Compliance & Risk Lead

This is a fully remote position, open to applicants in France.

📋 Description

• Develop and steer the privacy and compliance strategy for entering new international markets, while addressing localized data privacy regulations and managing cross-border data transfer obligations.

• Assume complete responsibility for executing enterprise security questionnaires and thoroughly review/negotiate liability limits, notification periods, and security provisions in Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs).

• Function as Inato's official Data Protection Officer (DPO), overseeing the continuous governance of GDPR and HIPAA. Manage our Information Security Management System (ISMS) and collaborate closely with Engineering/IT to uphold our ISO 27001 certification.

• Represent Inato's compliance efforts, leading live security discussions with enterprise sponsors and clinical sites to advocate for our security posture.

• Serve as a consultant to Product Managers, evaluating feature roadmaps and data flows to ensure that global patient data management complies with regulations from the initial concept stage.

• Act as the essential liaison who translates intricate legal obligations into straightforward, actionable business requirements and tickets for the engineering team to execute.

• Develop compliance materials (whitepapers, FAQs) to proactively address customer inquiries and implement vendor risk management protocols.

⛳️ Requirements

• Over 7 years of professional experience in data privacy, compliance, risk management, or technology law, preferably within a dynamic B2B SaaS, HealthTech, or Life Sciences context.

• In-depth knowledge of global privacy frameworks (GDPR, HIPAA) and a strong ability to research and interpret localized privacy laws for expansion into new countries.

• Demonstrated capability to negotiate the legal, technical, and security aspects of Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs).

• Technical fluency; while you don't need to be an engineer, you should have a proven track record of successfully converting legal/compliance requirements into technical tickets for product and engineering teams (and managing ISO 27001 audits alongside them).

• Significant customer-facing experience; you should be very comfortable leading live security and compliance discussions with enterprise clients or clinical organizations.

• A proactive "builder" mentality—you are prepared to take initiative to complete questionnaires, draft policies, and conduct training sessions independently from Day 1.

🏝️ Benefits

• Remote-first approach & flexible working hours

• Top-quality equipment provided

• Comprehensive modern health insurance (Benefiz)

• Compensatory time off (RTT)

• Meal vouchers (Swile)

• Gym membership (Gymlib)

• Complimentary books & learning resources