Compliance & Risk Lead

Inato is a Tech for Good company striving to bring clinical research to each and every patient, regardless of who they are or where they live. To do this, we are building the world's first clinical trial platform to create greater visibility, access, and engagement across a more diverse population of doctors and their patients.

Drug development is a challenging, intellectually complex, and rewarding endeavor: we enable global pharmaceutical companies to confidently partner with community-based researchers to increase patient access to the latest medical innovations. Our AI-powered platform currently offers clinical trials from leading companies to over 5,500 sites across the globe and we are well poised for growth in 2026.

We are a growing team of passionate pharmaceutical experts, software and AI engineers, professional services members, and many more—all bringing their unique perspectives to solve the challenges facing clinical research.

Inato is the recent recipient of Fast Company’s Most Innovative Companies of 2024, Fierce Healthcare’s Fierce 15, and Built In's Best Places to Work 2025.

The Role As our Compliance & Risk Lead, you will be the cornerstone of Inato’s trust and security posture, ensuring that our rapid scaling and geographic expansion remain deeply compliant with global healthcare standards. You will act as the "face of compliance" to our enterprise partners and serve as our internal legal/privacy expert. Reporting to the VP Finance, you will act as Inato's official Data Protection Officer (DPO), negotiate complex data agreements, chart the regulatory roadmap for new countries, and partner closely with our technical teams to govern our ISO 27001 and risk management programs.

Responsibilities

• Drive Geographic Expansion: Define and lead the privacy and compliance roadmap for entering new global markets, navigating localized data privacy laws, and managing cross-border data transfer requirements.

• Own Questionnaires & Contracts: Take end-to-end ownership of completing enterprise security questionnaires and deeply review/negotiate liability caps, notice periods, and security exhibits in Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs).

• Act as DPO & Manage Core Frameworks: Serve as Inato's registered Data Protection Officer (DPO). Own the ongoing governance of GDPR and HIPAA. Manage our Information Security Management System (ISMS) and partner closely with Engineering/IT to maintain our ISO 27001 certification.

• Enable Sales & Build Customer Trust: Act as the face of Inato’s compliance, leading live security calls with enterprise sponsors and clinical sites to defend our posture.

• Advise on "Privacy by Design": Act as a consultant to Product Managers, reviewing feature roadmaps and data flows to ensure global patient data management remains compliant from the ideation phase.

• Bridge Policy & Product: Act as the crucial translator who converts complex legal obligations into clear, actionable business requirements and tickets for the engineering team to build.

• Scale External Trust: Create compliance collateral (whitepapers, FAQs) to proactively answer customer questions and implement vendor risk management processes.

Qualifications

• 7+ years of professional experience in data privacy, compliance, risk management, or tech law, ideally within a fast-paced B2B SaaS, HealthTech, or Life Sciences environment.

• Deep expertise in global privacy frameworks (GDPR, HIPAA) and a strong capability to research and interpret localized privacy laws for new country expansion.

• Proven ability to negotiate the legal, technical, and security nuances of Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs).

• Technical fluency; you do not need to be an engineer, but you must have a track record of successfully translating legal/compliance requirements into technical tickets for product and engineering teams (and managing ISO 27001 audits alongside them).

• Strong customer-facing experience; you are highly comfortable leading live security and compliance calls with enterprise clients or clinical institutions.

• A highly hands-on "builder" mentality—you are ready to roll up your sleeves to fill out questionnaires, draft policies, and run training sessions autonomously from Day 1.

Nice to have

• Legal background (e.g., JD, LLM, or former practicing counsel) with a focus on SaaS or HealthTech.

• Early or mid-stage startup experience.

Why Inato? Our mission is to make clinical trials more accessible and inclusive. We value diverse backgrounds and experiences, bringing together industry veterans with fresh perspectives to advance the clinical trials industry. Join us at Inato and be part of a team that’s making a real difference in healthcare.

Benefits

• Remote-first philosophy & flexible hours

• Top-of-the-line equipment

• Modern free health insurance (Benefiz)

• Compensatory time off (RTT)

• Lunch vouchers (Swile)

• Gym membership (Gymlib)

• Free books & learning material

Salary Range: €75,000 to €100,000