Senior Privacy, Security & AI Counsel

Role Overview:

With a mission to fundamentally transform U.S. healthcare Collective Health is the ideal workplace for a self-starting team-oriented attorney who wants to make a major impact and assume meaningful responsibilities at a fast-growing health-tech company. We seek a business-minded attorney to become our Senior Data Security & AI Counsel proactively working on data security and AI needs. This role will provide high quality pragmatic legal counsel on a broad range of cybersecurity data protection and AI matters as well as operational guidance to the product and engineering teams on product development and launch. The job will also involve drafting and negotiating commercial terms to help ensure compliance and risk management in a rapidly evolving environment. This position is vital in driving business innovation within a complex technical and regulatory context.

What youll do:

• Regulatory Advisor:
  • Stay apprised of changing state and federal laws and direct the business on practical implementation of privacy security and AI requirements for business operations vendor engagements and product development.
  • Proactively translate state and federal privacy security and AI laws into actionable strategies product requirements and contract terms for business and product teams and assist in development of training and awareness programs.
  • Advise regulatory attorneys on privacy security and AI implications of healthcare related laws such as ERISA and the ACA as they relate to third party administrator functions claims data and required communications.
• Commercial Contracting Support:
  • Draft and negotiate privacy security and AI terms and agreements i.e. Business Associate Agreements Data Security Agreements and working with commercial attorneys to align terms with product capabilities and company processes while effectively managing privacy AI and security risks.
  • Empower business and sales teams by providing expert guidance on privacy security and AI questions in Requests for Proposals and customer questionnaires.
  • Provide strategic legal review guidance and contract terms for data use ownership indemnification and limitations of liability aligned with state and federal privacy AI and security laws and best practice to support the development and evolution of products.

• Product Engineering and AI Support:
  • Remain current on evolving AI laws to educate and provide support to the business to ensure ongoing compliance with privacy security and AI-specific regulation framework policies and guidance.
  • Proactively identify and mitigate security and AI risks associated with new product features and commercial initiatives ensuring security by design and privacy by design principles are embedded from conception and engage with product and engineering teams on new development initiatives providing clear practical legal guidance.
  • Direct teams in the legal classification of AI systems assessment of risks and AI governance frameworks including development of policies and procedures for ethical AI development deployment use and risk mitigation ensuring responsible innovation and addressing potential biases and fairness in product offerings.
  • Guide cross-functional stakeholders on AI principles such as governance transparency accountability and human-oversight.
  • Work cross-functionally on a privacy and data governance program (covering data classification retention quality access and disposal) ensuring compliance and enabling data-driven product innovation.

• Privacy & Data Security Support:
  • Act as a legal partner to the Privacy Officer and the Chief Information Security Officer to proactively advise on federal and state privacy and data security obligations applicable external certifications and benchmarking frameworks (e.g. HITRUST NIST NYDFS SOC2) including participating in tabletop exercises.
  • Assist with drafting updating and operationalizing cybersecurity and data protection policies procedures standards and guidelines and support third party risk management due diligence and contracting.
  • Advise and support as requested by the Privacy Officer and/or Chief Information Security Officer escalated privacy and/or cyber incidents lawsuits regulatory inquiries or government escalations including communications and outreach to customer vendor and partner counsel.

To be successful in this role youll need:

• D. with U.S. state bar admissions in good standing in the jurisdiction in which you practice
• 8 years in house experience supporting privacy cybersecurity data protection and/or related regulatory matters ideally in a healthcare technology setting.
• Knowledge of and ability to apply healthcare privacy security and AI legal and regulatory frameworks and industry best practices certifications and reviews and experience to a fast-paced environment
• Ability to interpret new and existing privacy security and AI requirements and provide practical actionable guidance to operationalize processes to support regulatory compliance
• Enthusiasm for and skill at building relationships sharing necessary information and collaborating effectively with a broad range of stakeholders within the company the legal and compliance teams and the health tech industry
• Experience identifying and mitigating new risks in heavily regulated or emerging technology areas as a legal advisor to product security and/or engineering teams
• Understanding and experience advising throughout the entire product development lifecycle including contracting and regulatory compliance.
• Detail-oriented with the ability to balance strategic thinking and practical hands-on execution.
• Outstanding judgment business acumen practicality collaboration responsiveness and integrity
• Excellent communication and presentation skills with the ability to represent the company effectively in internal communications at all levels and with external stakeholders.
• Passion for Collective Healths mission and for working in a young growing company where systems and processes will require hands-on engagement and creativity.

Bonus Qualifications:

• Relevant experience at a rapidly growing technology or healthcare company
• Up to date privacy security and/or healthcare certifications preferred (e.g. CIPP/US AIGP CIPT CISSP CISSP HCISPP Security CCSP)

Pay Transparency Statement

This is a hybrid position based out of our Lehi office with the expectation of being in office at least two weekdays per week. #LI-hybrid

The actual pay rate offered within the range will depend on factors including geographic location qualifications experience and internal addition to the salary you will be eligible for 200000 stock options and benefits like health insurance 401k and paid time off. Learn more about our benefits at UT Pay Range