About the Role
Title: Privacy Program Specialist
Location: United States
Job Description:
Our mission: to eliminate every barrier to mental health.
At Spring Health, we’re on a mission to revolutionize mental healthcare by removing every barrier that prevents people from getting the help they need, when they need it. Our clinically validated technology, Precision Mental Healthcare, empowers us to deliver the right care at the right time—whether it’s therapy, coaching, medication, or beyond—tailored to each individual’s needs.
We proudly partner with over 450 companies, from startups to multinational Fortune 500 corporations, as a leading provider of mental health service, providing care for 10 million people. Our clients include brands you use and know like Microsoft, Target, and Delta Airlines, all of whom trust us to deliver best-in-class outcomes for their employees globally. With our innovative platform, we’ve been able to generate a net positive ROI for employers and we are the only company in our category to earn external validation of net savings for customers.
We have raised capital from prominent investors including Generation Investment, Kinnevik, Tiger Global, Northzone, RRE Ventures, and many more. Thanks to their partnership and our latest Series E Funding, our current valuation has reached $3.3 billion. We’re just getting started—join us on our journey to make mental healthcare accessible to everyone, everywhere.
We’re hiring a Privacy Program Specialist to help operationalize and maintain Spring Health’s dynamic US and global privacy program. In this role, you’ll manage DPIAs, PIAs, and data mapping efforts, while supporting privacy reviews for innovative products and features in collaboration with cross-functional teams. You’ll enhance our use of privacy tools, track regulatory changes, and contribute to audits, due diligence, and reporting. This is a great opportunity for someone who loves bringing structure to complex processes and thrives at the intersection of privacy, technology, and operations. This is a Full-time, Remote position reporting directly to the Privacy and Data Protection Officer.
What you’ll do:
- Operationalize and help maintain Spring Health’s US and global privacy program across jurisdictions.
- Conduct and manage Data Protection Impact Assessments (DPIAs), Privacy Impact Assessments (PIAs), and records of processing activities (RoPAs).
- Maintain and evolve data mapping efforts across systems and vendors.
- Support privacy reviews and Customer questionnaires for new products, features, and data use in partnership with Product, Engineering, Security, and AI/ML teams.
- Manage and enhance use of privacy management tools (e.g., OneTrust, TrustArc), including intake workflows, assessment templates, and reporting.
- Track regulatory developments and assist with gap assessments and remediation efforts.
- Support documentation for audits, due diligence, and regulatory inquiries.
- Assist in developing and maintaining metrics and dashboards to monitor the health of the privacy program.
- Perform other duties as assigned.
What success looks like:
Complete and maintain DPIAs, PIAs, and RoPAs in alignment with internal processes and regulatory expectations within established timeframes.Ensure data mapping across systems and vendors is accurate, comprehensive, and regularly updated.Maintain and optimize privacy management tools, including intake workflows, templates, and reporting functions.Develop and maintain dashboards and metrics to track the health and maturity of the privacy program.
What you’ll bring:
- 4+ years of experience in privacy, and data protection, with at least 2 years in a program or project management capacity.
- Strong understanding of global privacy laws and frameworks (e.g., GDPR, CCPA/CPRA, HIPAA)
- Demonstrated experience operationalizing privacy programs, including policy development, training and awareness, data mapping, risk assessments, and privacy-by-design initiatives.
- Proven ability to manage cross-functional projects involving Legal, Security, Engineering, Product, and Compliance teams.
- Experience using privacy management platforms (e.g., OneTrust, TrustArc, BigID) or other GRC tools.
- Excellent communication, documentation, and stakeholder engagement skills.