Job Details

Position Summary

UTHealth Houston's Information Technology group is seeking a candidate for the Assistant or Deputy Privacy Officer role to support the enterprise-wide privacy program. The position involves coordinating privacy compliance, risk assessment, policy development, training, incident response, and data governance. Responsibilities include monitoring adherence to federal, state, and international privacy laws (HIPAA, FERPA, GDPR), managing privacy requests, overseeing third‑party compliance, and coordinating organization‑wide training and awareness. The ideal candidate will have strong project management, communication skills, a deep understanding of privacy laws, and experience in higher education or healthcare settings. Preferred qualifications include advanced degrees or certifications in privacy and data confidentiality.

What We Do Here Changes the World

UTHealth Houston is Texas' resource for healthcare education, innovation, scientific discovery, and excellence in patient care. That's where you come in.

Benefits & Rewards

Our total rewards package includes benefits you'd expect from a top healthcare organization, plus:

• 100% paid medical premiums for full‑time employees
• Generous time off (holiday, preventative leave day, vacation, sick time – around 37‑38 days per year)
• Longer tenure accrues more vacation
• Longevity Pay (monthly payments after two years of service)
• Retirement/pension plan

Employee wellness services include:

• Free financial and legal counseling
• Free mental health counseling services
• Gym membership discounts and wellness program access
• Employee discounts (entertainment, car rentals, cell phones, etc.)
• Child and elder care resources
• Plus many more!

Key Accountabilities

• Provides guidance and support to stakeholders on privacy laws, policies, and processes.
• Regularly reviews data processing activities to identify potential privacy risks and ensures compliance with laws and internal policies.
• Coordinates, develops, and implements the university's privacy and data confidentiality compliance policies and standards.
• Plans, develops, and implements privacy training programs, notifications, and communications.
• Integrates privacy considerations into business operations with internal and external partners.
• Investigates and responds to potential data breaches or privacy incidents, reporting to relevant authorities when necessary.
• Maintains current knowledge of applicable federal and state privacy laws and monitoring advancements in privacy technologies.
• Coordinates privacy and information governance efforts, including data inventory projects.
• Conducts data privacy risk assessments and manages data subject access requests, corrections, and deletions.
• Reviews third‑party contracts to ensure compliance with data privacy requirements.
• Manages HR activities of the department (recruitment, hiring, training, performance evaluations, salary planning).
• Performs other duties as assigned.

Certification & Skills

• Understanding of compliance and policies in higher education or healthcare settings.
• Demonstrated knowledge of privacy laws and regulations.
• Excellent oral and written communication skills.
• Exceptional organizational and project management skills.
• Innovative, forward‑thinking, results‑oriented problem‑solving.
• Strong collaboration skills across all levels.
• Knowledge of FERPA, HIPAA, GDPR, state medical records privacy laws, and related regulations.
• Licensed attorney by the State Bar of Texas (preferred).

Minimum Education

Bachelor's Degree in a related field required. Graduate of an education program approved by the credentialing body for the required credential(s). Law or related field preferred. Education may be substituted with equivalent years of experience beyond the minimum experience requirement.

Minimum Experience

At least 6 years of experience with privacy and data confidentiality compliance, or equivalent experience. Experience as an investigator/administrator with the ability to read, understand, and explain law and policy is preferred.

Physical Requirements

• Exerts up to 10 pounds of force occasionally and/or a negligible amount frequently to move objects.

Security Sensitive

• 51.215 and Texas Government Code
• 411.094. To the extent that a position requires the holder to research, work on, or have access to critical infrastructure as defined in Texas Business and Commerce Code.
• 117.001(2), the ability to maintain the security or integrity of the infrastructure is a minimum qualification to be hired for and to continue to be employed in that position.
• 791.4.

Residency Requirement

Employees must permanently reside and work in the State of Texas.