At UPMC, we are committed to keeping our community safe and healthy as the COVID-19 pandemic unfolds. As our team continues to provide Life Changing Medicine to our patients, our recruiters will continue to fill positions throughout this time. Interviews and other processes may be modified to protect the safety of our candidates and employees. Thank you for your patience.

For more information about UPMC's response to COVID-19, please visit

UPMC Life Changing Medicine
Search Our Jobs

   Current UPMC employees must apply in HR Direct

AVP Information Governance & Chief Privacy Officer


The Associate Vice President (AVP), Information Governance & Privacy reports to the Senior Vice President, Chief Risk, Compliance & Ethics Officer and strategically and operationally leads the development, implementation and management of a robust and effective set of Data Privacy and Information/Data Governance Programs for UPMC's large and growing Insurance Services Division.  Overseeing and working with each relevant team and functional leader, this position strategically leads, facilitates and ensures compliance with all relevant and applicable laws, regulations, contractual agreements, standards and requirements in a manner that continually supports the business and operational areas across the wide array of highly diversified products and lines of business at UPMC Insurance Services.  The role also strategically enables and ensures that our various information/data governance and privacy processes, controls, practices and activities are soundly and effectively operating in a manner that strengthens and facilitates our business and operational objectives, in close partnership and collaboration with other leaders and business/functional areas.

  • Strategizes, leads and ensures compliance with all relevant and applicable laws, regulations, contractual requirements, standards and practices for all relevant stakeholders, both internal and external to the organization (including regulatory entities).
  • Develops, assesses and adapts clear and effective privacy and information/data governance policies, procedures, training, communications and awareness materials, campaigns, controls, and initiatives to ensure clear and consistent preventive, detective and remedial measures, understanding and practices throughout internal and external operations (including third-parties).
  • Develops, assesses and adapts clear and effective privacy and information/data governance monitoring, testing, reporting, auditing and sampling protocols, controls and channels to ensure the proper and timely detection of relevant issues.
  • Develops, assesses and adapts clear and effective remediation and corrective action initiatives, protocols and controls to ensure proper and timely improvements and compliance.
  • Keeps abreast of changing industry requirements and regulations, including all relevant laws, rules, contractual agreements, industry standards, company practices and initiatives.  Provides clear and effective reports to the relevant business, functional and operational areas, as well as other internal/external stakeholders, regarding new or prospective laws, regulations, contractual requirements, industry standards and best practices.
  • Oversees and directs annual and ongoing privacy and information/data governance training, as appropriate or warranted, to UPMC Insurance Services Division staff and applicable parties, both internal and external to the organization.
  • Oversees and directs regular gap analyses, risk assessments and program effectiveness assessments for the Privacy and Information/Data Governance Programs and functions, including all relevant and applicable activities.
  • Develops annual privacy and information/data governance strategic plans and objectives, based upon regular risk assessments and ongoing, data- and metrics-driven analyses, proactively identifying and utilizing the most recent and relevant industry/regulatory trends.
  • Leads and oversees the facilitation, monitoring and tracking of all relevant audits, assessments and reviews, whether internal or external, across the broad and diversified Insurance Services enterprise, including relevant responses, corrective actions and management action plans.
  • Leads and oversees the contracting, implementation and management of various third-party products and services, automated tools and otherwise, to facilitate and ensure robust and effective privacy and information/data governance activities.  This includes privacy and information/data governance (eGRC) software, data mining and analytics tools, consulting/law firms, and other such service providers.
  • Ensures strategic and operational partnership and collaboration with the business and operational areas, as well as with sibling Governance, Risk & Compliance (GRC) teams to leverage cross-departmental synergy and efficiencies.
  • Develops, chairs and leads privacy and information/data governance committees and working groups, ensuring that all relevant issues and data are appropriately and timely communicated, understood, aligned upon and actioned.
  • Owns and performs strategic planning, goal planning, budget planning and management, performance review, professional development, and all other executive-level managerial functions for the Privacy and Information/Data Governance Programs, functions and teams.
  • Represents UPMC Insurance Services Division with all relevant regulatory agencies, customers, stakeholders and entities regarding privacy and information/data governance reviews, inquiries, investigations and/or requests for information.
  • Develops and reports clear and relevant Privacy and Information/Data Governance Program metrics and dashboards to measure Program effectiveness and to proactively identify relevant trends and patterns across all Insurance Services lines of business.
  • Develops and delivers clear, effective and timely reports and updates for senior management and/or the Board regarding Privacy and Information/Data Governance Program effectiveness, initiatives and issues, including all relevant metrics, dashboards and information, across all Insurance Services lines of business.
  • Effectively lives, models, communicates and supports the values of UPMC and UPMC Health Plan. Performs in accordance with UPMC System-wide competencies and behaviors.
  • Performs other duties as assigned.


