Senior Privacy & AI Counsel (Hybrid)

A Home Health Care Services Company

  • San Francisco, CA
  • 7+ Years
  • Remote
  • Not Specified
  • 180,000 - 250,000 / Yearly
  • Not Specified
Apply now

Description:

The Opportunity:
As we expand our capacity to support more family caregivers at scale, we're growing the teams that support this work. We're looking for a high-agency operator to join us as our Senior Privacy & AI Counsel. Reporting to the General Counsel, you'll be the day-to-day owner of Abby Care's privacy and AI governance programs in a high-tempo, rapidly evolving environment where the regulatory landscape shifts fast and ambiguity is the norm, not the exception.

Sitting at the intersection of strategy and execution, this is a senior, build-and-lead role. While our privacy program has a working foundation, our next phase—broader AI deployment, new state environments, and a denser vendor ecosystem—requires a senior lawyer who can set program strategy, run day-to-day operations, and serve as a true subject matter expert. You won't just be reviewing individual cases; you will own the AI governance program, scale our HIPAA Privacy program, and partner closely with the GC, Product, Engineering, Operations, and Clinical leadership to unlock safe, compliant growth. Alongside the GC, you will also brief the Executive team and Board on privacy and AI risk.

A true player-coach, you are equally comfortable setting high-level program strategy as you are rolling up your sleeves to handle daily reviews. Highly collaborative, you find energy working across diverse, cross-functional teams toward a common goal. If you are excited by the opportunity to build the playbook for AI and privacy at scale, all while transforming care at home for vulnerable populations, we'd love to hear from you!

This is a Full-Time Hybrid opportunity based in San Francisco.

What You'll Work On:
  • Own Abby Care's privacy program — HIPAA compliance, state privacy law compliance, BAA program, data mapping and ROPA, privacy incident response, breach assessment and notification, and individual rights workflows — including its design, operation, measurement, and continuous improvement.
  • Own Abby Care's AI governance program — the responsible AI policy suite, AI inventory, AI use case intake and review process, model risk classification, ongoing monitoring, and AI incident response — and evolve it as the regulatory and deployment landscape shifts.
  • Lead AI use case reviews for internal generative and agentic AI tools and for AI-powered features in Abby Care's product, including chart update, documentation extraction, and clinical decision support. Set the SLAs and the review framework; escalate the hard cases to the GC.
  • Set regulatory change management strategy across federal and state privacy and AI law. Translate horizon scanning into program and product decisions, not just memos.
  • Own the BAA program end-to-end, including standard templates, fallback positions, vendor risk integration, and downstream subcontractor flow-downs.
  • Serve as the senior legal partner to Product, Engineering, Operations and Clinical teams on the privacy and AI implications of new and existing features. Review PRDs, design documents, and model cards; sit in design reviews; influence the roadmap.
  • Lead privacy and AI incident response, including investigation, breach analysis, regulator and individual notification, and post-incident program remediation.
  • Prepare the privacy and AI sections of the Board package, with the General Counsel.
  • Manage outside privacy and AI counsel relationships, including scope, budget, and quality of work product.
  • Hire, develop, and lead the privacy and AI team as it grows.
  • Partner with the General Counsel and Compliance leadership on Privacy Officer designation, training and awareness programs, and the integration of privacy and AI controls into the broader compliance program.

What Success Looks Like:
In your first six months, you have taken full operational ownership of the privacy and AI governance programs from the General Counsel. You have completed a program assessment, set the 12-month work plan, and aligned the GC and Compliance leadership on it. The AI use case review process is yours — documented, in operation, and meeting SLAs you set. The BAA program has a refreshed template, a clear playbook, and a current portfolio.

In your first twelve months, Abby Care's privacy program is operating against documented standards that you own, with active monitoring, a current data map, a refreshed BAA portfolio, and a tested incident response workflow. The AI governance program is operating end-to-end and has reviewed every AI use case in production and in the active product pipeline. You have built credibility as the senior legal partner to Product, Engineering, Operations and Clinical leadership; you sit in the design reviews that matter; and the AI roadmap reflects your input.

In year two, the privacy and AI programs are running on a predictable cadence, with measurable improvements year over year and meaningful leverage from the team growing under you. You are the company's internal authority on healthcare AI deployment, you manage the outside privacy counsel relationship directly, and you have presented to the Board of Directors and are the company's named lead for privacy and AI risk at that level.

What you'll have:
  • JD from an accredited law school and active bar membership in good standing in at least one U.S. jurisdiction.
  • 7+ years of legal experience, in-house or at a top law firm, with substantial privacy and AI work. In-house experience at a healthcare or healthcare technology company strongly preferred.
  • Deep working command of HIPAA/HITECH — including the Privacy, Security, and Breach Notification Rules — and a demonstrated track record of building HIPAA Privacy programs.
  • Deep working command of U.S. state privacy laws and the emerging U.S. state AI law landscape.
  • Demonstrated track record of building or materially rebuilding an AI governance program — responsible AI policy design, AI use case review framework, model risk classification, and AI-related product review — not just operating an inherited one.
  • Demonstrated experience leading privacy incident response end-to-end, including regulator-facing notification and post-incident remediation.
  • Strong written communication and the credibility to take and defend a position with executives, the Board, regulators, and outside counsel.
  • Comfort operating in a fast-growth environment with imperfect data, parallel priorities, and the need to write the policy yourself before handing it off.

Nice to Have:
  • Experience advising on healthcare AI deployment, including FDA SaMD/CDS analysis, clinical decision support governance, and patient-facing AI disclosures.
  • Familiarity with 42 CFR Part 2, the 21st Century Cures Act information blocking rules, and state Medicaid confidentiality requirements.
  • Familiarity with NIST AI RMF, ISO/IEC 42001, and other AI assurance frameworks.
  • Prior work with state Medicaid agencies, MCOs, or other government payors on privacy or data use matters.
  • Experience hiring, developing, and leading a small legal or privacy team.
  • IAPP certifications: CIPP/US strongly preferred; AIGP a meaningful plus; CIPM useful.
  • A sense of humor and a steady temperament under pressure.


Similar Jobs

Regulatory & Litigation Counsel, AI Safety

Google
San Francisco, CA Full Time

Legal Counsel, Power & Energy

Crusoe Energy Systems, LLC
San Francisco, CA Full Time

Senior Insurance Defense Trial Attorney - North...

Farmers Insurance Group
San Francisco, CA Full Time

Vice President, Legal

Prime Group
San Francisco, CA Full Time

Lead Commercial Counsel

Rippling
San Francisco, CA Full Time

Commercial & Corporate Counsel

Tools for Humanity
San Francisco, CA Full Time