Counsel, Privacy & AI

About Hims & Hers: Hims & Hers Health, Inc. (NYSE: HIMS) is the premier, internationally recognized telehealth pioneer, consumer wellness platform innovator, and digital healthcare leader on an absolute mission to help the world feel great through the power of better health. Redefining modern healthcare delivery by putting the customer first, Hims & Hers provides affordable, accessible, and deeply personal solutions across a multi-tenant framework from digital clinical diagnosis to direct-to-door medical delivery. Recognizing that no two patient profiles are identical, the brand normalizes stigmatized health and wellness challenges through customized prescription formulations designed for repeatable results. Traded publicly on the New York Stock Exchange, the organization operates a talent-first, flexible, and fully remote workplace structure centered on ethics, wellness, and belonging. Hims & Hers provides high-agency regulatory attorneys with an uncompromised remote canvas to define data boundaries, lead corporate risk-mitigation programs, and safely scale digital health products globally.

Position Overview

We are seeking a highly analytical, systems-minded Counsel, Privacy & AI to join our core centralized Legal department in a full-time remote capacity within the United States. In this high-leverage and collaborative corporate counseling seat, you will step up to claim individual strategic operational accountability for developing, scaling, and optimizing our global privacy, data protection, and artificial intelligence compliance frameworks. Shifting completely away from standard contractual boilerplate copying or passive regulatory monitoring, you will serve as the primary subject matter expert guiding the intersection of consumer e-commerce, automated predictive technology, and sensitive healthcare data. This position requires an enterprise legal veteran holding an accredited J.D. and 5+ years of dedicated privacy background who models algorithmic risk profiles fluidly, drafts complex data sharing maps smoothly across Product and Engineering cells, and translates shifting global compliance mandates into actionable, business-ready legal guardrails.

Key Responsibilities

• Global Privacy and AI Strategy Governance: Formulate, execute, and scale Hims & Hers’ global legal frameworks covering data protection, consumer transparency, and responsible artificial intelligence, aligning risk mitigation with fast product innovation.
• Privacy-by-Design Feature Architecture: Lead comprehensive privacy-by-design legal evaluations for emerging digital products and e-commerce configurations, integrating defensive data guardrails early inside the software engineering lifecycle natively utilizing Legal Consultant methodologies.
• B2B Data Exchange Contractual Negotiation: Structure, review, and execute high-stakes U.S. and international privacy agreements, data sharing additions, and regulatory compliance protocols natively leveraging Contract Law parameters across Data Processing Addenda (DPAs) and Business Associate Agreements (BAAs).
• Algorithmic Risk and Impact Assessments: Plan, manage, and document formal Data Protection Impact Assessments (DPIAs) and specialized AI algorithmic risk reviews, systematically mapping company-wide data ingestion paths and processing registries.
• Cross-Functional Innovation Partnership: Partner peer-to-peer alongside internal Product labs, AI automation groups, growth Marketing divisions, and core security squads to align shifting legal definitions with functional operational controls.
• Sovereign Public Policy Interpretation: Monitor global regulatory bodies and track emerging consumer health data legislation, translating complex statutory changes into clear, highly scannable, and business-friendly guidance for executive boards.
• Omnichannel Incident Response Coordination: Lead the legal triage and mitigation tracks for potential privacy or data anomalies, collaborating cross-functionally alongside security engineers from the initial detection phase down to final resolution.
• Internal Playbook and Policy Curation: Author, structure, and expand internal company playbooks, compliance guidelines, and employee training modules to establish clear baselines for safe machine learning and data optimization.

Required Skills & Qualifications

• Possession of a formal Juris Doctor (J.D.) degree from an ABA-accredited law school, coupled with an active, uncompromised license to practice law in good standing within at least one U.S. jurisdiction.
• 5+ years of verified professional history running commercial privacy law operations, in-house data protection management, corporate cybersecurity counseling, high-stakes contract negotiation, or tier-1 firm legal consulting.
• Deep, authoritative technical command of consumer privacy laws, comprehensive state-level data structures, consumer health protection acts, HIPAA regulations, international data transfers, and AI risk boundaries.
• Expert-tier capability drafting binding data ownership clauses, checking risk mitigation properties, and structuring commercial vendor policies natively utilizing Legal Consultant legal patterns.
• Practical operational familiarity auditing vendor data paths, reviewing enterprise software tools, and managing data subject access requests (DSARs) natively using Contract Law tracking rules.
• Outstanding verbal, written, and presentation communication traits in business-fluent English, with a proven ability to synthesize multi-layered regulatory jargon into brief, actionable parameters for non-lawyer stakeholders.
• Location Context: Position open exclusively to qualified privacy attorneys based permanently and resident within the **United States** to execute corporate legal duties under a 100% remote work-from-home layout.

Preferred Strategic Indicators (Nice to Have)

• Prior commercial legal history operating within an enterprise telehealth provider, digital health startup, direct-to-consumer pharmacy brand, or high-growth consumer-facing software enterprise.
• Possession of recognized industry privacy credentials, highly highlighting options like **CIPP/US**, CIPP/C, or CIPP/E certifications.
• Working knowledge of specialized modern privacy automation software suites built for data inventory tracking, consumer consent orchestration, or user privilege maps.
• An outcome-driven personal philosophy rooted in sharp legal judgment, a desire to challenge auto-pilot compliance assumptions, and an intense passion for shaping the future of decentralized consumer healthcare.

What We Offer

• High-Yield United States Salaried Structure: An attractive full-time base salary scale structured transparently between $170,000 – $205,000 USD per year, calibrated precisely to evaluate your privacy authority and contract craftsmanship, supplemented by eligibility for an executive corporate **Equity** grant.
• The exceptional professional canvas to directly direct, shape, and code-shape the data privacy architectures and AI governance frameworks power-routing a leading NYSE-traded telehealth enterprise.
• Profound work-from-home remote parameters offering an elite distributed workplace model, complete scheduling trust, and zero physical geographic office commuting friction across America.
• Immediate eligibility to enroll in comprehensive Total Rewards packages, featuring premium medical, dental, and vision insurance coverage options.
• Access to excellent asset accumulation channels, including our attractive corporate **Employee Stock Purchase Program (ESPP)** alongside a 401(k) retirement plan backed by company matching.
• Generous personal lifestyle calibration benefits, featuring an Unlimited PTO vacation framework, fully covered parental leave options, corporate team offsite retreats, and dedicated quarterly mental health days to support sustainable wellness.