Head of Regulatory & Privacy, Legal & Compliance (HealthTech)

Synagen builds specialized AI agents for healthcare and oncology, designed to support complex clinical decisions and biomedical workflows with actionable, high-precision outputs. We combine modern AI with clinical expertise to create software that integrates into real provider environments and delivers value in practice.

As our Regulatory, Privacy & AI Governance Head, you will own and operationalize our regulatory and data‑protection framework across product, engineering, and commercial activities.

You will act as the central interface between legal requirements and technical implementation—ensuring that privacy, security, and AI governance are not only compliant on paper, but pragmatically embedded into how our software is built and deployed. Your partner closely with our external DPO and security function; you own the operating system, not paperwork‑only compliance.

What you will do

• Own and operationalize healthcare data‑privacy and security topics across the organization, working hands‑on with engineering and product teams.
• Structure, draft, and maintain AVVs / DPAs and related contractual privacy documentation with customers, partners, and vendors.
• Translate regulatory requirements into concrete technical and organizational measures for software teams.
• Act as primary internal owner for GDPR, with working knowledge of HIPAA implications for US expansion.
• Coordinate and manage external regulatory, legal, and privacy partners (law firms, auditors, consultants).
• Support and prepare the organization for ISO 27001 and SOC 2 audits; understand implications of HiTrust where relevant.
• Take on mandatory internal regulatory roles (e.g., privacy lead, internal compliance owner, audit contact), depending on company needs and growth stage.
• Develop a practical understanding of the EU AI Act, its risk categories, and implications for Synagen’s AI products, and guide internal alignment.
• Support customer due‑diligence processes (security questionnaires, privacy assessments, regulatory reviews).

Qualifikation

• Proven experience in healthcare data privacy in a software or digital health environment + understanding technical implications and limitations
• Hands‑on experience working with tech and product teams to implement regulatory requirements in practice.
• Deep familiarity with GDPR; working knowledge of HIPAA and transatlantic data‑protection considerations.
• Practical experience with ISO 27001 and ideally SOC 2 in software companies (implementation and audit interaction).
• Strong understanding of Data Processing Agreements (DPAs) and data‑processing structures in B2B SaaS.
• Ability to independently structure topics, drive them forward, and operate with limited bureaucracy.
• Fluent English (written and spoken).

Good to have

• Experience with MDR medical device environments and digital health products.
• Exposure to regulated AI systems or clinical decision‑support software.
• Prior experience in startups or scale‑ups in healthcare or life sciences.
• Familiarity with HiTrust or US healthcare enterprise security expectations.

Why us?

• Shape the regulatory and privacy backbone of a next‑generation AI oncology platform.
• High ownership and direct influence on how products are built—not just reviewed.
• Close collaboration with engineering, product, and leadership.
• Real clinical impact in oncology, where trust and compliance are mission‑critical.
• Flexible hybrid setup with a strong core team.