Senior Privacy CounselFlo Health

Legal and Compliance are partners across the whole business here at Flo. They watch over everything: Flo’s privacy programme, compliance with regulatory obligations, contract management, IP enforcement… you name it. 

The team’s divided into three groups - Privacy & Data Protection, Regulatory & Compliance, and Legal Services, each managing its own area. 

This role’s all about delivering on Flo’s continued commitment to data privacy by design. It’s a senior counsel position reporting directly to our VP of Privacy, sitting as part of a team of four doing some really exciting work.

Day to day, this role will be key in reviewing privacy policies, advising on the launch of product features, and helping to ensure privacy by design and as default across all areas of our business. From a certification perspective, we’ve achieved our ISO 27001 certification (and were the first business of our kind with it!), and have now also secured certification to ISO 27701.

On top of the day to day and certification work, there’s also an exciting chance to be part of a truly innovative product; a commitment to privacy is baked into our features, and we’re a market leader not only thanks to our medical credibility, but also for our groundbreaking work on features like Anonymous mode.

Your Experience

Must have:

• Qualified solicitor in the UK with +5  years’ PQE
• Proven track of work in a tech company, or in-house with a software product focussed organisation
• Knowledge of data protection laws globally (including the US)
• Practical experience in privacy by design
• Knowledge of risk management
• Knowledge of OneTrust, JIRA, Confluence

Nice to have:

• CIPP certifications (CIPP/E, CIPM, CIPT, CIPP/US of others)
• Knowledge of agile methodologies
• Proven track of work in a health tech, digital health or digital wellness company

What you'll be doing

You'll be responsible for:

• Develop and maintain global privacy policies and procedures with appropriate attention to detail and an appreciation of practical application
• Provide prompt and pragmatic privacy and data protection advice to the business (special focus on worldwide data driven initiatives)
• Give guidance to ensure data protection is baked into the design, build, test and deployment stages across activities and departments
• Support the VP of Privacy in carrying out Data Protection Impact Assessments (DPIAs), and providing practical solutions to mitigate privacy risks
• With support of the team, undertake data protection audits and reviews and speak confidently to controls in audits
• Proactively assist with the creation and delivery of staff training, playbooks and guidance in privacy best practice
• Undertake legal research on emerging privacy and data protection laws and guidance and consider how legislation impacts Flo’s practices
• Work to ensure that data protection and best practices are fully integrated into Flo’s compliance framework
• Support our technology and information security teams on cyber security, data privacy and data ownership
• Manage strong relationships with Flo teams and act as a trusted advisor.

You'll be targeted on:

• Successfully providing timely  business-oriented and compliant privacy solutions to the company on various topics such as: consent management, retention, data mapping and discovery, DSAR, and others
• Assisting with aligning our practices to  the controls of ISO 27701.
• Meeting sprint deadlines and quarterly targets in your areas of responsibilities. 
• Successful rollout of educational and partnering sessions for various product and engineering stakeholders

#LI-JC1 #LI-Hybrid