  • Bachelor's degree in Computer Science, Engineering, Statistics, Finance or a related field required. Additional relevant graduate degree(s) (e.g. Juris Doctor, M.B.A., Master's or PhD) preferred, but not required. CIPP, CIPP/IT/IS, Healthcare Privacy Compliance and/or other relevant privacy, information governance or data governance certification preferred.
  • Minimum of 12 years of broad-based and extensive privacy, information governance and/or data governance operational, compliance, legal and/or risk management (GRC) experience required, preferably in the health insurance and/or healthcare industries. Prior in-house operational, compliance, legal and/or risk management experience strongly preferred, particularly at a large- or medium-sized health plan. Pennsylvania-specific health insurance and/or managed care knowledge and experience preferred, but not required.
  • Minimum of 6 years of work experience in a substantive managerial/leadership role.
  • Successful experience in designing, building and leading highly effective privacy, information/data governance and/or other such corporate governance (GRC) programs from scratch and/or significantly enhancing such programs strongly preferred.
  • Strong industry subject matter expertise and wide-ranging knowledge of all relevant laws, regulations, contractual requirements, industry standards and best practices required. Strong understanding and knowledge of information/cyber security, IT (particularly healthcare IT) and data asset classification/ management preferred.
  • Strong acumen and understanding of healthcare, health insurance and managed health care industries and organizations required.
  • Excellent oral, listening and written communication skills.
  • Strong project management skills and experience required, particularly as it relates to managing and leading across large, complex and matrixed organizations.
  • Must have strong analytical and organizational skills as well as highly effective problem-solving capabilities to ensure that business plans and strategies do not subject the organization to legal, regulatory or contractual violations and/or undue risk or exposure.
  • Strong partnership-, relationship-, consensus- and coalition-building skills required, both within and across departments. Strong emotional intelligence and self-awareness required. Strong executive polish and presence required. The role requires a leader who strikes the optimal balance between strategically navigating the compliance requirements and business needs in a manner that is nuanced and mutually reinforcing.
  • Strong strategic, business, operational and leadership mindset and skills required. Highly consultative and partnership-oriented in approach. Strong and proven ability to successfully develop, foster and sustain high-performance cultures and highly engaged teams within and across departments and throughout the organization.
  • Strong and highly reliable judgment and discretion required. Strong ability to independently and self-sufficiently identify, navigate and successfully resolve various operational, compliance, risk management and regulatory issues.
  • Strong ethical compass and integrity capital required.

Licensure, Certifications, and Clearances:

UPMC is an Equal Opportunity Employer/Disability/Veteran

Total Rewards

More than just competitive pay and benefits, UPMC’s Total Rewards package cares for you in all areas of life &emdash; because we believe that you’re at your best when receiving the support you need: professional, personal, financial, and more.

Our Values

At UPMC, we’re driven by shared values that guide our work and keep us accountable to one another. Our Values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.

   Current UPMC employees must apply in HR Direct

Talent Network