Data Privacy Lead

Reporting to the Director of Compliance, the Data Privacy Compliance Lead is responsible for supporting the organization’s global Data Privacy programs, including but not limited to HIPAA and GDPR. This role is critical for the safety and security of DeepHealth products and organization. A successful Data Privacy Compliance Lead will collaborate with all teams within the organization to fulfill DeepHealth’s mission.

Duties and Responsibilities 

As the Data Privacy Compliance Lead, this position will: 

• Lead the organization’s data privacy efforts, ensuring compliance with local, national, and global privacy laws and regulations.   

• Implement a Privacy by Design program to support the development and modification of product design to meet evolving global requirements for the use and development of software; including the use of AI. 

• Support the Vendor Management team for vendor qualification and implementation/execution of Data Processing Agreements (DPAs) and Transfer Impact Assessments (TIS), as applicable.  

• Collaborate cross-functionally to implement technical and organizational measures to ensure data privacy. 

• Monitor how personal data is collected, processed, and stored to ensure compliance with local, federal, and international laws. 

• Develop and modify, as appropriate, organizational education and training materials to inform employees of privacy duties. 

• Advise senior management on privacy matters and integrate privacy into business processes. 

• Participate in investigations and impact assessments in the event of information security events.  

• Serve as the primary point of contact for data protection authorities and data subjects, handling inquiries, and requests. 

• Collaborate cross-functionally to unify and improve data privacy processes in support of various risk management frameworks, including but not limited to ISO 27001, GDPR, and NIST. 

Please Note: This is not an exhaustive list of all duties, responsibilities, and requirements of the position described above. Other functions may be assigned, and management retains the right to add or change duties at any time. 

Qualifications 

Qualifications include: 

• Bachelor’s degree in a relevant field (or equivalent experience). 

• 5 – 8 years of experience in a regulated industry, preferably medical device. Software and/or Software as a Medical Device experience a plus. 

• Strong knowledge of GDPR, ISO 27001, and HIPAA. 

• Strong knowledge of FDA Quality System Regulations, including but not limited to, 21 CFR Part 11, and 21 CFR Part 820. 

• Excellent written and oral communication skills. 

4. Working Conditions . 

This position will have the ability to work remotely. 

5. Physical Requirements 

This position often requires sitting; standing; walking; bending; twisting; reaching with hands and arms; using hands and fingers; handling; or feeling; speaking; listening; and high-level cognitive thinking. Also, the person must be able to lift up to 10 pounds occasionally. The position requires the ability to travel (~10% of time), drive a vehicle, and utilize other forms of transportation.