Privacy, trust, and responsible innovation sit at the center of everything we build. As our Compliance Lead, you'll help shape how privacy and data governance scale across a rapidly growing health technology platform serving licensed practitioners and their patients across North America.
You'll work at the intersection of healthcare, AI, product development, and regulatory compliance, partnering closely with Product, Engineering, Security, Data, Clinical, and Customer Support teams. This role is ideal for someone who enjoys translating complex regulations into practical business decisions, influencing cross-functional stakeholders, and enabling innovation while protecting patient trust.
Product Governance and Growth Support
Partner with Product and Engineering on new features, architecture, and user flows to ensure privacy-by-design is integrated before launch, not retrofitted after.
Lead privacy review of AI features and AI vendors, including model training restrictions, PHI usage controls, transparency disclosures, and pre-launch governance checkpoints.
Support clinical research, outcomes tracking, and de-identification workflows so that secondary uses of data are governed under documented standards.
Triage and respond to fast-moving product and commercial requests with calibrated, written guidance.
Privacy Operations and System Support
Own day-to-day execution of core privacy operations alongside the Senior Director of Compliance, with the ability to operate independently on assigned workstreams.
Operate Fullscript’s OneTrust environment for vendor reviews, data mapping, PIAs, consumer rights requests, and reporting, including configuration of new workflows as the program scales.
Lead privacy incident response activities, including intake, triage, coordination with cross-functional stakeholders, documentation, and tracking remediation efforts through resolution.
Business Enablement and Compliance Monitoring
Build trusted working relationships with stakeholders across the business so that privacy is engaged early on new initiatives rather than at the end.
Translate HIPAA, PIPEDA, Quebec Law 25, CPRA, and other applicable US state privacy laws into plain-language guidance, playbooks, and training materials the business can use without further interpretation.
Maintain ongoing monitoring of Fullscript’s privacy posture, surface emerging risk areas to the Senior Director of Compliance.
7+ years of dedicated, hands-on privacy experience, specifically in roles requiring deep cross-collaboration.
Proven track record of working closely with Product and Engineering teams to embed data protection and privacy guardrails directly into features, technical solutions, and product designs.
Must have direct experience working within the US healthcare industry (HIPAA).
Proven, direct experience working within OneTrust.
Deep understanding of US and Canadian privacy landscapes, with the ability to confidently navigate and apply requirements.
Experience and strong foundational knowledge regarding the privacy implications of AI.
Exceptional ability to build relationships across a business and communicate compliance requirements clearly and simply.
A pragmatic, solution-oriented Individual Contributor who thrives on autonomy and fast business growth.
Artsy
Pulse Healthcare Services
National Debt Relief, LLC
AHOY
Black Duck
Fullscript
Fullscript
Fullscript
