Privacy, Security, & Technology Counsel
Our mission is to deliver high-quality primary care that is accessible, convenient and affordable for all. Every single day you’ll be working on challenging problems with an exceptional team to profoundly transform primary care and improve people’s quality of life.
This role allows you to work from anywhere you choose across the U.S. (excluding U.S. territories), with the flexibility to work from the Seattle HQ office as often as you’d like. Please note that no matter where you are located, all employees should be available during our core working hours from 10 am to 4 pm PT Monday through Friday.
Your role and impact
Reporting to the Deputy General Counsel, you will advise, counsel and support 98point6 privacy and data protection practices. As Privacy, Security & Technology Counsel, you will work closely with the Privacy, Security, Engineering, Product and Compliance teams to advise on all aspects of privacy and data protection laws, including data breach rules and requirements, with a particular focus on healthcare privacy and data protection laws. This role is critical to support the privacy, security, technology functions and product integrations of a rapidly growing healthcare technology startup.
Responsibilities
- Handle privacy and data protection-related inquiries from across 98point6 and provide actionable advice and legal counsel to facilitate privacy and data protection compliance
- Consider applicable privacy and data protection requirements when evaluating 98point6 programs, products, vendors and initiatives
- Assist in the creation, maintenance and implementation of policies, processes, templates, data inventories, records of processing and associated documentation relating to data processing
- Carry out assessments relating to new and evolving data processing
- Partner closely with the Corporate IT, Privacy and Security teams to review and respond to potential privacy and data protection incidents
- Lead or support privacy and security legal workflows for new and existing technology vendors, including the review and negotiation of agreements and statements of work, maintaining standard forms and exhibits and working with key internal stakeholders across teams
- Work with legal and product teams globally to review products, features, new applications and initiatives to provide legal risk mitigation strategies to ensure legal compliance for products from a privacy and data protection perspective
- Monitor and summarize relevant legislative developments, case law, regulatory guidance and enforcement actions in applicable jurisdictions as needed
- Consult with and supervise outside counsel to develop legal strategies and resolve issues in various matters
- Review, draft and negotiate various types of agreements (e.g., vendor/service provider agreements, customer agreements [including business associate agreements], data processing, data transfer and data usage agreements)
- Educate others about and assist in the implementation of various requirements driven by the company’s Compliance, Privacy and Security Officers
- Assist with and support governmental inquiries and investigations
Qualifications
- JD and a license to practice law in at least one state
- 10+ years of relevant experience, including healthcare privacy, security, technology or related regulatory experience with law firms or corporations
- Experience working within a health technology company strongly preferred
- 2+ years of in-house experience preferred
- Demonstrated transactional experience, including reviewing, drafting and negotiating privacy and data protection contract terms and agreements, data processing, usage and/or transfer agreements
- Experience conducting privacy impact assessments and advising on applicable legal requirements
- Demonstrated experience with the legal, regulatory and technical issues related to the health and wellness industry and emerging technologies and/or privacy and security issues, including artificial intelligence and machine learning
- Understanding of various data breach laws and the ability to advise and respond to various data “breach” situations
- Thorough understanding of Internet architecture and related technologies
- CIPP or CISSP certification preferred
98point6 provides equal employment opportunities to all without regard to race, color, religion, sex (including sexual orientation or gender identity), national origin, age, disability, genetic information or other protected status.