Back to jobs

Compliance and Data Privacy Officer (fractional)

Segmed’s mission is to bring higher quality healthcare to millions of patients around the world. We are revolutionizing healthcare research by building a medical imaging data platform with secure and easy data access. We see a future where medical AI helps people get a better standard of care no matter where they are in the world, and we hope you do, too! We are a fast-growing startup in a quickly evolving field and we came out of Stanford and Y Combinator. We're a 100% remote and distributed team.

Position Summary: We’re looking for a highly experienced and visionary compliance executive to lead the development and implementation of an enterprise compliance program tailored for medical imaging real-world data. This role is pivotal in ensuring that Segmed and its partners adhere to the highest standards of regulatory compliance, data privacy, and ethical practices. We are a small startup, so the ideal candidate will bring a unique blend of innovation, scientific expertise, and compliance acumen to an evolving role. 

Essential Duties and Responsibilities: 

  • Design and oversee a comprehensive compliance program that aligns with Segmed’s strategic initiatives, regulatory requirements, industry standards, and best practices.
  • Identify and maintain a list of laws, regulations, and standards bodies Segmed is required to comply with and update this list as the compliance, data privacy, and security landscape shifts. 
  • Ensure policies, procedures, and controls are in place to ensure compliance with relevant laws and regulations, including HIPAA, FTC, appropriate state laws and other data protection frameworks.
    • Conduct thorough gap analyses of existing documentation and compliance practices and identify areas for improvement.
    • Augment policies, procedures, and controls as needed.
    • Write and update policies, procedures, work instructions, and training materials to support company and compliance initiatives. Collaborate with cross-functional teams to ensure policies are practical, effective, and aligned with operational needs.
  • Ensure policies, procedures, and controls are in place to ensure compliance with relevant data privacy and information security standards such as ISO 27001 and SOC2.
    • Conduct thorough gap analyses of existing documentation and compliance practices and identify areas for improvement.
    • Augment policies, procedures, and controls as needed
    • Write and update policies, procedures, work instructions, and training materials to support company and compliance initiatives. Collaborate with cross-functional teams to ensure policies are practical, effective, and aligned with operational needs.
  • Ensure policies, procedures, and controls are in place to ensure compliance with contracts Segmed has signed such as Data partner, referral/reseller partnerships, technology partners and client agreements.
  • Provide product / solution requirements to ensure technology and services are compliant with relevant laws, regulations, standards bodies noted above, across the enterprise (e.g. in business, productivity, software platforms)
    • Define, build, and then partner with the risk management team to mitigate compliance vulnerabilities and ensure robust data governance.
    • Provide expert guidance and support to internal teams and external stakeholders on compliance-related issues.
  • Lead the implementation and maintenance of a Quality Management System, including a Learning Management System (LMS) and Document Management System (DMS). Ensure the QMS supports continuous improvement and compliance with regulatory standards.
  • Develop and deliver comprehensive training programs to educate employees and partners on emerging compliance requirements and best practices.
  • Implement monitoring and auditing processes to ensure ongoing compliance with policies and regulations, across the enterprise (e.g. in business, productivity, software platforms).
  • Prepare and present compliance reports to senior management and the board of directors.
  • Serve as the primary point of contact for regulatory agencies, auditors, and external partners on compliance matters.
  • Ultimately, foster a culture of compliance and ethical behavior throughout the organization.
  • Own the relationship with external CISO consultants to ensure adherence to information security best practices are being adhered to in R&D
  • Lead the relationship with expert determination agencies such as Datavant Privacy Hub
  • Lead the evaluation and business case creation for future business investments that would extend Segmed’s value proposition via regulatory, compliance, data privacy and security including opportunities offered by increased compliance to ISO 9001, FDA, GDPR, Fedramp, NIST, HiTrust, etc.

Required Qualifications:

  • Proven track record of developing and implementing successful compliance programs.
  • 10+ years of experience in compliance, regulatory affairs, or a related field within the life sciences industry.
  • Advanced degree in Regulatory Affairs, Clinical Science, Biomedical Informatics, or a related field.

Knowledge, Skills, and Abilities:

  • Solid understanding of healthcare and life sciences ecosystems for medical devices.
  • Profound knowledge of the regulations and standards for electronic health records, electronic record systems, and real-world imaging data, including FDA, HIPAA, GDPR, and other data protection laws. 
  • Familiarity with imaging technologies and data.
  • Experience implementing and maintaining data privacy and information security standards such as HiTrust, Fedramp, SOC2, ISO27001
  • Experience with the validation, testing, and compliance life cycle of artificial intelligence (AI) algorithms, including knowledge of regulatory requirements and best practices for ensuring the ethical and effective use of AI in healthcare and life sciences.
  • Awareness of privacy-preserving methodologies, including tokenization and synthetic data.
  • Familiarity with hyperscale cloud providers (MS,Google,AWS, etc…) and their configuration to ensure compliance and safety across the enterprise.
  • Familiarity with security first principles in SDLC, including appropriate processes and tools/configurations in support of a zero-trust architecture.
  • Proficiency with security documentation for electronic systems, organizational infrastructure, and data.
  • Exceptional attention to detail.
  • Strong problem-solving skills, with the ability to conduct thorough gap analyses and risk assessments.
  • Excellent communication and interpersonal skills, with the ability to effectively train and educate diverse audiences.
  • Enjoys working independently and as part of a cross-functional team.
  • High ethical standards and a commitment to fostering a culture of compliance and integrity. 

Segmed Values

  • Transparency: We tell it like it is, good or bad
  • Social Good: People first
  • Learning Mentality: We acknowledge what we don’t know and find out
  • Integrity: Do the right thing even if no one’s watching

The Segmed team is international. We have team members from a huge variety of backgrounds and lifestyles. We consider equal opportunities essential. We do not discriminate based upon race, religion, color, national origin, sex, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Apply for this job

*

indicates a required field

Resume/CV

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf



U.S. Standard Demographic Questions

We invite applicants to share their demographic background. If you choose to complete this survey, your responses may be used to identify areas of improvement in our hiring process.
Select...
Select...
Select...
Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Segmed’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.