gather, organize, analyze, and report on issues and recommendations that are complex in nature. Ability to apply policy and legal concepts to issues.
  • Excellent skills in complex decision making on critical issues.
  • Excellent skills in presenting information in a thorough and complete manner.
  • Ability to multi-task with demanding timeframes. Self-starter, motivated, disciplined and diplomatic professional with enthusiasm for collaborative compliance work and a strong work ethic.
  • Extensive background and significant experience in the area of privacy and/or regulatory compliance.

Preferred Qualifications
  • University experience preferred.
  • Juris Doctorate or other relevant advanced degree.
  • Relevant certification, such as Certified Information Privacy Professional (CIPP), Certified Compliance and Ethics Professional (CCEP), or Certified HIPAA Professional (CHP)

Salary & Benefits

For information on the comprehensive benefits package offered by the University, please visit the University of California's Compensation & Benefits website.

Under California law, the University of California, Berkeley is required to provide a reasonable estimate of the compensation range for this role and should not offer a salary outside of the range posted in this job announcement. This range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to experience, skills, knowledge, abilities, education, licensure and certifications, analysis of internal equity, and other business and organizational needs. It is not typical for an individual to be offered a salary at or near the top of the range for a position. Salary offers are determined based on final candidate qualifications and experience.

The budgeted salary that the University reasonably expects to pay for this position is $150,000.00 to $200,000.00 annually.

The full salary range for this position classification is $117,000.00 to $226,000.00

How to Apply

To apply, please submit your resume and cover letter.

Conviction History Background

This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.

Mandated Reporter

This position has been identified as a Mandated Reporter required to report the observed or suspected abuse or neglect of children, dependent adults, or elders to designated law enforcement or social service agencies. We reserve the right to make employment contingent upon completion of signed statements acknowledging the responsibilities of a Mandated Reporter.

Equal Employment Opportunity

The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. For more information about your rights as an applicant, please see the U.S. Equal Employment Opportunity Commission poster.

For the complete University of California nondiscrimination and affirmative action policy, please see the University of California Discrimination, Harassment, and Affirmative Action in the Workplace policy.

To apply, visit

Copyright ©2024 Inc. All rights reserved.

Posted by the FREE value-added recruitment advertising agency



Get job alerts

Create a job alert and receive personalized job recommendations straight to your inbox.

Create alert