Senior Privacy and AI Counsel

About The Position

Requirements

• JD from an accredited law school and active bar membership in good standing in at least one U.S. jurisdiction.
• 7+ years of legal experience, in-house or at a top law firm, with substantial privacy and AI work. In-house experience at a healthcare or healthcare technology company strongly preferred.
• Deep working command of HIPAA/HITECH — including the Privacy, Security, and Breach Notification Rules — and a demonstrated track record of building HIPAA Privacy programs.
• Deep working command of U.S. state privacy laws and the emerging U.S. state AI law landscape.
• Demonstrated track record of building or materially rebuilding an AI governance program — responsible AI policy design, AI use case review framework, model risk classification, and AI-related product review — not just operating an inherited one.
• Demonstrated experience leading privacy incident response end-to-end, including regulator-facing notification and post-incident remediation.
• Strong written communication and the credibility to take and defend a position with executives, the Board, regulators, and outside counsel.
• Comfort operating in a fast-growth environment with imperfect data, parallel priorities, and the need to write the policy yourself before handing it off.

Nice To Haves

• Experience advising on healthcare AI deployment, including FDA SaMD/CDS analysis, clinical decision support governance, and patient-facing AI disclosures.
• Familiarity with 42 CFR Part 2, the 21st Century Cures Act information blocking rules, and state Medicaid confidentiality requirements.
• Familiarity with NIST AI RMF, ISO/IEC 42001, and other AI assurance frameworks.
• Prior work with state Medicaid agencies, MCOs, or other government payors on privacy or data use matters.
• Experience hiring, developing, and leading a small legal or privacy team.
• IAPP certifications: CIPP/US strongly preferred; AIGP a meaningful plus; CIPM useful.
• A sense of humor and a steady temperament under pressure.

Responsibilities

• Own Abby Care's privacy program — HIPAA compliance, state privacy law compliance, BAA program, data mapping and ROPA, privacy incident response, breach assessment and notification, and individual rights workflows — including its design, operation, measurement, and continuous improvement.
• Own Abby Care's AI governance program — the responsible AI policy suite, AI inventory, AI use case intake and review process, model risk classification, ongoing monitoring, and AI incident response — and evolve it as the regulatory and deployment landscape shifts.
• Lead AI use case reviews for internal generative and agentic AI tools and for AI-powered features in Abby Care's product, including chart update, documentation extraction, and clinical decision support. Set the SLAs and the review framework; escalate the hard cases to the GC.
• Set regulatory change management strategy across federal and state privacy and AI law. Translate horizon scanning into program and product decisions, not just memos.
• Own the BAA program end-to-end, including standard templates, fallback positions, vendor risk integration, and downstream subcontractor flow-downs.
• Serve as the senior legal partner to Product, Engineering, Operations and Clinical teams on the privacy and AI implications of new and existing features. Review PRDs, design documents, and model cards; sit in design reviews; influence the roadmap.
• Lead privacy and AI incident response, including investigation, breach analysis, regulator and individual notification, and post-incident program remediation.
• Prepare the privacy and AI sections of the Board package, with the General Counsel.
• Manage outside privacy and AI counsel relationships, including scope, budget, and quality of work product.
• Hire, develop, and lead the privacy and AI team as it grows.
• Partner with the General Counsel and Compliance leadership on Privacy Officer designation, training and awareness programs, and the integration of privacy and AI controls into the broader compliance program.

Benefits

• Competitive compensation packages
• Annual company performance bonus
• Comprehensive health coverage (90% of premiums covered for employee, 70% for dependents)
• Multiple PPO plan options for medical, vision, dental, life, and short-term disability
• Generous paid time off
• 10 paid company holidays
• Team bonding activities
• Annual company retreat
• HSA contributions
• Optional FSA
• Commuter benefits
• Full coverage of all 401(k) account fees
• Paid parental leave