Description:

About this role:
iRhythm is currently seeking an experienced, motivated Director, Legal - Global Privacy and Security. Our work environment is fast-paced, with a collaborative atmosphere. Most of all, we are passionate about delivering innovations that improve the quality of health care and the patient experience. We are looking for like-minded individuals to join our team today! This is a fully remote role.

Specific job responsibilities include:

Develop and maintain the company's policies, procedures, and guidelines designed to address global privacy requirements, including those arising in the US (i.e., HIPAA/HITECH), APAC and EMEA (i.e., GDPR).
Report to the Vice President, Global Legal and engage with the Board of Directors and other key internal stakeholders regarding program posture and developing global data protection requirements.
Provide legal advice and support including research regarding emerging regulation for AI/ML product development working in close collaboration with colleagues across the enterprise.
Negotiate data licensing and use agreements, including with vendors, universities, and academic medical centers.
Advise on new products, services, and technologies, as well as other activities subject to data protection requirements, such as clinical research and marketing.
Identify and act on opportunities to better operationalize privacy requirements and practices within the company, such as the creation of template contractual terms and playbooks.
Lead privacy incident response activities, including investigation and remediation of potential issues as well as analysis for notification obligations.
Support the Privacy Operations team, including reviewing and approving high-risk data subject rights request responses and data protection impact assessments.
Liaise with industry groups and legislators regarding data privacy legislation.
Manage engagements with outside counsel and other external resources.
Assist on legal and cross-functional projects as they arise.

Minimum Requirements:

JD from an accredited US law school and good standing with at least one US state bar.
At least 8+ years of in-house legal department experience, law firm and/or government experience.
Demonstrated interest in privacy and/or corporate security. Completion of IAPP courses, CIPM/CIPT/CISSP certifications and any other additional post-graduate qualifications or certifications preferred.
Expertise in and track record dealing with global privacy and data regulatory frameworks, in particular as related to cybersecurity and data localization.
Knowledge and experience in advising on cloud computing, privacy enhancing technology, and cybersecurity.
A sense of urgency with a results-driven orientation and excellent organizational skills.
Experience managing attorneys and paralegals.
Experience in report, policy and procedure development.
Excellent analytical, written and oral communications skills required.