HealthEquity Inc.

Sr Director, Data Security & Governance

Job Locations US-Remote
Security & Risk


We are CONNECTING HEALTH AND WEALTH. Come be part of remarkable.


How you can make a difference


We are looking for a passionate, collaborative, and driven executive Data Security Officer to join our team. This role will function as part of the Data Privacy & Governance leadership team within the Risk & Security organization, working closely with HealthEquity’s executive leadership and department heads to transform the strategic data and cloud security programs. This role serves as the chief data security officer of the company. The Senior Director, Data Officer must ensure that the following programs are appropriately designed, implemented and managed: data protection strategy, data governance and retention; security awareness, and related projects and initiatives. You will ensure that each program meets and addresses all applicable requirements such as industry best practices, internal policies, legal requirements, compliance, and regulations, all while aligning with business goals and objectives. You will have the responsibility to grow and monitor each program to ensure that each is meeting stated objectives, remains current to privacy and security trends, and is designed to protect HealthEquity while still allowing normal business activities. 


What you will be doing


  • Establish a team as the focal point for data security strategy, governance, compliance, metrics & reporting and advise the product and executive teams on implications related to upcoming regulations or industry guidelines.
  • Identify, develop, and implement, in partnership with business operations, technology, and client teams, enterprise projects relevant to sensitive and regulated data. The strategy and projects will involve hybrid cloud (IaaS, Paas, AaaS, SaaS) and on-premise technologies and architectures.
  • Partner with privacy, legal, compliance, product, sales operations, and other internal and external resources to develop the data strategy (collection, management, storage, security, and retention) and ensure developed policies meet the needs of the business and are updated as needed.
  • Manage a team to build a security awareness program to expand the depth and reach of data protection and privacy across HealthEquity.
  • Advise technical leadership on the proper safeguard of data residing on and transiting through virtual and physical assets.
  • Motivate team members to maximize rigorous system security controls that are natively available. Also, focus on implementing the basics before complexity and a data security maturity model that is tracked and adaptable to necessary changes.
  • Report regularly to senior management, keeping them abreast of the data strategy and data security best practices, including the threat landscape and the tactical controls and strategic plans to achieve success.
  • Employ understanding of the applicable data laws, regulations, and best practices that apply to the Company and advising on those requirements. Translate data requirements into an overarching strategy, architecture, and detailed technical requirements, to include assessing overall maturity and compliance using KRIs.
  • Partner with HealthEquity’s Privacy Officer and Data Strategy & Engineering leader to manage ongoing compliance and quality assurance programs for data security strategy, retention, and deletion
  • Manage data governance and retention policies, identifying and implementing key performance indicators for sensitive data identification and risk management
  • Identify data protection controls and manages data risks; assesses control effectiveness and manages risks to the confidentiality of sensitive data including PHI
  • Support the identification and implementation of scalable innovative technologies to support global data protection, including developing usage policies and guidelines, audit and control processes.
  • Lead a team to develop, optimize, and deliver Security Awareness training products in the form of Computer-Based Training modules and live, instructor-led presentations
  • Serve as the lead coordinator and contributor for the Risk & Security leadership team with strategic planning, including financial and labor planning in collaboration with finance and HR
  • Mobilize the Risk & Security teams to align operations with strategy. Affect results by maneuvering through appropriate formal and informal organization channels, influencing across all levels of the organization and across organizations
  • Define key technical performance indicators (KPIs) and metrics that align with business initiatives and delivers them to non-technical individuals in an effective, comprehensible manner.
  • Partner with vendors to build relationships and inspire product enhancements to support HealthEquity’s technical needs.
  • Support automation and orchestration to maximize team talent and reduce routine tasks that can be done through other means.
  • Actively recruit and lead by example to create a culture where team members want to work.
  • Mentor team members and place a heavy emphasis on team member retention – be a people-first leader.
  • Establish a vision and an enterprise wide data security strategy to drive business value and protect company, client and participant data.

What you will need to be successful



Knowledge of cybersecurity, risk & compliance, privacy, or a closely related field as normally obtained through the completion of a Bachelor’s Degree in Information Security.


Work Experience or Related Experience:

The ability and skill to lead security operations & compliance organizations as normally obtained through a minimum 12 years experience in cybersecurity, risk & compliance, or privacy with specific experience in privacy and data security laws. Experience should include working with business leaders holding fiscal responsibilities. Experience in Federal, State, and local data privacy and information security regulation and legislation (specifically sensitive data, HIPAA, PCI, SOX, as well as industry frameworks, such as NIST CSF, ISO 27001/27002 and COBIT is preferred.  Ability to navigate between functions such as Audit, Compliance, Legal, and IT experience is highly desired.


Specialized Knowledge, Skills & Abilities:

Deep understanding of privacy and data security laws including, but not limited to, the Gramm-Leach-Bliley Act, California Consumer Privacy Act, Health Insurance Portability and Accountability Act and Payment Card Industry Data Security Standard is required. Knowledge of Federal, State, and local data privacy and information security regulation and legislation (specifically sensitive data), HIPAA, PCI, SOX, as well as industry frameworks, such as NIST CSF, ISO 27001/27002 and COBIT is also required.

A strong customer service orientation is essential.

Demonstrated ability to adapt to the changing demands of business is a must.


Benefits and perks

  • Medical, Dental, Vision
  • 401(k) match
  • Paid Maternity/Paternity leave
  • Ongoing education 
  • Tuition Assistance
  • Gym/Fitness Reimbursement
  • Purple with Purpose (paid volunteer time off)
  • HSA contribution and match
  • On site Lunch and Learns
  • Award winning Wellness Program
  • Consumer Driven Healthcare (CDH) education

Why work for HealthEquity

HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth and build health savings for life. Through our innovative technology and superior service delivery, our members gain valuable insights to better save and spend their healthcare dollars.


We firmly believe that our team members drive the success of this company. We hire passionate contributors who enjoy the thrill of pioneering their positions to their full potential. Join us and discover a work experience where the person is valued more than the position, and where are our purple culture drives a remarkable experience.


Our advice to you

HealthEquity is fiercely focused on hiring passionate individuals to contribute to our purple culture. If you speak passion, excellence, service, ambition, fun… we want to speak with you! We believe that your personality is as important as your experience and qualifications so when we do have the opportunity to speak together, be authentic, be genuine, be you! Showcase your experience and your passion.


HealthEquity, Inc. is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics. HealthEquity is a drug-free workplace. For more information about our EEO policy, or about HealthEquity’s applicant disability accommodation, drug-free-workplace, background check, and E-Verify policies, please visit our Careers page.



Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed