About this role:
iRhythm is currently seeking an experienced, motivated Director, Legal - Global Privacy and Security. Our work environment is fast-paced, with a collaborative atmosphere. Most of all, we are passionate about delivering innovations that improve the quality of health care and the patient experience. We are looking for like-minded individuals to join our team today! This is a fully remote role.

Specific job responsibilities include:
  • Develop and maintain the company's policies, procedures, and guidelines designed to address global privacy requirements, including those arising in the US (i.e., HIPAA/HITECH), APAC and EMEA (i.e., GDPR).
  • Report to the Vice President, Global Legal and engage with the Board of Directors and other key internal stakeholders regarding program posture and developing global data protection requirements.
  • Provide legal advice and support including research regarding emerging regulation for AI/ML product development working in close collaboration with colleagues across the enterprise.
  • Negotiate data licensing and use agreements, including with vendors, universities, and academic medical centers.
  • Advise on new products, services, and technologies, as well as other activities subject to data protection requirements, such as clinical research and marketing.
  • Identify and act on opportunities to better operationalize privacy requirements and practices within the company, such as the creation of template contractual terms and playbooks.
  • Lead privacy incident response activities, including investigation and remediation of potential issues as well as analysis for notification obligations.
  • Support the Privacy Operations team, including reviewing and approving high-risk data subject rights request responses and data protection impact assessments.
  • Liaise with industry groups and legislators regarding data privacy legislation.
  • Manage engagements with outside counsel and other external resources.
  • Assist on legal and cross-functional projects as they arise.

Minimum Requirements:
  • JD from an accredited US law school and good standing with at least one US state bar.
  • At least 8+ years of in-house legal department experience, law firm and/or government experience.
  • Demonstrated interest in privacy and/or corporate security. Completion of IAPP courses, CIPM/CIPT/CISSP certifications and any other additional post-graduate qualifications or certifications preferred.
  • Expertise in and track record dealing with global privacy and data regulatory frameworks, in particular as related to cybersecurity and data localization.
  • Knowledge and experience in advising on cloud computing, privacy enhancing technology, and cybersecurity.
  • A sense of urgency with a results-driven orientation and excellent organizational skills.
  • Experience managing attorneys and paralegals.
  • Experience in report, policy and procedure development.
  • Excellent analytical, written and oral communications skills required.