Compliance and Data Privacy Officer (fractional)
Segmed’s mission is to bring higher quality healthcare to millions of patients around the world. We are revolutionizing healthcare research by building a medical imaging data platform with secure and easy data access. We see a future where medical AI helps people get a better standard of care no matter where they are in the world, and we hope you do, too! We are a fast-growing startup in a quickly evolving field and we came out of Stanford and Y Combinator. We're a 100% remote and distributed team.
Position Summary: We’re looking for a highly experienced and visionary compliance executive to lead the development and implementation of an enterprise compliance program tailored for medical imaging real-world data. This role is pivotal in ensuring that Segmed and its partners adhere to the highest standards of regulatory compliance, data privacy, and ethical practices. We are a small startup, so the ideal candidate will bring a unique blend of innovation, scientific expertise, and compliance acumen to an evolving role.
Essential Duties and Responsibilities:
- Design and oversee a comprehensive compliance program that aligns with Segmed’s strategic initiatives, regulatory requirements, industry standards, and best practices.
- Identify and maintain a list of laws, regulations, and standards bodies Segmed is required to comply with and update this list as the compliance, data privacy, and security landscape shifts.
- Ensure policies, procedures, and controls are in place to ensure compliance with relevant laws and regulations, including HIPAA, FTC, appropriate state laws and other data protection frameworks.
- Conduct thorough gap analyses of existing documentation and compliance practices and identify areas for improvement.
- Augment policies, procedures, and controls as needed.
- Write and update policies, procedures, work instructions, and training materials to support company and compliance initiatives. Collaborate with cross-functional teams to ensure policies are practical, effective, and aligned with operational needs.
- Ensure policies, procedures, and controls are in place to ensure compliance with relevant data privacy and information security standards such as ISO 27001 and SOC2.
- Conduct thorough gap analyses of existing documentation and compliance practices and identify areas for improvement.
- Augment policies, procedures, and controls as needed
- Write and update policies, procedures, work instructions, and training materials to support company and compliance initiatives. Collaborate with cross-functional teams to ensure policies are practical, effective, and aligned with operational needs.
- Ensure policies, procedures, and controls are in place to ensure compliance with contracts Segmed has signed such as Data partner, referral/reseller partnerships, technology partners and client agreements.
- Provide product / solution requirements to ensure technology and services are compliant with relevant laws, regulations, standards bodies noted above, across the enterprise (e.g. in business, productivity, software platforms)
- Define, build, and then partner with the risk management team to mitigate compliance vulnerabilities and ensure robust data governance.
- Provide expert guidance and support to internal teams and external stakeholders on compliance-related issues.
- Lead the implementation and maintenance of a Quality Management System, including a Learning Management System (LMS) and Document Management System (DMS). Ensure the QMS supports continuous improvement and compliance with regulatory standards.
- Develop and deliver comprehensive training programs to educate employees and partners on emerging compliance requirements and best practices.
- Implement monitoring and auditing processes to ensure ongoing compliance with policies and regulations, across the enterprise (e.g. in business, productivity, software platforms).
- Prepare and present compliance reports to senior management and the board of directors.
- Serve as the primary point of contact for regulatory agencies, auditors, and external partners on compliance matters.
- Ultimately, foster a culture of compliance and ethical behavior throughout the organization.
- Own the relationship with external CISO consultants to ensure adherence to information security best practices are being adhered to in R&D
- Lead the relationship with expert determination agencies such as Datavant Privacy Hub
- Lead the evaluation and business case creation for future business investments that would extend Segmed’s value proposition via regulatory, compliance, data privacy and security including opportunities offered by increased compliance to ISO 9001, FDA, GDPR, Fedramp, NIST, HiTrust, etc.
Required Qualifications:
- Proven track record of developing and implementing successful compliance programs.
- 10+ years of experience in compliance, regulatory affairs, or a related field within the life sciences industry.
- Advanced degree in Regulatory Affairs, Clinical Science, Biomedical Informatics, or a related field.
Knowledge, Skills, and Abilities:
- Solid understanding of healthcare and life sciences ecosystems for medical devices.
- Profound knowledge of the regulations and standards for electronic health records, electronic record systems, and real-world imaging data, including FDA, HIPAA, GDPR, and other data protection laws.
- Familiarity with imaging technologies and data.
- Experience implementing and maintaining data privacy and information security standards such as HiTrust, Fedramp, SOC2, ISO27001
- Experience with the validation, testing, and compliance life cycle of artificial intelligence (AI) algorithms, including knowledge of regulatory requirements and best practices for ensuring the ethical and effective use of AI in healthcare and life sciences.
- Awareness of privacy-preserving methodologies, including tokenization and synthetic data.
- Familiarity with hyperscale cloud providers (MS,Google,AWS, etc…) and their configuration to ensure compliance and safety across the enterprise.
- Familiarity with security first principles in SDLC, including appropriate processes and tools/configurations in support of a zero-trust architecture.
- Proficiency with security documentation for electronic systems, organizational infrastructure, and data.
- Exceptional attention to detail.
- Strong problem-solving skills, with the ability to conduct thorough gap analyses and risk assessments.
- Excellent communication and interpersonal skills, with the ability to effectively train and educate diverse audiences.
- Enjoys working independently and as part of a cross-functional team.
- High ethical standards and a commitment to fostering a culture of compliance and integrity.
Segmed Values
- Transparency: We tell it like it is, good or bad
- Social Good: People first
- Learning Mentality: We acknowledge what we don’t know and find out
- Integrity: Do the right thing even if no one’s watching
The Segmed team is international. We have team members from a huge variety of backgrounds and lifestyles. We consider equal opportunities essential. We do not discriminate based upon race, religion, color, national origin, sex, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.
Apply for this job
*
indicates a required field