Associate General Counsel, International Privacy and Product

Posted 5.13.24
About Lyra Health
Lyra is transforming mental health care through technology with a human touch to help people feel emotionally healthy at work and at home. We work with industry leaders, such as Morgan Stanley, Uber, Amgen, and other Fortune 500 companies, to improve access to effective, high-quality mental health care for their employees and their families. With our innovative digital care platform and global provider network, 10 million people can receive the best care and feel better, faster. Founded by David Ebersman, former CFO of Facebook and Genentech, Lyra has raised more than $900 million.
About the Role
You will be a critical team member in Lyra’s growing legal and compliance team to support internal and external stakeholders in fulfilling Lyra’s mission to bring mental and emotional health solutions to large employers across the country and internationally. This is a full-time remote role that can be located in the US (Eastern Time Zone preferred) and will report to Lyra’s General Counsel. 
You will be an integral part of a cross-functional legal and compliance team that works to ensure our business’ compliance with applicable data privacy laws and regulations. The position supports an increasing demand for both legal and operational advice and guidance from our internal stakeholders.  This role will work closely with other departments within the company to advise on a wide range of privacy issues implicated in the development of our technology services and the delivery of our clinical care services across multiple jurisdictions.  You will be expected to work independently as the primary point of contact for the legal team in responding to international privacy and product questions, helping to develop the strategy for our international privacy program, and leading projects to support Lyra’s growth.
 The ideal candidate will be an experienced attorney, ready to roll up their sleeves on novel questions of privacy law, able to deliver practical advice to our operational and tech teams on international regulations in privacy and other areas, and prepared to support teams across multiple time zones.  You are an attorney with a proactive nature in identifying issues and presenting solutions and someone who is searching for a collaborative environment brimming with novel questions.
  • Support Lyra’s product expansion to international jurisdictions, by identifying and assessing global privacy requirements; partner with our legal and compliance subject matter experts to issue spot other regulatory requirements for clinical service delivery, compliance concerns, and intellectual property issues
  • Provide practical and solution focused legal advice and support on business matters in a fast-paced environment
  • Work cross-functionally with the legal team and other business units to advise on relevant issues to Lyra’s international services including advice concerning applicable data protection law and impact on existing company contracts
  • Collaborate with internal and external experts to ensure that commercial agreements appropriately manage risk and comply with policies, laws, rules, regulations, and company objectives
  • Develop standards, guidance and procedures to ensure data privacy compliance requirements and recommendations are addressed throughout product and information lifecycles
  • Assist with reviewing, drafting and/or negotiating privacy-related agreements, including Business Associate Agreements, Data Processing Agreements, Standard Contractual Clauses, and various consents
  • Communicate legal and regulatory privacy requirements to business partners
  • Support Company wide training and development on key areas of international data protection and privacy requirements
  • Develop and maintain internal and external privacy policies, procedures, and guidance documentation
  • Direct, develop, guide, and continuously improve the effectiveness of Lyra’s global privacy compliance program to meet regulatory, legal and company privacy obligations, including:  Conduct privacy and data protection impact assessments of programs, systems, products, and services
  • Maintain data inventories and records to track Lyra’s processing (e.g., Records of processing and lawful basis ) of personal information
  • Oversee processes for reviewing and responding to individuals’ data-related requests
  • Develop and maintain practical incident response policies and procedures and investigate and direct the company’s response to any privacy/security incidents in partnership with the Lyra’s Security team
  • Investigates and directs the company’s response to any inquiries and complaints received about privacy/security in partnership with the Lyra’s Security Team
  • Establishes strong working relationships with key business leaders and plays a key role in raising awareness of privacy issues and communicating the strategic priorities for personal data protection
  • Maintains awareness of emerging laws, regulations, enforcement activity, and trends and developments in industry best practices related to data privacy in North America
  • J.D. or equivalent law degree from an accredited law school and membership in a state bar with good standing
  • 12+ years of privacy legal and compliance experience in-house or at a law firm
  • Privacy Certification, such as CIPP/US/E, preferred
  • In-depth knowledge of privacy and data protection laws, including GDPR, UK GDPR, and other jurisdiction specific privacy laws (e.g., PIPEDA, PIPL, POPI, etc). Knowledge of HIPAA or other US state privacy laws is a plus
  • Skillset
  • Demonstrated operational experience translating legal and regulatory requirements into a comprehensive privacy program that utilizes practical processes and practices for global systems, services and operations
  • Knowledge of, and working experience with, appropriate responses to privacy and security incidents and breach events, including interactions with relevant local authorities
  • Experience analyzing and advising on privacy and data protection issues in a Health Care environment would be beneficial
  • Excellent problem-solving capabilities, judgment, communication (written and verbal), and interpersonal skills
  • Demonstrated experience leading projects, including collecting, distilling and summarizing issues from relevant stakeholders
  • Experience providing pragmatic, business-oriented and consumer-centric guidance related to global data privacy laws, including GDPR
  • Ability to spot and support resolution of a variety of legal issues across multiple jurisdictions within the U.S. and abroad (e.g., payments, regulatory, commercial, IP)
  • Experience working in-house with a technology company and/or health care organization strongly preferred
  • Willing and eager to learn new areas of law and function independently in a demanding fast-paced environment
  • Ability to think quickly on your feet, convey grace under pressure, and simultaneously manage workloads, multiple client demands and shifting priorities
  • Self-driven, ability to operate autonomously with a communicative personality, proactively reaching out to others as relevant while bringing a positive attitude to the workplace
  • Sense of humor
  • Ability to confidently work remotely with suitable infrastructure in place
  • Management and development of privacy and data protection team members
The future of health and fitness, all in one newsletter.
Sign up to get the latest industry trends, news, and tech delivered straight to your inbox.

    No thanks.