Return to jobs Return to jobs

Privacy Counsel

Flo health


Posted over 30 days ago...


Join Flo as a Privacy Counsel and Shape the Future of Healthtech Privacy Standards


icon Salary

No salary declared 😔

icon Location

London, England, United Kingdom,

icon Nomad Friendly?

In-person- London United Kingdom

icon Expires

Expires at anytime

Flo is at the forefront of the healthtech industry, revolutionizing the way privacy is integrated into digital health services. With pioneering projects like achieving the ISO 27701 Privacy certification and launching open-source Anonymous mode, Flo is committed to advancing privacy in AI and maintaining the highest standards of data protection.

Role Summary:

  • Provide expert privacy and data protection advice across the business.
  • Guide new product features with a focus on data privacy.
  • Advise on AI technologies and online advertising practices.
  • Ensure data protection is integral to all stages of development and deployment.
  • Perform Data Protection Impact Assessments and risk mitigation.
  • Manage Information Security and Privacy Management System processes.
  • Coordinate ISO and internal audits, including handling non-conformities.
  • Develop and deliver privacy training and communications.
  • Research emerging privacy laws and regulatory changes.
  • Integrate data protection practices into Flo’s compliance framework.
  • Explore and implement privacy-enhancing technologies and tools.

Role Requirements:

  • Qualified UK solicitor with 2+ years’ PQE in privacy and data protection.
  • Experience in tech, software, or a reputable law firm.
  • Global data protection law knowledge, including US regulations.
  • Practical experience in privacy by design.
  • ISO (Security/Privacy) and risk management knowledge.
  • Proficiency in OneTrust, miro, JIRA, Confluence.
  • CIPP certifications are a plus.
  • Agile methodologies knowledge is beneficial.
  • Experience in health tech or digital wellness is advantageous.

Legal and Compliance are partners across the whole business here at Flo. They watch over everything: Flo’s privacy programme, compliance with regulatory obligations, contract management, IP enforcement… you name it. 

The team’s divided into three groups - Privacy & Data Protection, Regulatory & Compliance, and Legal Services, each managing its own area. 

As far as our Privacy team is concerned, it doesn’t get more exciting for privacy professionals working in a rapidly growing healthtech business. 

This role’s all about delivering Flo’s continued commitment to data privacy by design.

Reporting to our VP of Privacy, it sits as part of a team of six doing some really exciting work.

Having achieved our ISO 27701 Privacy certification (the first business of our kind with it!), and having launched Anonymous mode (recently making it open source), we’re exploring the future of privacy in AI, as well as enhancing our privacy policies and systems, and helping to ensure privacy by design and as default across our business.

With one of our team departing for world travel, we’re looking for a permanent replacement to act as Privacy Counsel and help lead our commitment to maintaining ISO standards.

Your Experience

Must have:

  • Qualified solicitor in the UK with experience (usually 2+ years’ PQE) in a privacy and data protection position;
  • Proven track of work in a tech company, software focussed product company or reputable law firm;
  • Knowledge of data protection laws globally (including the US);
  • Practical experience in privacy by design;
  • Knowledge of ISO (Security and/or Privacy) and risk management;
  • Knowledge of OneTrust, miro, JIRA, Confluence.

Nice to have:

  • CIPP certifications (CIPP/E, CIPM, CIPT, CIPP/US or others);
  • Knowledge of agile methodologies;
  • Proven track of work in a health tech, digital health or digital wellness company.

What you'll be doing

You'll be responsible for:

  • Provide privacy and data protection advice to the business;
  • Provide guidance on new product features;
  • Advising on online advertising practices and AI technologies;
  • Giving guidance to ensure data protection is baked into the design, build, test and deployment stages across activities and departments;
  • Carrying out Data Protection Impact Assessments (DPIAs), and providing solutions to mitigate privacy risks;
  • Running our core integrated Information Security and Privacy Management System (ISPMS) processes, including maintaining framework documents and other ISPMS documented information.
  • Organizing ISO and internal audits and the management of any resulting non-conformities, control owner walkthroughs, policy reviews, and Flo’s Privacy and Security Steering group meetings and materials;
  • Assisting with the creation and delivery of staff training and Privacy Champion Network communications on privacy best practice to all entities and affiliates (with a particular focus on digital data uses);
  • Undertaking legal research on emerging privacy and data protection laws and guidance, and horizon scanning for regulatory updates;
  • Working to ensure that data protection and best practices are fully integrated into Flo’s compliance framework;
  • Adopting a curious approach to privacy-enhancing technologies and helping to set up new tooling from a privacy perspective.

You'll be targeted on:

  • Successfully providing pragmatic business-oriented and compliant privacy solutions to the company on various topics such as: consent management, privacy assessments, digital marketing and user rights;
  • Leading the coordination of the ISO 27001 Security and ISO 27701 Privacy management systems;
  • Being a proactive team player that delivers on assigned targets, with a positive and collaborative approach;
  • Successful rollout of educational and partnering sessions for various stakeholders (including product and marketing).

#LI-JC1 #LI-Hybrid 


Hire with Escape

Showcase your progressive organisation and post your open roles to the biggest UK community of purpose driven job seekers.

Get Started