Head of Compliance

Executive and Administrative     ·     San Francisco, CA     ·      Full time

Rune Labs

Rune is a brain data company empowering the development and delivery of precision neuroscience therapeutics. We work with a wealth of newly-captured, high-fidelity neural recordings to advance data-driven therapies for diseases such as Parkinson’s, OCD, Depression, and other neurological conditions. Rune aims to fill the gap in software and data support for next-generation neuroscience therapeutics, and expand the benefits of precision medicine to the millions of patients with neurodegenerative and psychiatric diseases. We’re already generating revenue and are well-funded by top-tier investors.

Rune’s first-in-class precision brain data software platform integrates electrophysiology, brain imaging, and device data together with wearable data and clinical labels. The combination provides researchers, drug developers, and clinicians with the tools to guide treatment, uncover hidden disease phenotypes, and design better-targeted therapies.

We are looking for a hands-on technical leader for our Compliance function, overseeing data privacy, healthcare compliance (e.g. HIPAA), and data governance at Rune Labs. In this role you will maintain and scale our best-in-class compliance programs, working closely with Engineering and Product teams as Rune Labs expands in its existing markets and launches new product offerings. The right person for this role is equally comfortable in the worlds of tech and healthcare, and will enjoy finding innovative compliance solutions, designing efficient compliance systems, and moving quickly, often in the face of ambiguity. This role will report to our CEO.

Core Responsibilities

• Own and evolve our framework for data governance, and partner with product and engineering to ensure we are meeting all data compliance commitments to our partners and also towards relevant frameworks including HIPAA, GDPR, 510(k), CCPA, SOX, etc.
• Provide advice and direction to executive leadership in the integration of security, privacy, quality, and regulatory practices into Rune Lab’s overall strategy, including establishing OKRs, metrics, and KPIs that align with business initiatives and goals.
• Be a consultant to the product and engineering organization that ensures compliance in data quality, data lineage, metadata management to automate enrichment, policy automation, data provenance, and data handling as well retention requirements, providing technical guidance that is privacy-centric, ethical, and transparent to strengthen our data compliance posture.
• Partner with our People Ops function to design and conduct cross-functional compliance training, creating and deploying training materials that are highly relevant for Rune Labs’ business.
• Collaborate with business development and marketing teams for partner compliance assessments, RFPs, contract review, etc., and help build trust and confidence in the security, privacy, quality, and regulatory practices at Rune Labs for our global partner base including hospitals, med-tech and pharma companies, and contract research organizations (CROs).
• Oversee the coordination and execution of external and internal audits and communicate the outcomes of those audits to business partners and executive leadership to include providing guidance on how to improve current processes or the creation of new processes to ensure continued success on future audits.

Minimum Requirements

• 7+ years of hands-on experience working on data governance, privacy and compliance, with at least 2+ years in a leadership role and 2+ years in a healthcare setting. Privacy related certification (e.g. CIPP, CIPT) strongly preferred.
• Experience with building and operationalizing data privacy, compliance, and security programs in Software-as-a-Service and cloud (especially AWS) environments
• Deep knowledge of data privacy requirements stemming from regulatory and legislative mandates, especially where related to healthcare (e.g. HIPAA, especially provisions for data sharing)
• Experience managing internal and external compliance-related audits (e.g. SOC2 type I, II, III). Ideally, would have managed a successful HITECH audit.
• Expertise in data lifecycle management: data definition, data lineage, data quality, data cleansing, and retention.
• Proven verbal and written communication skills, especially authoring, reviewing and maintaining compliance related policies and procedures

Practical Stuff

• You must reside and be authorized to work in the U.S. or Canada
• We are remote friendly! We do ask that you commit to being available until at least 3pm PST (6pm EST) daily. If you’re in San Francisco, our pet-friendly office is a block from Golden Gate Park.
• Full health, vision, and dental benefits for you and your dependents.

More About Us

We look for strong alignment with Rune’s values: learn about our work culture and expectations at Rune on our website and on our Key Values profile. We are committed to treating each other well, building a diverse and representative team, and continually working to improve the inclusivity and equity of our org. Anyone meeting the minimum requirements for an open role is strong encouraged to apply.

Please click here to apply.