The Data Privacy Attorney who will act as an individual contributor to the Legal Department, ensuring compliance with TriNetX’s data privacy and security governance program and processes. The Data Privacy Attorney shall report to the In-house Corporate Counsel.
Assist with producing documentation, including privacy risk assessments, risk analyses, incident reports, and related artifacts including assisting with pre-sale privacy assessments.
- Collaborating on privacy audits and remediation, regularly tracking and reporting compliance with our internal privacy control framework and other privacy program metrics.
- Assist with ensuring applicable privacy and security requirements are incorporated into Policies, SOPs, and other controls, implemented for a project, product, or platform.
- Assist with implementing all data processing agreements to ensure applicable program concerns, requirements, and responsibilities are addressed, in addition to assisting with ongoing compliance monitoring.
- Address all gaps with and requirements for compliance with applicable privacy laws and educate TriNetX internal stakeholders.
- Act as a data privacy and compliance liaison, under the direction of the head of the legal department, to the business, to ensure compliance with applicable data protection laws, including but not limited to GDPR, CCPA, and HIPAA. This includes review of all Privacy Agreements and other privacy documents including but not limited to Data Addendums, Data Protection Impact Assessments, and other privacy contracts.
- Keep abreast of all privacy law changes and educates TriNetX internal stakeholders accordingly.
- Participate in meetings with the Data Trust Team and other departmental meetings, as needed.
- Analyzes and reviews, privacy and security matters of client and vendor contract terms, conditions, and obligations, as assigned.
Other duties and responsibilities: (What you bring to the table)
- Coordinates with internal TriNetX stakeholders, including Engineering, IT, Data Team, and Security, on related terms in the contract, or contract change(s) in scope, including all non-standard terms and conditions.
- Provides other support, as necessary, as directed by the In-house Counsel, including without limitation: supporting any requirements for product and platform monitoring.
- Juris Doctorate Degree
- Licensed attorney in the Commonwealth of Massachusetts.
- Three (3) or more years of relevant experience with exposure to HIPAA Privacy, Security, and Breach Notification Rules, relevant experience advising a multinational SaaS company on global data privacy regulation and laws. Healthcare IT experience is desired.
- Excellent research and writing skills are required.
- Ability to manage and communicate with multiple stakeholders in a fast-paced work environment.
- Effective organizational, analytical, confidentiality, multi-tasking, and time management skills including collaboration, partnership, and influencing skills with the ability to work in a global environment across multiple locations and time zones to drive projects from start to finish.
- Ability to manage a high volume of work.
- Excellent judgment, attention to detail, communication, and direct customer skills, plus the ability to work as part of a team as well as an individual contributor.
- CIPP/US, CIPP/EU, CIPM, or equivalent professional certification strongly preferred.
Application Submission Information: