Manager/Senior Manager, Privacy Paralegal / Program Manager
Flatiron Health is a leading healthcare technology and services company focused on improving oncology patient care and accelerating cancer research. Our products connect community oncologists, academics, hospitals, life science researchers and regulators on a shared technology platform. For community oncology clinics, our OncoCloud product offers the most comprehensive suite of software and services in community oncology. We work with both community oncologists and life sciences customers to see how the billions of data points on cancer patients can generate meaningful real-world evidence, and also accelerate clinical trials. Flatiron believes that we can learn from the experience of every patient.
Flatiron’s privacy program is responsible for legal, compliance and ethical considerations around data use, privacy law, and security law within the organization. The privacy program is core to all aspects of the company’s business model, enterprise risk management, and day-to-day operations.
We are looking for a Manager/Senior Manager to help support Flatiron’s privacy program. In this role, you will serve as a subject matter expert and proactively assist teams in establishing and maintaining appropriate processes and procedures to comply with relevant policies. Individuals in the privacy program can expect to interact with cross-functional stakeholders and leaders throughout the company on a daily basis. This role reports directly into the Chief Privacy Officer.
- Review and negotiation of privacy and security provisions in vendor agreements and customer agreements.
- Guide cross-functional stakeholders to ensure that privacy and data protection risk is managed effectively, including in the following areas:
- Clinical research/collaboration, secondary use of data and real world data
- Management of data incidents and support of data breach response readiness
- Update and develop new privacy-related policies, procedures, and guidance documents as needed
- Conduct risk assessments of how the company obtains, uses, stores and shares personal information across data lifecycle.
- Educate business clients through training and awareness programs.
- Work with product managers and other stakeholders to develop and drive consensus around creative solutions to privacy-by-design challenges.
- Facilitate discussion and coordination among product managers and privacy stakeholders across the company.
- Communicate privacy decisions to the broader cross-functional team, and ensure that those decisions are properly implemented.
- Demonstrated academic achievement
- 5+ years of work experience in privacy, security, policy, or other related field
- A knowledge of information technology as it relates to privacy and data protection risks.
- Experience communicating to different types of audiences both internally and externally
- Keen interest in working at the intersection of law and technology - navigating privacy, data protection and corporate compliance while communicating with and creating processes for technical and product teams throughout the company.
- Experience with organizing, coordinating, multi-tasking, and process-improvements in a program.
- Interest in working in a collaborative, creative environment.
- High level of comfort with technology and information management tools.
- Commitment to compliance with laws, regulations, and bioethical principles, as well as teamwork.
- Knowledge of the healthcare/pharmaceutical industry
- Interest in bioethics and application of bioethical principles to day-to-day compliance guidance.
- CIPP/US or CIPP/EU certification
- BA/BS degree in Public Policy, Computer Science or related field