Employer: Grand Rounds

About the role:

As a member of the legal and privacy teams, you’ll be at the forefront of cutting-edge consumer health and privacy matters. You’ll be helping design, build, maintain, and evolve the company’s next-generation privacy and data protection compliance program and infrastructure. Your work will have a real impact – what we do improves patient outcomes, sets new standards for health privacy, and changes how healthcare is delivered.


  • Reporting to the Associate General Counsel (Product & Privacy), you will support and assist the AGC with (non-exhaustive list):
  • Designing, building, and maintaining the company’s privacy program, e.g., compliance operations; strategic governance and documentation; training and awareness; policy, notice, forms, and process generation, maintenance, and enforcement; program monitoring and auditing; incident management; risk assessment; DSAR or subject requests; and more.
  • Driving strategic vision, guiding teams, and stakeholders, and providing project management support and leadership, spanning privacy and data processing issues across the organization.
  • Promoting and encouraging a culture of data privacy across the organization.
  • Partnering closely with business and engineering teams to integrate privacy frameworks, particularly Privacy by Design and HIPAA.
  • Facilitating generation and maintenance of data flow inventories, engaging with stakeholders to educate on and mitigate related risks.
  • Developing commercial/go-to-market support playbooks, drafting and reviewing data processing and privacy terms in inbound and outbound commercial contracts, responding to RFPs, supporting vendor onboarding, and reviewing data agreements for compliance.
  • Staying informed of developments in global privacy and data protection laws, regulations, and other government policy initiatives that could impact the business; identifying and assessing risk and compliance requirements, including implementing controls and ongoing compliance monitoring.


  • 4+ years of professional experience in data protection, privacy, cybersecurity, regulatory compliance, legal, or a related field desired.
  • Working knowledge of U.S. privacy and data protection laws, particularly HIPAA and CCPA / CPRA.
  • Strong oral and written communication skills, including the ability to communicate across cross-functional teams and help build consensus among stakeholders.
  • Demonstrable program management skills with the ability to manage multiple projects simultaneously, help drive cross-functional alignment, and bring projects to successful completion.
  • Experience designing, implementing, and maintaining a data privacy program, and related proficiency developing policies, processes, standards, training, and more.
  • Experience reviewing and editing contracts, and ability to synthesize regulations and guidance and translate into practical operations.
  • Experience in technology and health care services, highly desirable.
  • CIPP/US and/or CIPM preferred.
  • Bachelors or equivalent required; legal degree a plus.