Lead Data Privacy Engineer

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

POSITION SUMMARY
We are seeking a Lead Data Privacy Engineer to assist in leading our Data Protection Engineering, Monitoring, and Audit efforts. This role is responsible for embedding privacy by design principles into systems and processes, designing and maintaining technical controls to safeguard personal data (PII), and ensuring compliance with privacy regulations while supporting business objectives. The position requires a strong technical database background and deep knowledge of privacy laws and security and privacy frameworks, working closely with cross functional teams to maintain a robust data security & privacy posture.

What we expect of you -

• Drive strategy, planning, prioritizing, and execution of data security and privacy initiatives to protect unstructured and structured data in hybrid environments.

• Design and Implementation of Privacy Enhancing Technologies (PETs), lead privacy-preserving solutions planning, design, development, implementation, and monitoring.

• Drive and support technical components compliance/audit processes.

• Provide expert guidance on secure systems architecture, design and implementation in alignment with privacy engineering principles.

• Continuous monitoring of emerging technologies, regulatory developments and industry trends to recommend enhancements to organizational privacy posture. Develop and maintain data protection dashboard, metrics roadmap, and scorecards.

• Apply threat modeling and risk analysis methodologies to mitigate privacy and security risks. Facilitate risk-based approach to develop, manage, and maintain data protection controls.

• Collaborate with engineering, product, legal, and compliance teams to translate privacy and regulatory requirements (e.g., GDPR, CCPA, HIPAA) into technical designs, policies, and guardrails.

• Foster a privacy by design culture and embed privacy requirements into engineering documentation.

• Lead and contribute to enterprise data governance activities, including data discovery, classification, data loss prevention, audit, and incident response.

• Lead project teams of talented professionals to deliver data security capabilities.

REQUIRED QUALIFICATIONS

• 7+ years of hands-on experience in security engineering, privacy engineering, privacy enhancing technologies or related fields.

• 7+ years of experience with privacy and data protection regulations (GDPR, CCPA, HIPAA, etc.) and translating them into technical requirements.

• 5+ years of experience in one or more programming or scripting languages (e.g. Python, Java, Go, Rust, or similar).

• 5+ years of experience in designing and implementing cryptographic or data protection systems (e.g. encryption, tokenization, key management).

• 5+ years of experience in performing privacy threat modeling, data flow mapping, and conducting DPIAs/PIAs.

• 5+ years of experience in working in CI/CD environments, Infrastructure as Code (IaC), and automating security/privacy checks.

• 5+ years of data security technology experience, including data classification, DLP, insider risk, encryption, web content filtering and CASB.

PREFERRED QUALIFICATIONS

• Professional Certifications such as CDPSE, CIPP, CIPT, CIPM, CISSP, or equivalent.

• Experience with security controls alignment to key regulations like NIST, FIPS 140-2, ISO, HITRUST, HIPAA, PCI, CPRA, GDPR

• Experience supporting regulatory audits, investigations, or independent assessments.

• Experience building and scaling privacy platforms or features in a fast-paced environment (e.g. developing & automating processes, leveraging AI ML).

• Familiarity with Data Loss Prevention (DLP) systems and data mapping tools.

• Familiarity with cloud platforms (AWS, Azure, GCP) and various data technologies (SQL, NoSQL databases, data lakes, etc.).

• Experience implementing controls at scale in regulated environments.

• Experience aligning technical infrastructure with regulatory obligations.

• Hands-on experience with secure system architecture, data encryption, tokenization, access controls or secure API design.

• Experience in healthcare, insurance, or highly regulated industries.

• Strong analytical abilities, verbal/written communication, and interpersonal skills

• Demonstrated experience in secure system design and alignment with organizational/regulatory requirements.

• Excellent communication and ability to explain complex technical and legal concepts to diverse audiences.

EDUCATION

Bachelor degree from accredited university or equivalent work experience (HS diploma + 4 years relevant experience).

BUSINESS OVERVIEW

Bring your heart to CVS Health Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver.  Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable.  We strive to promote and sustain a culture of diversity, inclusion and belonging every day.  CVS Health is an affirmative action employer, and is an equal opportunity employer, as are the physician-owned businesses for which CVS Health provides management services. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.  We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.

Pay Range

The typical pay range for this role is:

$106,605.00 - $284,280.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.  This position also includes an award target in the company’s equity award program. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.

This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.

Additional details about available benefits are provided during the application process and on Benefits Moments.

We anticipate the application window for this opening will close on: 06/30/2026

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.