Compliance & Privacy Manager

About The Position

Requirements

• Strong educational background related to healthcare, compliance, & privacy – master’s degree or certifications like PMP, CIPT, or CIPP preferred.
• 5-7 years of experience focused on compliance, risk management, or operations within regulated industries (e.g. healthcare, healthtech).
• Familiarity with laws, regulations, and frameworks such as HIPAA, GDPR, CPRA, ISO 13485/27001, HITRUST, NIST, and SOC 2.
• IT Audit experience is strongly preferred (SOC 2, HITRUST)
• Excellent organizational and problem-solving skills.
• Ability to manage cross-functional teams and drive compliance initiatives.
• Strong communication and interpersonal skills to liaise with stakeholders and train staff on compliance matters.

Responsibilities

• Assist in governance, risk, and compliance analysis to develop programs ensuring security and regulatory compliance of workforce, platforms, applications, and vendors.
• Collaborate with cross-functional teams, including Legal, IT, and Product, to identify and mitigate compliance risks.
• Assist with internal and external audits, including preparation, facilitation, and follow-up on corrective actions. (SOC 2, HITRUST)
• Manage security awareness and compliance training programs to educate employees on policies, regulations, and best practices.
• Oversee third-party risk management and vendor compliance, ensuring due diligence and adherence to agreements.
• Maintain accurate documentation and reporting on compliance activities, including risk assessments, incident response, and audit findings.
• Develop, implement, and revise privacy policies and procedures that comply with federal and state laws ensuring DarioHealth's handling of Protected Health Information (PHI) meets all regulatory requirements.
• Perform privacy risk assessments and related compliance monitoring initiatives to proactively identify and address potential vulnerabilities in how patient and user data is managed.
• Ensure compliance with frameworks like GDPR, UK Data Protection Act, and U.S. state privacy laws — addressing the rights of users in the EEA, EU, UK, and jurisdictions with similar privacy laws, including the right to access, restrict, and manage their personal data.