Director, International Privacy and Product

Description

About Lyra Health

Lyra is transforming mental health care through technology with a human touch to help people feel emotionally healthy at work and at home. We work with industry leaders, such as Morgan Stanley, Uber, Amgen, and other Fortune 500 companies, to improve access to effective, high-quality mental health care for their employees and their families. With our innovative digital care platform and global provider network, 10 million people can receive the best care and feel better, faster. Founded by David Ebersman, former CFO of Facebook and Genentech, Lyra has raised more than $900 million.

In 2022, Lyra International was acquired by the San Francisco based health tech unicorn Lyra Health and is going through an exciting integration to together transform access to mental health care with the help of technology. The combined group has also recently grown its own direct local presence considerably in different parts of the world by adding several new subsidiaries to its corporate family tree and providing services in over 200 countries and territories.

About the Role

You will be a critical team member in Lyra’s growing legal and compliance team to support internal and external stakeholders in fulfilling Lyra’s mission to bring mental and emotional health solutions to large employers in the US and internationally. This is a full-time remote role that will be located in the UK and will report to Lyra’s General Counsel.

You will be an integral part of a cross-functional legal and compliance team that works to ensure our business’ compliance with applicable data privacy laws and regulations. The position supports an increasing demand for both legal and operational advice and guidance on International privacy from our internal stakeholders, and will own and lead global privacy for the Legal team. This role will work closely with other departments within the company to advise on a wide range of privacy issues implicated in the development of our technology services and the delivery of our clinical care services across multiple jurisdictions. You will be expected to work independently as the leader and primary point of contact for the legal team in responding to international privacy and product questions, helping to develop the strategy for our international privacy program, and leading privacy-related projects to support Lyra’s growth.

The ideal candidate will be an experienced privacy and compliance leader, ready to roll up their sleeves on novel questions of International privacy and data protection law, able to deliver practical advice to our operational and tech teams on international regulations in privacy and other areas, and prepared to support teams across multiple time zones. You should have a proactive nature in identifying issues and presenting solutions, bring executive presence and maturity to the position, and be someone who is searching for a collaborative environment brimming with novel questions.

About the Role

Responsibilities

Support Lyra’s product expansion to international jurisdictions, by leading efforts to identify and assess global privacy requirements; partner with our legal and compliance subject matter experts to issue spot other regulatory requirements for clinical service delivery, compliance concerns, and intellectual property issues

Provide practical and solution focused privacy advice and support on business matters in a fast-paced environment

Work cross-functionally with the legal team and other business units to advise on relevant issues to Lyra’s international services including advice concerning applicable data protection law and impact on existing company contracts

Collaborate with internal and external experts to ensure that commercial agreements appropriately manage risk and comply with policies, laws, rules, regulations, and company objectives

Own development of standards, guidance and procedures to ensure data privacy compliance requirements and recommendations are addressed throughout product and information lifecycles

Review privacy-related agreements to support commercial teams, including Data Processing Agreements, Standard Contractual Clauses, and various consents. For attorney candidates, scope may include drafting and/or negotiating terms on behalf of the Company

Effectively communicate updates on privacy requirements to business partners, including providing advice and recommendations to support privacy by design principles in new business endeavors

Responsible for Company-wide training and development on key areas of international data protection and privacy requirements

Own development and maintenance of internal and external privacy policies, procedures, and guidance documentation

Direct, develop, guide, and continuously improve the effectiveness of Lyra’s global privacy compliance program to meet regulatory, legal and company privacy obligations, including conduct privacy and data protection impact assessments of programs, systems, products, and services, maintain data inventories and records to track Lyra’s processing (e.g., Records of processing and lawful basis) of personal information and oversee processes for reviewing and responding to individuals’ data-related requests

Develop and maintain practical incident response policies and procedures and investigate and direct the company’s response to any privacy/security incidents in partnership with the Lyra’s Security team

Investigate and direct the company’s response to any inquiries and complaints received about International privacy issues in partnership with the Lyra’s Security Team

Establish strong working relationships with key business leaders and plays a key role in raising awareness of privacy issues and communicating the strategic priorities for personal data protection

Maintain awareness of emerging laws, regulations, enforcement activity, and trends and developments in industry best practices related to privacy and data protection globally

Qualifications

12+ years of privacy compliance experience in-house or experienced practice privacy at a law firm

Strongly preferred qualified and practicing solicitor in England and Wales. Legal qualifications in at least one Member state of the European Union will be considered. Minimum 6 years PQE

Privacy Certification, such as CIPP/US/E, preferred

In-depth knowledge of privacy and data protection laws, including GDPR, UK GDPR, and other jurisdiction specific privacy laws (e.g., PIPEDA, PIPL, POPI, etc). Knowledge of HIPAA and/or US state privacy laws is a plus

Skillset

Demonstrated operational experience translating legal and regulatory requirements into a comprehensive privacy program that utilizes practical processes and practices for global systems, services and operations

Experience leading appropriate responses to privacy and security incidents and breach events, including interactions with relevant local authorities

Experience analyzing and advising on privacy and data protection issues in a Health Care environment would be beneficial

Excellent problem-solving capabilities, judgment, communication (written and verbal), and interpersonal skills

Demonstrated experience leading projects, including collecting, distilling and summarizing issues from relevant stakeholders in a timely, clear, and business-friendly manner

Demonstrated experience providing pragmatic, business-oriented and consumer-centric guidance related to global data privacy laws, including GDPR

Demonstrated experience spotting and supporting resolution of a variety of legal issues across multiple jurisdictions within the U.S. and abroad (e.g., payments, regulatory, commercial, IP)

Experience working in-house with a technology company and/or health care organization strongly preferred

Willing and eager to learn new areas of law and function independently in a demanding fast-paced environment

Demonstrated experience thinking quickly on your feet, conveying grace under pressure, and simultaneously managing workloads, multiple client demands and shifting priorities

Self-driven, ability to operate autonomously with a communicative personality, proactively reaching out to others as relevant while bringing a positive attitude to the workplace

Experience presenting to and working with senior leadership and/or external regulators

Sense of humor

Ability to confidently work remotely with suitable infrastructure in place

Demonstrated experience managing and developing privacy and data protection team members

We are an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, age, disability, genetic information or any other category protected by law.

By applying for this position, your data will be processed as per Lyra Health Workforce Privacy Notice. Through this application, we will collect personal information from you including your name, email address, gender identity, employment information, and phone number for the purposes of recruiting and assessing suitability, aptitude, skills, qualifications, and interests for employment with Lyra. We may also collect information about your race, ethnicity, and sexual orientation, which is considered sensitive personal information under the California Privacy Rights Act (CPRA). Providing this information is optional and completely voluntary. If you are a California resident and would like to limit how we use this information, please use the Limit the Use of My Sensitive Personal Information form. This information will only be retained for as long as needed to fulfill the purposes for which it was collected, as described above. Please note that Lyra does not “sell” or “share” personal information as defined by the CPRA. For more information about how we use and retain your information, please see our Workforce Privacy Notice.