Key skills
SaaSRisk Management
About this role
Role Overview
- Define and lead the privacy and compliance roadmap for entering new global markets, navigating localized data privacy laws, and managing cross-border data transfer requirements.
- Take end-to-end ownership of completing enterprise security questionnaires and deeply review/negotiate liability caps, notice periods, and security exhibits in Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs).
- Serve as Inato's registered Data Protection Officer (DPO). Own the ongoing governance of GDPR and HIPAA. Manage our Information Security Management System (ISMS) and partner closely with Engineering/IT to maintain our ISO 27001 certification.
- Act as the face of Inato’s compliance, leading live security calls with enterprise sponsors and clinical sites to defend our posture.
- Act as a consultant to Product Managers, reviewing feature roadmaps and data flows to ensure global patient data management remains compliant from the ideation phase.
- Act as the crucial translator who converts complex legal obligations into clear, actionable business requirements and tickets for the engineering team to build.
- Create compliance collateral (whitepapers, FAQs) to proactively answer customer questions and implement vendor risk management processes.
Requirements
- 7+ years of professional experience in data privacy, compliance, risk management, or tech law, ideally within a fast-paced B2B SaaS, HealthTech, or Life Sciences environment.
- Deep expertise in global privacy frameworks (GDPR, HIPAA) and a strong capability to research and interpret localized privacy laws for new country expansion.
- Proven ability to negotiate the legal, technical, and security nuances of Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs).
- Technical fluency; you do not need to be an engineer, but you must have a track record of successfully translating legal/compliance requirements into technical tickets for product and engineering teams (and managing ISO 27001 audits alongside them).
- Strong customer-facing experience; you are highly comfortable leading live security and compliance calls with enterprise clients or clinical institutions.
- A highly hands-on "builder" mentality—you are ready to roll up your sleeves to fill out questionnaires, draft policies, and run training sessions autonomously from Day 1.
Benefits
- Remote-first philosophy & flexible hours
- Top-of-the-line equipment
- Modern free health insurance (Benefiz)
- Compensatory time off (RTT)
- Lunch vouchers (Swile)
- Gym membership (Gymlib)
- Free books & learning material