Description:About this role:
iRhythm is currently seeking an experienced, motivated Director, Legal - Global Privacy and Security. Our work environment is fast-paced, with a collaborative atmosphere. Most of all, we are passionate about delivering innovations that improve the quality of health care and the patient experience. We are looking for like-minded individuals to join our team today! This is a fully remote role.
Specific job responsibilities include:
- Develop and maintain the company's policies, procedures, and guidelines designed to address global privacy requirements, including those arising in the US (i.e., HIPAA/HITECH), APAC and EMEA (i.e., GDPR).
- Report to the Vice President, Global Legal and engage with the Board of Directors and other key internal stakeholders regarding program posture and developing global data protection requirements.
- Provide legal advice and support including research regarding emerging regulation for AI/ML product development working in close collaboration with colleagues across the enterprise.
- Negotiate data licensing and use agreements, including with vendors, universities, and academic medical centers.
- Advise on new products, services, and technologies, as well as other activities subject to data protection requirements, such as clinical research and marketing.
- Identify and act on opportunities to better operationalize privacy requirements and practices within the company, such as the creation of template contractual terms and playbooks.
- Lead privacy incident response activities, including investigation and remediation of potential issues as well as analysis for notification obligations.
- Support the Privacy Operations team, including reviewing and approving high-risk data subject rights request responses and data protection impact assessments.
- Liaise with industry groups and legislators regarding data privacy legislation.
- Manage engagements with outside counsel and other external resources.
- Assist on legal and cross-functional projects as they arise.
- JD from an accredited US law school and good standing with at least one US state bar.
- At least 8+ years of in-house legal department experience, law firm and/or government experience.
- Demonstrated interest in privacy and/or corporate security. Completion of IAPP courses, CIPM/CIPT/CISSP certifications and any other additional post-graduate qualifications or certifications preferred.
- Expertise in and track record dealing with global privacy and data regulatory frameworks, in particular as related to cybersecurity and data localization.
- Knowledge and experience in advising on cloud computing, privacy enhancing technology, and cybersecurity.
- A sense of urgency with a results-driven orientation and excellent organizational skills.
- Experience managing attorneys and paralegals.
- Experience in report, policy and procedure development.
- Excellent analytical, written and oral communications skills required.