Senior Privacy Counsel

About the role:

HeliosX is seeking a Senior Privacy Counsel to own and lead global privacy and data protection across the organisation. Reporting to the Head of Legal, this role will set and drive the company’s privacy strategy, embed privacy-by-design across products and operations, and enable compliant, scalable use of data (including health data) to support innovation, international expansion and responsible commercialisation.This is a high-impact, senior legal role with significant autonomy and visibility.
The Senior Privacy Counsel will act as the senior internal authority on privacy and data protection, taking primary ownership of privacy risk decisions within an agreed risk appetite and escalation framework with the Head of Legal. The role will work closely with different stakeholders in the business helping to scale our datasets as a commercial asset. 
The role focuses on legal privacy and regulatory strategy and risk. Day-to-day information security operations and non-legal compliance execution sit with the relevant functional owners, with strong partnership and governance across these teams. Privacy and data protection are central to HeliosX’s growth, product strategy and regulatory credibility. This role is critical in enabling the business to scale internationally, innovate responsibly and manage regulatory, reputational and enforcement risk in a highly scrutinised environment.

What you'll be doing:

• Own and lead the organisation’s global privacy and data protection strategy, including the use of special category (health) data.
• Act as the final internal decision-maker on privacy and data protection matters within agreed risk appetite, providing clear, pragmatic direction to the business and the Head of Legal.
• Partner with and advise the Head of Legal on cross-functional and board-level risk trade-offs where privacy intersects with broader legal, regulatory or commercial considerations.
• Design, implement and continuously improve scalable privacy governance, including oversight of:
• data mapping / RoPA
• DPIAs and privacy risk assessments
• internal privacy policies and standards
• training and awareness programmes
• Building and scaling datasets as a commercial asset
• privacy incident escalation and reporting
  
  
• Establish privacy KPIs and reporting for senior leadership.
• Lead engagement with data protection authorities and regulators, including managing responses to inquiries, data incidents, investigations, audits and formal correspondence, working with external counsel where appropriate.
• Monitor and advise on privacy regulatory developments across relevant jurisdictions (including UK, EU, US and other international markets) and incorporate the impact of further expansion on the global privacy program and data strategy.
• Partner closely with product, engineering and data teams to embed privacy-by-design into product development, experimentation, analytics and growth initiatives.
• Lead on privacy and data protection aspects of AI and automated decision-making, including DPIAs, lawful basis, transparency, data minimisation, governance and human oversight.
• Support responsible data use and data commercialisation initiatives in a way that balances innovation with regulatory and ethical considerations.
• Own privacy readiness for international expansion, including market-entry assessments, localisation considerations and cross-border data transfer strategies.
• Draft, review and negotiate data-related agreements, including DPAs, joint controller arrangements and data-sharing agreements.
• Lead privacy input into partner and vendor assessments.
• Build and lead a small but growing privacy function (legal and/or privacy professionals), setting priorities, mentoring team members and establishing effective operating rhythms.

Who you are:

Experience:

• Qualified lawyer (UK / EU preferred).
• 8+ years PQE (or equivalent experience) with deep, hands-on privacy expertise in-house and/or in leading private practice.
• Proven experience owning privacy strategy and decision-making in a regulated, high-growth and data-intensive environment.
• Expert knowledge of UK GDPR and EU GDPR, including advising on the use of special category data.  Experience with other regimes (e.g. the Americas or APAC) is advantageous.
• Demonstrable experience influencing and advising senior stakeholders across product, engineering, data, commercial and clinical teams.
• Deep understanding of privacy risks and controls in modern digital products and advanced analytics in a direct to consumer business.
• Excellent drafting, negotiation and communication skills, with the ability to translate complex privacy issues into clear and actionable guidance.
• Experience working in or advising a healthtech, digital health or consumer healthcare business or any other sector handling special category data would be preferred.
• Experience building or scaling a privacy function within a fast-paced, high-growth organisation.
• Exposure to privacy considerations in international market expansion, including outside the UK/EU.
• Familiarity with data ethics frameworks and responsible innovation best practices.

Why work with us?

At HeliosX, we want to improve healthcare for everyone, and to do this we need a team of brilliant people who share that ambition. We are currently a diverse team of engineers, scientists, clinical researchers, physicians, pharmacists, marketeers, and customer care specialists committed to our mission - but we need more talented folks to join us, if we want to achieve our global ambitions!

Aside from working with our all-star team, here are the other benefits of coming on board:

• Generous equity allocations with significant upside potential
• 25 Days Holiday (+ all the usual Bank Holidays)
• Private health insurance, along with extra dental and eye care cover
• Employee Pension with Smart Pension
• Enhanced parental leave
• Cycle-to-work Scheme
• Electric Car Scheme
• Free Dermatica and MedExpress products every month, as well as family discounts
• Home office allowance
• Access to a Headspace subscription, discounted gym memberships, and a learning and development budget 

#LI-Senior #LI-Hybrid