Privacy Compliance Specialists

About Us: How many companies can say they have been in business for over 178 years?! Here at ZEISS, we certainly can! As the pioneers of science, ZEISS handles the ever-changing environments in a fast-paced world, meeting it with cutting edge technologies and continuous advancements. ZEISS believes that innovation and technology are the key to a sustainable future and solutions for global change. We have a diverse range of portfolios throughout the ZEISS family in segments like Industrial Quality & Research, Medical Technology, Consumer Markets and Semiconductor Manufacturing Technology. We are a global company with over 42,000 employees and have over 4,000 in the US and Canada alone! Make a difference, come join the team! This position is located in USA, remote in USA with US work authorization needed. Salary range could be based on location. What's the role? The Privacy & Compliance Manager will oversee privacy, data protection, and healthcare transparency compliance for ZEISS's U.S. Medical Technology businesses ("Meditec"). Reporting to the General Counsel, this role is responsible for the day-to-day operation of Meditec's privacy program while also leading U.S. federal and state aggregate spend / Open Payments (Sunshine Act) reporting activities. This position works closely with ZEISS's Corporate Data Protection Office, Compliance Operations, IT and Security, R D, Product Security, Finance, and external vendors to ensure regulatory compliance, data integrity, and effective risk management across our U.S. medical device and digital businesses. Sound Interesting? Here's what you'll do: Oversee the day-to-day operation of Meditec's U.S. privacy program, including development and maintenance of policies, procedures, training, and privacy governance documentation. Lead incident investigation and response, including breach assessment, remediation, and notifications to regulatory agencies and other stakeholders as required. Monitor and interpret international, federal, and state privacy and data protection laws (e.g., GDPR, HIPAA, CCPA/CPRA) and ensure Meditec's collection, retention, use, and disclosure of data comply with applicable requirements. Conduct routine audits and assessments of privacy and data protection practices; draft reports of findings and present recommendations for technical and operational improvements. Lead project management efforts for implementation of new privacy tools, controls, and processes. Draft, review and negotiate a broad range of privacy, information security, and product security agreements, including Business Associate Agreements (BAAs), Data Transfer Agreements, customer-supplied questionnaires, and cybersecurity documentation. Serve as a subject matter expert on privacy and data protection, providing guidance to product engineering, IT, security, and business teams. Act as a liaison with Meditec affiliates and ZEISS Corporate Data Protection Office as the Data Protection Coordinator. Develop and deliver privacy training and workforce education addressing the handling of PHI, PII, and confidential information to foster a privacy-aware culture. Manage and oversee U.S. federal and state Aggregate Spend / Open Payments reporting, including data collection, validation, remediation, and submission activities. Actively monitor and manage external vendors, ensuring accurate data aggregation from multiple source systems. Evaluate data quality issues and obtain additional information from internal stakeholders or third parties when required. Perform analysis related to Healthcare Professionals (HCPs), including license verification, CMS validation failures, and residency determinations. Prepare and review aggregate spend submission reports and determine completeness and accuracy for Meditec entities. Submit aggregate spend data through the CMS Open Payments Portal and support company officers during attestation. Investigate and resolve Open Payments disputes in collaboration with internal and external partners in accordance with federal guidelines. Review, route, approve, and release payment for commercial sponsorship requests, ensuring adherence to company compliance policies. Monitor and update sponsorship and transparency guidance as regulations and internal policies evolve. Support compliance-related audits, investigations, and training initiatives as directed by U.S. Compliance Counsel. Do you qualify? Bachelor's degree required Five (5) or more years of experience in data privacy / data protection Three (3) or more years experience in healthcare compliance (with focus on aggregate spend / Open Payments / Sunshine Act reporting). Strong understanding of GDPR, HIPAA, CCPA/CPRA, and healthcare transparency laws. Working knowledge of CMS Open Payments reporting requirements. Familiarity with security and risk frameworks (e.g., NIST, ISO 27001) preferred Excellent analytical, organizational, and problem-solving skills. Strong written and verbal communication skills with the abili Apply tot his job Apply To this Job