Compliance Lead

This is a fully remote position, open to applicants in United States.

📋 Description

• Collaborate with Product and Engineering teams on new features, architecture, and user flows to ensure that privacy-by-design principles are integrated prior to launch, rather than being retrofitted afterwards.

• Oversee the privacy review process for AI features and AI vendors, including restrictions on model training, controls on PHI usage, transparency disclosures, and governance checkpoints prior to launch.

• Assist in clinical research, outcomes tracking, and de-identification workflows to ensure that secondary data usage complies with documented standards.

• Evaluate and address urgent product and commercial requests by providing well-considered written guidance.

• Manage the daily execution of core privacy operations in partnership with the Senior Director of Compliance, demonstrating the capacity to work independently on assigned projects.

• Utilize Fullscript’s OneTrust platform for vendor assessments, data mapping, PIAs, consumer rights requests, and reporting, including setting up new workflows as the program expands.

• Direct privacy incident response efforts, which include intake, triage, coordination with cross-functional teams, documentation, and tracking remediation actions until resolution.

• Cultivate reliable working relationships with stakeholders across the organization to ensure that privacy considerations are incorporated early in new initiatives instead of at the conclusion.

• Convert HIPAA, PIPEDA, Quebec Law 25, CPRA, and other relevant US state privacy laws into straightforward guidance, playbooks, and training materials that the business can utilize without further clarification.

• Continuously monitor Fullscript’s privacy landscape and identify emerging risk areas to report to the Senior Director of Compliance.

⛳️ Requirements

• A minimum of 7 years of hands-on privacy experience, particularly in roles that necessitate extensive cross-collaboration.

• A proven history of working closely with Product and Engineering teams to embed data protection and privacy measures directly into features, technical solutions, and product designs.

• Direct experience within the US healthcare sector (HIPAA) is essential.

• Demonstrated, direct experience with OneTrust is required.

• A thorough understanding of the privacy landscapes in the US and Canada, with the capability to confidently navigate and apply relevant requirements.

• Knowledgeable about the privacy implications associated with AI.

• Outstanding relationship-building skills across the organization and the ability to communicate compliance requirements in a clear and straightforward manner.

• A practical, solution-focused individual contributor who excels in autonomy and rapid business growth.

🏝️ Benefits

• Fullscript provides salary ranges to promote transparency and assist candidates in making informed choices. The displayed range pertains to base salary only and excludes stock options, wellness stipends, or other benefits included in Fullscript’s total rewards package.