Assistant Compliance Counsel

About The Position

Requirements

• Working knowledge of HIPAA, privacy, data protection, and information security requirements, including incident response and risk assessment concepts.
• Experience drafting, reviewing, and negotiating BAAs and other commercial contracts, including privacy/data terms and risk allocation.
• Demonstrated current knowledge of business ethics, legal and compliance risks, and emerging issues in privacy, artificial intelligence, and cybersecurity.
• Strong problem-solving and analytical skills, sound judgment, and attention to detail; ability to make independent decisions and communicate risk-based recommendations.
• Advanced written, verbal, and influencing skills, including the ability to work effectively with department leaders, external vendors, regulators, and accreditation bodies.
• Strong organizational skills with the ability to manage multiple matters and deadlines; comfortable developing compliance reporting/analytics (monitoring/testing, case management, and regulatory reporting).
• Experience supporting compliance training, communications, audits, monitoring, investigations, and program effectiveness reviews.
• Proficiency with Microsoft Word, Excel, and PowerPoint; advanced AI chatbot skills a plus.
• Ability to sit and perform extensive close keyboard and PC work
• Ability to walk, talk or hear
• Occasionally required to stand and reach with hands and arms
• Ability to meet deadlines and attendance standards.
• The noise level in the work environment is usually moderate.
• This classification will be required to sign a confidentiality agreement
• Juris Doctor (JD) from an ABA-accredited law school.
• Admission to the bar to practice law in New Jersey is required; successful candidates must obtain Authorized House Counsel certification from the State of Connecticut within 6 months of hire.
• Three (3+) years of experience in healthcare compliance and commercial contracts (organizational compliance and/or regulatory affairs preferred); experience in healthcare, insurance, or consulting roles a plus.

Nice To Haves

• IAPP privacy certification (CIPP/US, CIPM, CIPT, and/or AIGP) a plus; if not held at hire, successful candidate must obtain, at minimum, the CIPP/US designation within 12 months of appointment.
• Experience in healthcare, insurance, or consulting roles a plus.

Responsibilities

• Serve as the primary point of contact for HIPAA, privacy, and related compliance matters; advise business partners on compliance questions, complaints, and reported incidents.
• Manage privacy and security events (including potential breaches) by developing a response strategy with key stakeholders, coordinating data collection, completing/documenting risk assessments, managing regulatory notifications/responses, and advising on customer/group client engagement.
• Draft, maintain, and update compliance and HIPAA-related policies, procedures, and records to support audits, monitoring, reporting, and operational consistency.
• Develop and deliver compliance training and communications (including HIPAA training), maintain training materials, and track completion; coordinate HIPAA Security compliance activities with the Information Security Officer.
• Monitor regulatory developments (including insurance regulatory, HIPAA Privacy, consumer privacy, and emerging AI/cyber issues); prepare monitoring and compliance reports, and provide practical guidance to stakeholders.
• Lead regulatory change management for new and pending laws by drafting alerts and implementation guidance; evaluate enterprise initiatives and information-handling practices for legal, regulatory, and policy compliance, and recommend mitigation options.
• Review, draft, and negotiate Business Associate Agreements (BAAs) and a range of commercial and vendor contracts, with a focus on privacy, data protection, artificial intelligence, and appropriate risk allocation.
• Provide counsel on risk remediation and best practices in privacy, information security, and data governance; identify security and privacy risks and advise leaders on mitigation strategies.
• Support day-to-day legal and compliance matters across the organization (including operations, marketing, privacy, and security programs) as needed.
• Partner with HR, IT, Customer Service, and business teams to embed privacy practices into daily operations.
• Enhance the Compliance Program through effectiveness reviews, risk assessments/testing, and follow-up on remediation actions.
• Follow up on reported non-compliance by conducting/coordinating internal investigations and documenting findings; support case management, data analytics, and organizational compliance communications and reporting.