Associate General Counsel, US Data Protection, Privacy, and Security

The AGC for US Data Protection, Privacy and Security is an essential member of the legal and corporate compliance team, responsible for ensuring our company's compliance with US privacy laws and regulations. You will be responsible for providing legal advice and guidance to stakeholder teams across the enterprise, developing and implementing privacy policies and procedures, conducting privacy impact assessments, and collaborating with cross-functional teams to integrate privacy and data protection considerations into our products and services. This position reports directly to the company’s Data Protection Officer and Head of Privacy. The successful candidate must be agile, with a demonstrated ability to pivot and manage a workload. This is a remote position. 

What you’ll be doing:

• Serve as subject matter expert and lead on HIPAA compliance efforts.
• Advise on compliance with US privacy laws, including HIPAA, CCPA/CPRA, Washington’s MHMDA (My Health My Data Act), and other state privacy laws, with a focus on health data and sensitive personal information.
• Provide legal support for all aspects of the company’s data privacy and security programs.
• Partner with product, engineering, marketing, and cybersecurity teams to ensure compliance with privacy laws and industry best practices, particularly around AdTech, data management, and data analytics.
• Play a key role in the company’s response to data breaches and other security incidents, including managing breach notification and remediation efforts.
• Draft Privacy Related agreements including BAAs and Data Sharing Agreements.
• Stay up-to-date with evolving privacy laws and regulations, and provide guidance on their impact to the business.
• Coordinate with external counsel on privacy-related legal matters, including any regulatory inquiries, enforcement actions, and litigation.

What success looks like in this role:

• Identify and implement process improvements for the HIPAA compliance program, including policies and procedures, and training materials.
• Conduct a thorough risk assessment to identify potential privacy vulnerabilities and develop a mitigation plan.
• Review and Update existing privacy policies and procedures to ensure they are in line with current regulations and industry best practices.
• Launch and deliver HIPAA and privacy training programs for all employees.
• Ensure timely and accurate filing of regulatory reports and documentation related to HIPAA and privacy compliance. 

What we expect from you:

• 7+ years of legal experience, preferably with a successful, high-growth company or startup in the health and wellbeing sector with 5+ years emphasis on privacy.
• In-depth knowledge of US data privacy regulations, including HIPAA, Washington’s MHMDA (My Health My Data Act), and CCPA/CPRA.
• Working knowledge of worldwide data protection and AI regulations including the GDPR, and the EU AI Act as well as industry best practices (eg, NIST AI RMF, etc) preferred.
• Exceptionally strong business acumen and the ability to work effectively and efficiently on multiple projects in a fast paced, hyper growth environment, while being a critical (and often autonomous) go-to partner for fellow peers in the company and legal department.
• Strong sense of ownership and accountability over assigned projects and tasks.
• Experience scaling legal processes and policies.
• Candidates having relevant data privacy certifications (e.g. CISP, CIPP, CHPC, etc.) strongly preferred.

The target base salary range for this position is $212,800 - $266,000, and is part of a competitive total rewards package including stock options and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually using Radford Global Compensation Database at minimum to ensure competitive and fair pay. 

Benefits provided by Spring Health:

Note: We have even more benefits than listed here and below, your recruiter will provide more in-depth information as you continue in the interview process. All benefits are subject to individual plan requirements and eligibility criteria.

• Health, Dental, Vision benefits start on your first day at Spring Health. You and your dependents also receive an individual One Medical account which is valued at $199/year per user. HSA and FSA plans are also available.
• Employer sponsored 401(k) match of up to 2%
• A yearly allotment of no cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents.
• Generous paid time off, 10 sick days, 12 paid holidays throughout the year, and a 1 month sabbatical leave granted at your 4 year anniversary
• We offer parental leave up to 18 weeks, depending on your eligibility including tenure and medical situation.
• Access to fertility care support through Carrot, in addition to $4,000 reimbursement for related fertility expenses.
• Access to Wellhub, an on-demand virtual benefit that provides wellbeing coaching, and budget management.
• Up to $1,000 Professional Development Reimbursement a year.
• $200 per year donation matching to support your favorite causes.