Privacy and AI Counsel

Support Lyra’s privacy program and advise internal stakeholders on privacy concerns related to Lyra’s products and services, and the implementation of new technologies, such as AI.

As a core component of the role, participate extensively in AI use case reviews, including those involving generative AI and agentic AI for internal use at Lyra, and in legal reviews and assessments relating to the development by Lyra of AI-powered products, services, and tools. Drive the AI use case review process forward to meet established SLAs, ensuring the business remains agile.

Draft, maintain, and evolve AI governance documentation, including the Company’s Responsible AI Policy and related standards, procedures, and guidance.

Coordinate with internal teams to ensure corporate adherence to applicable state and federal privacy laws, including, but not limited to, CCPA and HIPAA.

Stay abreast of, analyze, and advise on evolving US laws and regulations relating to privacy and AI at both the state and federal level. Update the legal team and the business on relevant new regulatory requirements and feed into policy and procedural documentation.

Support international AI regulatory compliance by partnering with the Privacy Counsel, International on the EU AI Act and other global AI regulations, including leading horizon scanning efforts and proactively delivering insights and updates to the legal team and broader Lyra business.

Collaborate with commercial counsel to ensure that privacy provisions in commercial agreements and Business Associate Agreements (BAAs) appropriately manage risk and comply with privacy policies, laws, rules, regulations, and company objectives.

Review BAAs negotiated by commercial counsel and document data use permissions for new and existing customers.

Work cross-functionally to advise product and business teams on potential privacy and AI regulatory implications of Lyra’s new and existing product lines, including reviewing and approving product requirement documents (PRDs).

Investigate, manage, document and report privacy incidents, including breaches, in accordance with applicable law, contractual requirements and corporate strategy.

Participate in cross-functional teams working on AI governance and AI use case reviews.

Other duties as assigned.

Law degree from top-tier law school and membership in a state bar with good standing.

A minimum of 3 to 5 years legal experience in-house or at a law firm.

Experience analyzing and advising on health care privacy laws on the state and federal level; implementation of CCPA or GDPR programs a plus, as is experience advising on AI regulation and governance.

Excellent problem-solving capabilities, judgment, communication (written and verbal), and interpersonal skills.

Experience leading projects, including collecting, distilling and summarizing issues from relevant stakeholders and moving projects forward.

Experience in solving product legal matters, including communicating and collaborating effectively with stakeholders with a wide range of legal and technical experience and knowledge.

Ability to balance technical AI legal advice with operational process management.

Experience working in-house with a technology company and/or health care organization strongly preferred.

Ability to thrive in a high-performance culture, with strong prioritization skills, and the ability to manage multiple competing demands effectively.