Privacy & Compliance Specialist

Posted 2 Days Ago
Be an Early Applicant
San Francisco, CA, USA
In-Office
Senior level
Healthtech • Information Technology • Software
The Role
Build and run the company's privacy and compliance program end-to-end for healthcare data: data mapping, notices, consent flows, DSARs, vendor diligence, HIPAA and SOC 2 compliance, PIA/privacy-by-design reviews, incident response, training, and advising Product/Engineering on AI and data use while tracking evolving regulations.
Summary Generated by Built In

We are seeking a Privacy & Compliance Specialist to build and run Superpower's privacy and compliance program and accelerate our mission. We are looking for someone who cares deeply about protecting member health data, crossing t’s and dotting i’s, and can think at scale. Critically, you’re excited about joining a fast-growing startup (backed by some of the world's best healthcare investors) on a mission to provide everyone access to the world's best care. This role will own privacy and compliance end-to-end within our longevity and functional medicine model, ensuring that how we collect, use, and protect data and expand operations across 50 states remains safe, compliant, and built to move the business forward rather than slow it down.


Key Responsibilities

  • Build and run Superpower's privacy program end-to-end — data mapping and inventory, privacy notices, consent flows, and data subject / patient rights requests (access, deletion, correction).

  • Establish how Superpower collects, stores, processes, and uses member health data across EMRs, health information exchanges, genetic reports, wearables, and the AI-powered digital twin.

  • Run privacy impact assessments and privacy-by-design reviews for new products, features, and services (e.g., prescription peptides).

  • Manage vendor privacy diligence, data processing agreements, and Business Associate Agreements, and maintain the record of processing and data flows.

  • Own compliance frameworks and audit readiness (e.g., HIPAA Security Rule, SOC 2) — policies, controls, evidence, and remediation.

  • Run security and privacy awareness training and maintain the company risk register.

  • Respond to customer and partner security questionnaires and support due diligence for partnerships and fundraising.

  • Own incident response and breach assessment / notification workflows, in coordination with Engineering and leadership.

  • Advise Product and Engineering on practical guardrails for AI-driven clinical recommendations and member data use.

  • Track evolving state and federal privacy regulations — HIPAA, state health privacy laws (e.g., Washington's My Health My Data Act), CCPA/CPRA, and FTC health data rules — and translate them into concrete internal requirements.


Qualifications

  • 5+ years in privacy and/or compliance, ideally in healthcare or another highly regulated, data-intensive industry, with hands-on experience running a privacy program.

  • Working fluency with HIPAA and modern privacy laws (state health privacy laws, CCPA/CPRA, FTC health data rules); familiarity with frameworks like SOC 2 a plus.

  • Ability to research and understand new regulatory requirements.

  • Independent operator that builds scalable frameworks rather than one-off fixes, flagging risks before they become blockers.

  • Strong judgment — able to distinguish real risk from theoretical risk, and to know when to escalate to counsel or leadership versus handle it directly.

  • Excellent communication skills and ability to translate complex privacy and compliance concepts into clear, actionable guidance for non-specialists.

  • Comfort with ambiguity, cross-functional collaboration, and building 0-to-1 infrastructure in a fast-moving, tech-enabled startup.

  • Self-starter with a can-do attitude and an ownership mindset — you don't wait to be told what to do.

  • Strong personal interest in longevity and preventive healthcare.

  • Privacy certification (e.g., CIPP/US, CIPM, CIPP/E, or CHPC) valued but not required.

  • No JD or bar membership; this is not a counsel role.


Commitment

  • Full-time.

  • In-person in San Francisco


Why Join Us

  • Be part of a mission-driven team redefining preventative, root-cause, and longevity-focused care.

  • Own privacy and compliance end-to-end and be known as someone who makes things possible — clearing the path so the team can move faster, not slower.

  • Build a modern privacy and compliance function from the ground up, with real ownership and impact beyond a traditional compliance role.

  • Work directly across Operations, Product, Engineering, Growth, and Clinical on a flat, high-velocity team.

About Superpower

Superpower is a new health system on a mission to extend and enhance human life.

We started with lab testing, then data aggregation / digital twin, then an AI doctor, and now peptides.

Over the past 6 months, we have grown 10x whilst halving CAC. Now we are gearing up for hyper growth.

