Privacy Program Specialist

Position Overview

• Location Type: Remote
• Job Type: Full-time
• Salary:

Spring Health is seeking a Privacy Program Specialist to operationalize and maintain its US and global privacy program. This role involves managing DPIAs, PIAs, and data mapping, supporting privacy reviews for new products, enhancing privacy tools, tracking regulatory changes, and contributing to audits and reporting. The ideal candidate is skilled at structuring complex processes and operates at the intersection of privacy, technology, and operations.

About Spring Health

Spring Health's mission is to eliminate every barrier to mental health. They are revolutionizing mental healthcare with their clinically validated technology, Precision Mental Healthcare, delivering tailored care including therapy, coaching, and medication. They partner with over 450 companies, including Microsoft, Target, and Delta Airlines, serving 10 million people globally. Spring Health has demonstrated a net positive ROI for employers and is backed by prominent investors, with a current valuation of $3.3 billion.

Responsibilities

• Operationalize and maintain Spring Health’s US and global privacy program across jurisdictions.
• Conduct and manage Data Protection Impact Assessments (DPIAs), Privacy Impact Assessments (PIAs), and records of processing activities (RoPAs).
• Maintain and evolve data mapping efforts across systems and vendors.
• Support privacy reviews and Customer questionnaires for new products, features, and data use in partnership with Product, Engineering, Security, and AI/ML teams.
• Manage and enhance use of privacy management tools (e.g., OneTrust, TrustArc), including intake workflows, assessment templates, and reporting.
• Track regulatory developments and assist with gap assessments and remediation efforts.
• Support documentation for audits, due diligence, and regulatory inquiries.
• Assist in developing and maintaining metrics and dashboards to monitor the health of the privacy program.
• Perform other duties as assigned.

What Success Looks Like

• Complete and maintain DPIAs, PIAs, and RoPAs in alignment with internal processes and regulatory expectations within established timeframes.
• Ensure data mapping across systems and vendors is accurate, comprehensive, and regularly updated.
• Maintain and optimize privacy management tools, including intake workflows, templates, and reporting functions.
• Develop and maintain dashboards and metrics to track the health and maturity of the privacy program.

Requirements

• 4+ years of experience in privacy and data protection, with at least 2 years in a program or project management capacity.
• Strong understanding of global privacy laws and frameworks (e.g., GDPR, CCPA/CPRA, HIPAA).
• Demonstrated experience operationalizing privacy programs, including policy development, training and awareness, data mapping, risk assessments, and privacy-by-design initiatives.
• Proven ability to manage cross-functional projects.