Privacy & Compliance Manager

About Us:

How many companies can say they have been in business for over 178 years?!

Here at ZEISS, we certainly can! As the pioneers of science, ZEISS handles the ever-changing environments in a fast-paced world, meeting it with cutting edge technologies and continuous advancements. ZEISS believes that innovation and technology are the key to a sustainable future and solutions for global change. We have a diverse range of portfolios throughout the ZEISS family in segments like Industrial Quality & Research, Medical Technology, Consumer Markets and Semiconductor Manufacturing Technology. We are a global company with over 42,000 employees and have over 4,000 in the US and Canada alone! Make a difference, come join the team!

This position is located in USA, remote in USA with US work authorization needed. Salary range could be based on location.

What's the role?

The Privacy & Compliance Manager will oversee privacy, data protection, and healthcare transparency compliance for ZEISS's U.S. Medical Technology businesses ("Meditec"). Reporting to the General Counsel, this role is responsible for the day-to-day operation of Meditec's privacy program while also leading U.S. federal and state aggregate spend / Open Payments (Sunshine Act) reporting activities. This position works closely with ZEISS's Corporate Data Protection Office, Compliance Operations, IT and Security, R&D, Product Security, Finance, and external vendors to ensure regulatory compliance, data integrity, and effective risk management across our U.S. medical device and digital businesses.

Sound Interesting?

Here's what you'll do:

• Oversee the day-to-day operation of Meditec's U.S. privacy program, including development and maintenance of policies, procedures, training, and privacy governance documentation.

• Lead incident investigation and response, including breach assessment, remediation, and notifications to regulatory agencies and other stakeholders as required.

• Monitor and interpret international, federal, and state privacy and data protection laws (e.g., GDPR, HIPAA, CCPA/CPRA) and ensure Meditec's collection, retention, use, and disclosure of data comply with applicable requirements.

• Conduct routine audits and assessments of privacy and data protection practices; draft reports of findings and present recommendations for technical and operational improvements.

• Lead project management efforts for implementation of new privacy tools, controls, and processes.

• Draft, review and negotiate a broad range of privacy, information security, and product security agreements, including Business Associate Agreements (BAAs), Data Transfer Agreements, customer-supplied questionnaires, and cybersecurity documentation.

• Serve as a subject matter expert on privacy and data protection, providing guidance to product engineering, IT, security, and business teams.

• Act as a liaison with Meditec affiliates and ZEISS Corporate Data Protection Office as the Data Protection Coordinator.

• Develop and deliver privacy training and workforce education addressing the handling of PHI, PII, and confidential information to foster a privacy-aware culture.

• Manage and oversee U.S. federal and state Aggregate Spend / Open Payments reporting, including data collection, validation, remediation, and submission activities.

• Actively monitor and manage external vendors, ensuring accurate data aggregation from multiple source systems.

• Evaluate data quality issues and obtain additional information from internal stakeholders or third parties when required.

• Perform analysis related to Healthcare Professionals (HCPs), including license verification, CMS validation failures, and residency determinations.

• Prepare and review aggregate spend submission reports and determine completeness and accuracy for Meditec entities.

• Submit aggregate spend data through the CMS Open Payments Portal and support company officers during attestation.

• Investigate and resolve Open Payments disputes in collaboration with internal and external partners in accordance with federal guidelines.

• Review, route, approve, and release payment for commercial sponsorship requests, ensuring adherence to company compliance policies.

• Monitor and update sponsorship and transparency guidance as regulations and internal policies evolve.

• Support compliance-related audits, investigations, and training initiatives as directed by U.S. Compliance Counsel.

Do you qualify?

• Bachelor's degree required

• Five (5) or more years of experience in data privacy / data protection

• Three (3) or more years experience in healthcare compliance (with focus on aggregate spend / Open Payments / Sunshine Act reporting).

• Strong understanding of GDPR, HIPAA, CCPA/CPRA, and healthcare transparency laws.

• Working knowledge of CMS Open Payments reporting requirements.

• Familiarity with security and risk frameworks (e.g., NIST, ISO 27001) preferred

• Excellent analytical, organizational, and problem-solving skills.

• Strong written and verbal communication skills with the ability to influence at all organizational levels.

• Proven ability to manage vendors, complex data workflows, and cross-functional projects.

• Proficiency in Microsoft Word, Excel, and PowerPoint.

• Proactive, detail-oriented, and adaptable to changing regulatory and business priorities.

We have amazing benefits to support you as an employee at ZEISS!

• Medical

• Vision

• Dental

• 401k Matching

• Employee Assistance Programs

• Vacation and sick pay

• The list goes on!

Your ZEISS Recruiting Team:

Tina Eilerman

Zeiss provides Equal Employment Opportunity without unlawful regard to an Applicants race, color, religion, creed, sex, gender, marital status, age, national origin or ancestry, physical or mental disability, medical condition, military or veteran status, citizen status, sexual orientation, pregnancy (includes childbirth, breastfeeding or related medical condition), genetic predisposition, carrier status, gender expression or identity, including transgender identity, or any other class or characteristic protected by federal, state, or local law of the employee (or the people with whom the employee associates, including relatives and friends).