You can find more about us below:

  • superpower.com/series-a

  • Superpower Overview

  • Culture at Superpower


Company Philosophies

  • We are all here to genuinely do our life’s best work

  • Insanely high talent bar, never settling. A players only (see Steve Jobs)

  • We live to work as much as we work to live. But we sustainably espouse the superpower ethos of putting health first

  • We aim to set the gold standard for team health culture on the planet — live the ethos!

Investors

  • Forerunner (Top consumer healthcare VC in the world; early board members of Hims and Oura; Kirsten, founder of Forerunner, led our Series A)

  • 8VC (leading health and bio investor)

  • Evan Moore (Founder of Doordash; Partner at Khosla Ventures)

  • Cyan Bannister (early investor into Uber and SpaceX, former partner at Founder’s Fund, regarded as one of the top angels in the world)

  • Balaji Srinivasan (ex-Coinbase CTO and angel, ex-General Partner at a16z)

  • Arielle Zuckerberg (active angel, tech leader, relatively famous brother)

  • Cameron & Tyler Winklevoss

  • Susa Ventures (tier 1 healthcare VC)

  • Bond Capital (General Partner Jay Simons' early-stage fund within Bond)

  • Long Journey Ventures (investor in Uber, Notion, Loom, Affirm etc.)

  • Influencers

    • Shaan Puri (angel and podcast host of my first million)

    • Brooke Monke (50 million followers across socials)

    • Logan Paul

    • Steve Aoki

    • Justin Mares (founder of Truemed)

    • Giannis Antetokounmpo

    • Kylian Mbappé

We’re proud to be a global team and welcome talent from around the world. We offer visa sponsorship and can support relocation to the United States for the right candidates. Much of our team is international, and we’re committed to building a team of top-tier talent.

Skills Required

  • 5+ years in privacy and/or compliance, ideally in healthcare or another highly regulated, data-intensive industry
  • Hands-on experience running a privacy program (data mapping, DSARs, consent flows, vendor DPIAs, record of processing)
  • Working fluency with HIPAA and modern privacy laws (state health privacy laws, CCPA/CPRA, FTC health data rules)
  • Ability to research and interpret new regulatory requirements
  • Experience with compliance frameworks and audit readiness (eg. SOC 2) and policies, controls, evidence, remediation
  • Independent operator who builds scalable frameworks rather than one-off fixes
  • Strong judgment to prioritize real risk and escalate appropriately
  • Excellent communication skills to translate complex privacy concepts for non-specialists
  • Comfort with ambiguity, cross-functional collaboration, and building 0-to-1 infrastructure in a fast-moving startup
  • Self-starter with ownership mindset
  • Strong personal interest in longevity and preventive healthcare
  • Privacy certification (CIPP/US, CIPM, CIPP/E, CHPC) valued but not required
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Glenville, NY
148 Employees
Year Founded: 2023

What We Do

Superpower offers a digital health platform and clinic focused on personalized healthcare, integrating comprehensive diagnostics, personalized care plans, and health tracking tools with an emphasis on prevention.

Similar Jobs

Wipfli Logo Wipfli

Audit Senior Manager, Health Care Industry

Cloud • Fintech • Software • Business Intelligence • Consulting • Financial Services
Remote or Hybrid
Irvine, CA, USA
3000 Employees
142K-200K Annually

Wipfli Logo Wipfli

Consultant

Cloud • Fintech • Software • Business Intelligence • Consulting • Financial Services
Remote or Hybrid
Irvine, CA, USA
3000 Employees
88K-118K Annually

Wipfli Logo Wipfli

Audit Manager, Technology Industry

Cloud • Fintech • Software • Business Intelligence • Consulting • Financial Services
Remote or Hybrid
United States
3000 Employees
97K-145K Annually

Tapestry - Coach and Kate Spade Logo Tapestry - Coach and Kate Spade

Sales Associate II

eCommerce • Fashion • Retail • Sales • Wearables • Design
Hybrid
Pleasant Valley, CA, USA
16000 Employees
15-24 Hourly

Similar Companies Hiring

Golden Pet Brands Thumbnail
Digital Media • eCommerce • Information Technology • Marketing Tech • Pet • Retail • Social Media
El Segundo, California
178 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account