Director, Compliance & Privacy

About Us:

At Kooth, our mission is to create a welcoming space for effective personalized digital mental health care that is available to all. We do this by leveraging an early intervention model and theory of change that empowers young people (13-25 years old) to overcome challenges, unlock their full potential, and lead fulfilling lives. We're not just a service; we're a culture of care – committed to inclusivity, innovation, and impact.

Our culture is driven by our values - Alongside You, Flexible, Compassionate, Committed, and Safe. These values are present in the work that we do, the environment in which we do it, and in the relationships we have with our service users, peers, and leaders. With Kooth, you will be a part of something bigger than yourself. We offer more than just a job. We offer you the chance to positively impact one of the greatest challenges of our time.

What We're Looking For:

The Director, Compliance & Privacy is responsible for Kooth’s Privacy Program in the United States, including day to day operations, implementation and maintenance of policies and procedures, breaches and ensuring Service Users’ rights are protected in line with federal and state law.

How You'll Make an Impact:

Strategic:

Due to the seniority of this position, you will be expected to:

• Enhance Kooth’s strategic and comprehensive privacy program for the United States.
• Work across the UK and US business to ensure effective privacy practices and align best practices.
• Serves in a leadership role for privacy compliance.
• To consider the business’ overall approach to compliance, conduct internal audits and consider improvements.
• Collaborate and develop strategy with Information Security & legal colleagues to ensure alignment across the UK and US business. To support with external audit preparation as required. Horizon scanning and provide regular updates on the regulatory environment relevant to Kooth

Privacy Operations:

As part of day-to-day operations in this role, you will be expected to:

• Partner with stakeholders to conduct Privacy Impact Assessments/Data Protection Impact Assessments to identify, document, and mitigate privacy risks, and align Privacy by Design principles from the initial stages of product development. 
• Monitor compliance of tracking technologies (e.g., cookies and pixels) used for digital marketing, ensuring user privacy is protected by adhering to relevant regulations, and partnering with Marketing teams to ensure strategies to optimize data collection minimize privacy concerns across various campaigns.
• Maintain the content of privacy policies (internal) and notices (external), ensuring compliance with state and federal requirements.
• Work with Human Resources to ensure consistent application of any necessary corrective actions and sanctions.
• Maintain a data register documenting stakeholder and vendor/supplier data flows to strategize the collection, use and sharing of personal data in a manner that maximizes its value while complying with applicable privacy regulations.
• Collaborate with the Head of Information Security and Global IT Director to ensure operational alignment between security and privacy programs, including third-party privacy reviews.
• Assess third-party supplier and vendor relationships by ensuring privacy risks are evaluated and mitigated, contracts include appropriate privacy controls, and Business Associate requirements are documented, as applicable. 
• Partner with Commercial teams to develop business relationships with clients and regulators responsible for privacy and security concerns, as applicable. 
• Provide general advice to colleagues on data protection matters.
• Take a lead role in ensuring appropriate consents are obtained, authorization forms and notices reflect current organizational and legal requirements.
• Maintain current and operational knowledge of applicable federal and state privacy laws and regulations including, but not limited to:
• Health Insurance Portability and Accountability Act (HIPAA)
• California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
• New Jersey Senate Bill 332
• Establish and administer a process for investigating and acting on privacy and security complaints.
• Take a lead role in managing and investigating any data breaches as required by federal and state law.
• Manage individual privacy rights requests, such as access to records, and cooperate with any external agencies that may be required.
• Participate in the development, implementation and compliance monitoring of privacy processes.

Compliance:

As part of day to day work in this area, you will be expected to:

• Direct the company’s compliance programs, policies, reporting and practices.
• Ensure Kooth’s services follow all regulatory requirements, including industry specific or location specific laws.
• Evaluate and implement changes to compliance processes.
• Establish any relevant communications and training initiatives.

Other duties:

In addition to your main duties, you will be expected to:

• Oversee the initial and ongoing training of the workforce on privacy matters.
• Promote privacy awareness throughout the organization.
• Maintain knowledge of all applicable laws and regulations.
• Support and/or lead on compliance based investigations.

Requirements

What You’ll Bring: 

• Advanced degree in health information management or a related field
• Knowledge and experience in state and federal privacy laws, including but not limited to HIPAA
• Demonstrated organization, facilitation, written and verbal communication skills
• Certifications such as Certified Information Privacy Professional/United States (CIPP/US) and/or Certified in Healthcare Privacy and Security (CHPS) is preferred
• Experience working with California’s Department of Health Care Services (DHCS) is a plus.
• Knowledge and experience in the following areas:
• Data Privacy
• Strategy Development
• Organizational Policy Development
• Compliance Monitoring
• Healthcare Laws and Regulations
• Power Skills
• Corporate Communications
• Management Reporting
• Training Program Development 

Benefits

What You’ll Get: 

The salary range for this role is $130,000-$150,000 annually. We’re committed to transparency and value our candidates time, which is why we share salary ranges in all states—regardless of local requirements. Final compensation will be based on a variety of factors, including your education, experience, skills, and overall alignment with the role.

Kooth offers a competitive base salary, employee equity program, and comprehensive benefits including:

• Excellent Medical, Dental, and Vision Coverage
• Prescription Drug Benefits
• Generous Paid Time Off
• 8 Paid Holidays, plus two half-day holidays (Christmas Eve and New Year’s Eve)
• 401(K) Retirement Plan

Equal Employment Opportunity:

Kooth is committed to creating an inclusive workplace and provides equal employment opportunities to all individuals regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. All employment decisions are based on merit, qualifications, and business needs.

Reasonable Accommodations:

Kooth is committed to providing reasonable accommodations for candidates with disabilities, sincerely held religious beliefs, or other protected reasons under applicable law. If you require accommodations during the application or interview process, please contact our HR team.

Ready to Join Us?

If you’re ready to make a meaningful impact and be part of a team that values purpose-driven work, apply today. Together, we’re shaping the future of digital mental health care.