Director, Privacy

Remote - US
Operations /
Full Time
/ Remote
Our Mission
At Big Health, our mission is to help millions back to good mental health by providing fully digital, non-drug options for the most common mental health conditions. Our digital therapeutics — Sleepio for insomnia, Daylight for anxiety, and SparkRx for depression — provide treatment anytime, anywhere.

In pursuit of our mission, we’ve pioneered the first at-scale digital therapeutic business model, in partnership with some of the most prominent global healthcare organizations, including CVS Health and the UK’s NHS. Through product innovation, robust clinical evaluation, and a commitment to equity at scale, we are designing the next generation of medicine and the future of mental health care.

Our Vision
Over the next 5-10 years, digital therapeutics (DTx) will transform the delivery of health care worldwide, providing access to safe and effective evidence-based treatments to billions. Big Health is in a prime position to take the lead in this transformation.

Big Health is a remote-first company, and this role can be based anywhere in the US. We encourage you to apply even if you don’t meet 100% of the job requirements.

Join us.

We’re looking for a highly skilled and experienced Director of Data Privacy to join Big Health. Reporting to the Chief Financial Officer, the Director of Privacy will serve as the enterprise subject matter expert on privacy laws and regulations. They will oversee and manage the planning, implementation, oversight, auditing, monitoring, and ongoing operation of Big Health's privacy compliance and work very closely with the security engineering team. This includes ensuring compliance with federal, state, and international regulations and accreditation standards, such as HIPAA, GDPR, state data protection and privacy laws, ISO 27000 requirements, and HITRUST requirements. The Director of Privacy will provide expert guidance and advice to internal stakeholders on privacy, security, and compliance-related matters. The ideal candidate is an attorney with prior data privacy experience in HCIT, possessing strong business judgment and the ability to collaborate effectively across the organization.

Job Responsibilities:

    • Advise and partner with internal product owners, sales, marketing, human resources, and other business teams to mitigate privacy risks and ensure compliance with relevant privacy matters, including HIPAA
    • Draft, review, and negotiate Business Associate Agreements and/or Data Use Agreements
    • Provide support to commercial attorneys in contract negotiations, specifically on data privacy and information security issues, including data protection agreements and information security addenda
    • Establish and maintain compliance with applicable data privacy and consumer protection laws, ensuring data use and handling align with legal requirements
    • Develop and manage Big Heath’s internal policies, procedures, and practices to address current and future data privacy and consumer protection laws
    • Collaborate closely with the engineering team to identify and address privacy and security risks
    • Monitor and analyze new and pending privacy, data protection, and consumer legislation that may impact the business
    • Establish an ongoing process to track, investigate, and report inappropriate access and disclosure of protected health information, including oversight of corrective action plans that mitigate non-compliance
    • Conduct periodic risk assessments and ongoing monitoring of key elements of the privacy program, including privacy notice, consent, authorization, business partner agreements/practices, minimum necessary information, disclosure, etc., and develop corresponding work plans, including corrective action plans
    • Respond to alleged violations of information privacy, security, or compliance rules, regulations, policies, procedures, and Standards of Conduct by evaluating and investigating reported alleged violations
    • Manage required breach determination and notification processes under applicable federal and state laws
    • Manage HITRUST and SOC 2 certification process (along with our external assessors).Partner with the CFO to review the current cyber insurance policy. If necessary, meet and establish relationships with the provider's approved law firms to help implement a breach response plan


    • Undergraduate degree and JD from an accredited law school
    • Admitted to at least one state bar in the United States
    • 7 years of legal experience with a focus on privacy law, including 3+ years of specific privacy law practice
    • Strong knowledge of US, North American, and Global Privacy laws and regulations, such as HIPAA, HITRUST, and UK/EU GDPR. Familiarity with CCPA/CPRA, TCPA, PMDA, CAN-SPAM, FTC Act, 21 CFR Part 11, and other data privacy and consumer protection laws
    • Experience in healthcare privacy compliance or a similar enabling function in the healthcare industry, including developing and maintaining comprehensive privacy programs for scaling organizations
    • Expertise in managing Privacy programs under European data protection laws and GDPR
    • Prior experience in drafting and negotiating contractual provisions
    • Knowledge of information technology and information security concepts
    • Proficient in cultivating internal relationships and collaborating effectively with colleagues at all levels
    • Proficient in both written and oral communication, with a strategic approach
    • CIPP or similar Privacy and Data Protection certification, Compliance Certifications, Industry Presentations, Roundtable Participation all a plus

Life at Big Health:

    • Join a diverse team of all backgrounds, we’re proud to be an equal opportunity employer
    • Autonomy over your work and freedom to input
    • Enjoy a clearly structured personal review and development program
    • Quarterly happiness survey that we use to ensure we’re creating a healthy and happy workplace for ourselves
    • Fund for spending on personal happiness
    • Regular team and company events
    • Generous vacation and maternity/paternity policy
    • Competitive salary and equity package

More Background on Big Health:

    • Backed by leading venture capital firms, Index Ventures, Octopus Ventures, and Kaiser Permanente Ventures
    • With offices in London and San Francisco, Big Health’s products are used by large multinational employers and major health plans to help improve sleep and mental health. To date, more than 12 million people across 60+ countries have access to Sleepio or Daylight
$175,000 - $200,000 a year
Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits. Additional compensation may include benefits, variable pay, discretionary bonuses, and equity.

Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. The pay scale is subject to change depending on business needs.
Because we are on a mission to bring millions back to good mental health, we believe it’s essential to reflect the diversity of those we intend to serve. We’re an equal opportunity employer dedicated to building a culturally and experientially diverse team that leads with empathy and respect.

Additionally, we will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance. Big Health participates in E-Verify and will provide the federal government with Form I-9 information from all new employees to confirm that they are authorized to work in the U.S. Big Health does not use E-Verify to pre-screen applicants.