Head of Privacy

About the position Phil is seeking a highly experienced and proactive Head of Privacy to establish and lead our enterprise-wide privacy program. This role is responsible for ensuring PHIL’s compliance with federal and state privacy regulations, strengthening our governance model, and operationalizing privacy practices across all business units. Reporting to the Vice President of Operational Excellence, you will serve as PHIL’s Head of Privacy and work closely with Legal, Operations, Product, Engineering, and HR. You will drive Phil’s privacy strategy, ensuring company-wide adoption of privacy standards, and serve as a subject matter expert for leadership and cross-functional teams. This role sits within the Program Management Office and will help build PHIL’s long-term privacy governance and operational scale. Responsibilities • Own PHIL’s enterprise privacy program, serving as the company’s Privacy Officer and primary point of accountability • Lead compliance with HIPAA, state privacy regulations, and client-specific contractual requirements • Develop and maintain privacy policies, procedures, training, and documentation • Lead privacy risk assessments, impact assessments, and internal controls • Partner with Operations, Product, Engineering, Security, and Legal to operationalize privacy requirements • Build processes for privacy-by-design across product development and platform enhancements • Oversee monitoring and auditing of privacy practices to ensure sustained compliance • Lead PHIL’s privacy incident investigation and response processes in partnership with Security and Compliance • Manage reporting workflows and external notifications as required • Develop and deliver privacy training for teams across Phil, including Operations, Client Success, Product, and Engineering • Serve as the internal advisor on privacy topics, providing clear guidance to cross-functional partners • Establish privacy KPIs, reporting cadences, and mechanisms to track compliance, risk trends, and remediation • Contribute to PMO frameworks, governance structures, and cross-functional ways of working • Prepare materials for audits, client reviews, and regulatory inquiries Requirements • Bachelor’s degree in business, operations, compliance, information security, or a related field (or equivalent experience) • 7–10 years of experience in privacy, compliance, program management, or related regulated industry roles • Deep understanding of HIPAA, state privacy laws, data governance, and privacy operations • Experience building or leading an enterprise privacy program at a healthcare, pharmacy, or SaaS organization • Strong program management skills and comfort managing cross-functional initiatives • Excellent communicator who can translate regulatory requirements into actionable steps • Highly organized and capable of working in fast-moving, ambiguous environments • Clear, concise communicator and skilled at translating complexity into action plans Nice-to-haves • CIPP, CHPC, or other privacy certifications preferred but not required Benefits • Ground floor opportunity with one of the fastest-growing startups in health-tech • Fully remote working environment out of these states: AZ, CA, CO, FL, GA, IA, ID, IL, IN, MA, MD, MI, MO, NC, NH, NJ, NY, OH, OK, OR, PA, SC, TN, TX, UT, VA, WA, WI, WV • Competitive compensation (commensurate with experience) • Full benefits (medical, dental, vision). • 401(k) contribution opportunity. Apply tot his job