Senior Privacy, Security & AI Counsel

About The Position

Requirements

• J.D. with U.S. state bar admissions in good standing in the jurisdiction in which you practice
• 8+ years in house experience supporting privacy, cybersecurity, data protection, and/or related regulatory matters, ideally in a healthcare technology setting.
• Knowledge of and ability to apply healthcare privacy, security and AI legal and regulatory frameworks and industry best practices, certifications, and reviews, and experience to a fast-paced environment
• Ability to interpret new and existing privacy, security and AI requirements and provide practical, actionable guidance to operationalize processes to support regulatory compliance
• Enthusiasm for and skill at building relationships, sharing necessary information, and collaborating effectively with a broad range of stakeholders within the company, the legal and compliance teams, and the health tech industry
• Experience identifying and mitigating new risks in heavily regulated or emerging technology areas as a legal advisor to product, security, and/or engineering teams
• Understanding and experience advising throughout the entire product development lifecycle, including contracting, and regulatory compliance.
• Detail-oriented, with the ability to balance strategic thinking and practical, hands-on execution.
• Outstanding judgment, business acumen, practicality, collaboration, responsiveness, and integrity
• Excellent communication and presentation skills, with the ability to represent the company effectively in internal communications at all levels and with external stakeholders.
• Passion for Collective Health’s mission and for working in a young, growing company where systems and processes will require hands-on engagement and creativity.

Nice To Haves

• Relevant experience at a rapidly growing technology or healthcare company
• Up to date privacy, security, and/or healthcare certifications preferred (e.g., CIPP/US, AIGP, CIPT, CISSP, CISSP, HCISPP, Security+, CCSP)

Responsibilities

• Regulatory Advisor:
• Stay apprised of changing state and federal laws and direct the business on practical implementation of privacy, security, and AI requirements for business operations, vendor engagements, and product development.
• Proactively translate state and federal privacy, security, and AI laws into actionable strategies, product requirements and contract terms for business and product teams and assist in development of training and awareness programs.
• Advise regulatory attorneys on privacy, security, and AI implications of healthcare related laws, such as ERISA and the ACA, as they relate to third party administrator functions, claims data, and required communications.
• Commercial Contracting Support:
• Draft and negotiate privacy, security and AI terms and agreements, i.e., Business Associate Agreements, Data Security Agreements, and working with commercial attorneys to align terms with product capabilities and company processes while effectively managing privacy, AI, and security risks.
• Empower business and sales teams by providing expert guidance on privacy, security, and AI questions in Requests for Proposals and customer questionnaires.
• Provide strategic legal review, guidance and contract terms for data use, ownership, indemnification, and limitations of liability aligned with state and federal privacy, AI, and security laws and best practice to support the development and evolution of products.
• Product, Engineering and AI Support:
• Remain current on evolving AI laws to educate and provide support to the business to ensure ongoing compliance with privacy, security, and AI-specific regulation, framework, policies, and guidance.
• Proactively identify and mitigate security and AI risks associated with new product features and commercial initiatives, ensuring 'security by design' and 'privacy by design' principles are embedded from conception and engage with product and engineering teams on new development initiatives, providing clear, practical legal guidance.
• Direct teams in the legal classification of AI systems, assessment of risks, and AI governance frameworks, including development of policies and procedures for ethical AI development, deployment, use, and risk mitigation, ensuring responsible innovation and addressing potential biases and fairness in product offerings.
• Guide cross-functional stakeholders on AI principles such as governance, transparency, accountability, and human-oversight.
• Work cross-functionally on a privacy and data governance program (covering data classification, retention, quality, access and disposal) ensuring compliance and enabling data-driven product innovation.
• Privacy & Data Security Support:
• Act as a legal partner to the Privacy Officer and the Chief Information Security Officer to proactively advise on federal and state privacy and data security obligations, applicable external certifications and benchmarking frameworks (e.g., HITRUST, NIST, NYDFS, SOC2), including participating in tabletop exercises.
• Assist with drafting, updating, and operationalizing cybersecurity, and data protection policies, procedures, standards, and guidelines and support third party risk management, due diligence and contracting.
• Advise and support, as requested by the Privacy Officer and/or Chief Information Security Officer, escalated privacy and/or cyber incidents, lawsuits, regulatory inquiries, or government escalations including communications and outreach to customer, vendor and partner counsel.

Benefits

• health insurance
• 401k
• paid time off