About the role:

As a member of the legal and privacy teams, you’ll be at the forefront of cutting edge consumer health and privacy matters. You’ll be helping design, build, maintain, and evolve the company’s next generation privacy and data protection compliance program and infrastructure. Your work will have real impact - what we do improves patient outcomes, sets new standards for health privacy, and changes how healthcare is delivered. 

Responsibilities:

• Reporting to the Associate General Counsel (Product & Privacy), you will support and assist the AGC with (non-exhaustive list):
• Designing, building, and maintaining the company’s privacy program, e.g., compliance operations; strategic governance and documentation; training and awareness; policy, notice, forms, and process generation, maintenance, and enforcement; program monitoring and auditing; incident management; risk assessment; DSAR or subject requests; and more. 
• Driving strategic vision, guiding teams and stakeholders, and providing project management support and leadership, spanning privacy and data processing issues across the organization.
• Promoting and encouraging a culture of data privacy across the organization.
• Partnering closely with business and engineering teams to integrate privacy frameworks, particularly Privacy by Design and HIPAA.
• Facilitating generation and maintenance of data flow inventories, engaging with stakeholders to educate on and mitigate related risks.
• Developing commercial/go-to-market support playbooks, drafting and reviewing data processing and privacy terms in inbound and outbound commercial contracts, responding to RFPs, supporting vendor onboarding, and reviewing data agreements for compliance.
• Staying informed of developments in global privacy and data protection laws, regulations and other government policy initiatives that could impact the business; identify and assess risk and compliance requirements, including implementing controls and ongoing compliance monitoring. 

Qualifications:

• 4+ years of professional experience in data protection, privacy, cybersecurity, regulatory compliance, legal or a related field desired.
• Working knowledge of U.S. privacy and data protection laws, particularly HIPAA and CCPA / CPRA.
• Strong oral and written communication skills, including the ability to communicate across cross-functional teams and help build consensus among stakeholders.
• Demonstrable program management skills with the ability to manage multiple projects simultaneously, help drive cross-functional alignment, and bring projects to successful completion.
• Experience designing, implementing, and maintaining a data privacy program, and related proficiency developing policies, processes, standards, training, and more.
• Experience reviewing and editing contracts, and ability to synthesize regulations and guidance and translate into practical operations.
• Experience in technology and health care services, highly desirable.
• CIPP/US and/or CIPM preferred.
• Bachelors or equivalent required; legal degree a plus.

About Included Health

Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation. We’re on a mission to raise the standard of healthcare for everyone. We break down barriers to provide high-quality care for every person in every community — no matter where they are in their health journey or what type of care they need, from acute to chronic, behavioral to physical. We offer our members care guidance, advocacy, and access to personalized virtual and in-person care for everyday and urgent care, primary care, behavioral health, and specialty care. It’s all included. Learn more at includedhealth.com.

-----

Included Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Included Health considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.