DescriptionThe Compliance & Privacy Manager at Dario Health ensures the organization's adherence to regulatory requirements and internal policies by managing compliance frameworks, monitoring operational processes, and overseeing audits. This role collaborates with cross-functional teams to mitigate risks, safeguard sensitive data, and drive continuous improvement in compliance practices.
The primary responsibilities of this job include:- Assist in governance, risk, and compliance analysis to develop programs ensuring security and regulatory compliance of workforce, platforms, applications, and vendors.
- Collaborate with cross-functional teams, including Legal, IT, and Product, to identify and mitigate compliance risks.
- Assist with internal and external audits, including preparation, facilitation, and follow-up on corrective actions. (SOC 2, HITRUST)
- Manage security awareness and compliance training programs to educate employees on policies, regulations, and best practices.
- Oversee third-party risk management and vendor compliance, ensuring due diligence and adherence to agreements.
- Maintain accurate documentation and reporting on compliance activities, including risk assessments, incident response, and audit findings.
- Develop, implement, and revise privacy policies and procedures that comply with federal and state laws ensuring DarioHealth's handling of Protected Health Information (PHI) meets all regulatory requirements.
- Perform privacy risk assessments and related compliance monitoring initiatives to proactively identify and address potential vulnerabilities in how patient and user data is managed.
- Ensure compliance with frameworks like GDPR, UK Data Protection Act, and U.S. state privacy laws - addressing the rights of users in the EEA, EU, UK, and jurisdictions with similar privacy laws, including the right to access, restrict, and manage their personal data.
Requirements- Strong educational background related to healthcare, compliance, & privacy - master's degree or certifications like PMP, CIPT, or CIPP preferred.
- 5-7 years of experience focused on compliance, risk management, or operations within regulated industries (e.g. healthcare, healthtech).
- Familiarity with laws, regulations, and frameworks such as HIPAA, GDPR, CPRA, ISO 13485/27001, HITRUST, NIST, and SOC 2.
- IT Audit experience is strongly preferred (SOC 2, HITRUST)
- Excellent organizational and problem-solving skills.
- Ability to manage cross-functional teams and drive compliance initiatives.
- Strong communication and interpersonal skills to liaise with stakeholders and train staff on compliance matters.
