Key Facts

Remote From:

Full time

Senior (5-10 years)

English

Hard Skills

ISO/IEC 27000 Series General Data Protection Regulation (GDPR) Enterprise Network Security Information Security Management Information Privacy Import/Export Regulatory Compliance Vendor Management Auditing Risk Management Governance and Compliance Strategy +3 more

Other Skills

•
Detail Oriented

Roles & Responsibilities

7+ years of experience in data privacy, compliance, risk management, or tech law, preferably in fast-paced B2B SaaS, HealthTech, or Life Sciences.
Deep expertise in GDPR and HIPAA with ability to interpret localized privacy laws for new country expansion.
Proven ability to negotiate DPAs and BAAs and manage related legal/commercial risk.
Strong technical fluency with a track record translating legal/compliance requirements into technical tickets for product/engineering and supporting ISO 27001 audits.

Requirements:

Drive geographic expansion by defining and leading the privacy and compliance roadmap for entering new global markets, navigating localized data privacy laws, and managing cross-border data transfer requirements.
Own enterprise security questionnaires and contract reviews, negotiating DPAs/BAAs including liability caps, notice periods, and security exhibits.
Act as the company's Data Protection Officer (DPO), govern GDPR and HIPAA, oversee the ISMS, and collaborate with Engineering/IT to maintain ISO 27001.
Enable sales and product teams by leading live security/compliance calls with enterprise sponsors and clinical sites, advising on Privacy by Design, and translating legal obligations into clear engineering tickets.

Inato

Pharmaceuticals

About Inato

At Inato, our mission is to bring clinical trials to each and every patient, regardless of who they are or where they live. Today, with 5% of sites running 70% of clinical trials, only patients with privileged access to these sites have an opportunity to participate in trials. We envision a world where it’s so easy to find and apply for the right trials that the other 95% of sites – often community-based research sites – can play a bigger role and accelerate research. By expanding access, we can make clinical trials more accessible, efficient, and inclusive. That’s why we’ve created a platform that connects global pharmaceutical companies with a broader range of research sites, while ensuring reliable high performance. Our exclusive site profiles, trial application & verification processes, and ongoing support helps sites (at no charge) to get selected and meet enrollment targets, while giving sponsors access to previously untapped patient populations. We’re seeing growing trust in community sites, faster timelines for sponsors and sites, increased patient accessibility, and diversified participation for more inclusive trials. Drug development is a challenging, intellectually complex, and rewarding endeavor. By working together to bring trial access into communities across the globe, we can more efficiently develop treatments that are safe and effective for everyone.

Company type: Startup

Industry: Pharmaceuticals

Founded: 2018

Company size: 51 - 200

Website LinkedIn See all jobs →

Job description

Who We Are

Inato is a Tech for Good company striving to bring clinical research to each and every patient, regardless of who they are or where they live. To do this, we are building the world's first clinical trial platform to create greater visibility, access, and engagement across a more diverse population of doctors and their patients.

Drug development is a challenging, intellectually complex, and rewarding endeavor: we enable global pharmaceutical companies to confidently partner with community-based researchers to increase patient access to the latest medical innovations. Our AI-powered platform currently offers clinical trials from leading companies to over 5,500 sites across the globe and we are well poised for growth in 2026.

We are a growing team of passionate pharmaceutical experts, software and AI engineers, professional services members, and many more—all bringing their unique perspectives to solve the challenges facing clinical research.

Inato is the recent recipient of Fast Company’s Most Innovative Companies of 2024, Fierce Healthcare’s Fierce 15, and Built In's Best Places to Work 2025.

The Role As our Compliance & Risk Lead, you will be the cornerstone of Inato’s trust and security posture, ensuring that our rapid scaling and geographic expansion remain deeply compliant with global healthcare standards. You will act as the "face of compliance" to our enterprise partners and serve as our internal legal/privacy expert. Reporting to the VP Finance, you will act as Inato's official Data Protection Officer (DPO), negotiate complex data agreements, chart the regulatory roadmap for new countries, and partner closely with our technical teams to govern our ISO 27001 and risk management programs.

Responsibilities

Drive Geographic Expansion: Define and lead the privacy and compliance roadmap for entering new global markets, navigating localized data privacy laws, and managing cross-border data transfer requirements.
Own Questionnaires & Contracts: Take end-to-end ownership of completing enterprise security questionnaires and deeply review/negotiate liability caps, notice periods, and security exhibits in Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs).
Act as DPO & Manage Core Frameworks: Serve as Inato's registered Data Protection Officer (DPO). Own the ongoing governance of GDPR and HIPAA. Manage our Information Security Management System (ISMS) and partner closely with Engineering/IT to maintain our ISO 27001 certification.
Enable Sales & Build Customer Trust: Act as the face of Inato’s compliance, leading live security calls with enterprise sponsors and clinical sites to defend our posture.
Advise on "Privacy by Design": Act as a consultant to Product Managers, reviewing feature roadmaps and data flows to ensure global patient data management remains compliant from the ideation phase.
Bridge Policy & Product: Act as the crucial translator who converts complex legal obligations into clear, actionable business requirements and tickets for the engineering team to build.
Scale External Trust: Create compliance collateral (whitepapers, FAQs) to proactively answer customer questions and implement vendor risk management processes.

Qualifications

7+ years of professional experience in data privacy, compliance, risk management, or tech law, ideally within a fast-paced B2B SaaS, HealthTech, or Life Sciences environment.
Deep expertise in global privacy frameworks (GDPR, HIPAA) and a strong capability to research and interpret localized privacy laws for new country expansion.
Proven ability to negotiate the legal, technical, and security nuances of Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs).
Technical fluency; you do not need to be an engineer, but you must have a track record of successfully translating legal/compliance requirements into technical tickets for product and engineering teams (and managing ISO 27001 audits alongside them).
Strong customer-facing experience; you are highly comfortable leading live security and compliance calls with enterprise clients or clinical institutions.
A highly hands-on "builder" mentality—you are ready to roll up your sleeves to fill out questionnaires, draft policies, and run training sessions autonomously from Day 1.

Nice to have

Legal background (e.g., JD, LLM, or former practicing counsel) with a focus on SaaS or HealthTech.
Early or mid-stage startup experience.

Why Inato? Our mission is to make clinical trials more accessible and inclusive. We value diverse backgrounds and experiences, bringing together industry veterans with fresh perspectives to advance the clinical trials industry. Join us at Inato and be part of a team that’s making a real difference in healthcare.

Benefits