Associate General Counsel, Senior Director of Regulatory Compliance & Privacy

Oura

  • San Francisco, CA
  • Permanent
  • Full-time
  • 20 days ago
  • Apply easily
At Oura, our mission is to empower every person to own their inner potential. With our award-winning Oura Ring and app, we help over 2.5 million people turn insights about sleep, activity, and readiness into healthier, more balanced lives. We believe that starts from within — by creating a culture where our team feels supported, included, and inspired to do their best work. guide how we show up for each other and our community every day.We have offices in San Francisco, San Diego and Los Angeles for those who prefer hybrid or office settings. Oura employees in other major cities (like Boston and New York) occasionally gather informally at local co-working locations.The AGC, Senior Director of Regulatory Compliance & Privacy will provide strategic legal guidance on all aspects of compliance on behalf of the global org, including global health product, corporate, and privacy compliance programs, ensuring Oura’s wearable technology and healthcare solutions adhere to legal and ethical standards. Reporting to the VP of IP and Regulatory Compliance, this role will be responsible for advising on regulatory risk, marketing claims, product labeling, corporate compliance initiatives, and will oversee the privacy compliance function at Oura, including oversight of Privacy Counsel and Privacy Specialist. This is a high-impact leadership role that requires the ability to proactively assess risk, develop scalable compliance frameworks, and influence cross-functional teams. The successful candidate will possess expertise in FDA frameworks governing digital health products, including wearable devices and related software, including Software as a Medical Device (SaMD), Software in a Medical Device (SiMD), and AI/ML-enabled health solutions, and demonstrate a strong understanding of and experience with corporate compliance programs. This role offers an opportunity to play a key role in a fast-paced, innovative environment, balancing privacy and regulatory compliance with commercial objectives.What you will do:FDA & Global Regulatory Compliance:
  • Serve as the primary legal advisor on FDA, EU MDR, and other global health compliance requirements, and corporate regulatory risk for wearable-based health technology.
  • Provide strategic counsel on FDA oversight, regulatory submissions, and compliance strategies for biometric tracking, AI-driven diagnostics, real-world data applications, and health and wellness claims.
  • Provide legal and regulatory oversight for clinical studies and evidence generation, including IRB approvals, informed consent, and compliance with FDA, Common Rule, EU MDR, and GDPR requirements for human subjects research, and retrospective studies.
  • Oversee labeling and marketing compliance, ensuring that product claims align with legal requirements while maintaining competitive positioning, and advise on permissible health claims, ensuring compliance with FDA, FTC, and global consumer protection laws.
  • Serve as a key legal advisor on regulatory enforcement matters, including FDA warning letters, FTC inquiries, and global regulatory audits.
  • Monitor evolving regulatory guidance and guide teams on risk-based approaches to regulatory compliance in product development, clinical validation, and market positioning.
  • Oversee compliance with Quality System Regulation (QSR) and Good Manufacturing Practices (GMPs), as well as post-market compliance, including Medical Device Reporting (MDR), product recalls, corrective actions, and field safety notices, ensuring alignment with FDA expectations.
  • Advise on cross-border regulatory challenges, ensuring seamless market entry while managing jurisdictional risks.
  • Collaborate with the supply chain team to oversee global trade compliance, ensuring adherence to import/export regulations, customs laws, and free trade agreements affecting medical devices and consumer health products.
  • Provide legal guidance on supply chain risk management, including restricted party screening, export controls (EAR & ITAR), and compliance with OFAC sanctions programs.
  • Support classification of products under Harmonized Tariff Schedule (HTS) codes and ensure accurate country-of-origin documentation.
  • In collaboration with Oura’s healthcare and government relations teams, represent the company in interactions with regulators, trade associations, and industry groups, shaping policy discussions around digital health regulation.
  • Provide updates to leadership on regulatory and corporate compliance risks, emerging trends, and strategic mitigation efforts.
Privacy Compliance Oversight:
  • Manage Oura’s privacy team to ensure data privacy program compliance with HIPAA/HITECH, GDPR, new omnibus U.S. state privacy laws, and other relevant data protection laws in the context of health data collection and processing.
  • Oversee the Privacy Counsel and Privacy Specialist, driving the compliant aspects of privacy, including responsibility for ensuring maintenance of data inventories, PIAs, and data subject rights requests to ensure robust data privacy practices are integrated into regulatory submissions and compliance strategies.
  • Conduct internal audits and investigations related to privacy and compliance, including working with Oura’s Data Privacy Officer on data protection impact assessments, audits, and incident response.
  • Develop and deliver training programs, and collaborate with internal and external stakeholders to promote a culture of compliance and integrity.
Corporate Compliance & Ethics Program Leadership:
  • Develop and oversee the company’s ethics and compliance program, ensuring alignment with global best practices and regulatory expectations.
  • Lead anti-bribery and anti-corruption (ABAC) compliance, ensuring adherence to FCPA, UK Bribery Act, and other international frameworks.
  • Implement and manage corporate compliance policies, including conflicts of interest, whistleblower protections, and code of conduct.
  • Drive internal compliance training and awareness programs to strengthen ethical decision-making and regulatory adherence across the organization.
  • Partner with the Sr. Director – Global Risk & Asset Protection on investigative matters related to regulatory compliance, ethics concerns, and corporate misconduct.
RequirementsWe would love to have you on our team if you have:
  • 10+ years of legal experience, including both private practice and in-house, in corporate healthcare regulatory compliance, privacy compliance, and ethics programs, preferably in digital health, diagnostics, wearables, or consumer health technology.
  • Deep expertise in FDA regulations, including oversight of biometric tracking, AI-driven health diagnostics, and digital health compliance.
  • Strong understanding of FTC advertising regulations and global health product labeling laws.
  • Proven experience in developing and implementing privacy compliance programs within a regulated environment, with a strong understanding of global data protection laws (e.g., HIPAA, GDPR, CCPA/CPRA) and their application to health-related data.
  • Expertise in managing corporate ethics and compliance programs, including anti-bribery and anti-corruption initiatives.
  • Ability to interpret and influence evolving regulatory frameworks, ensuring legal compliance while enabling innovation.
  • JD degree with bar admission in at least one U.S. jurisdiction.
BenefitsAt Oura, we care about you and your well-being. Everyone here at Oura has an Oura Ring of their own and we are continually looking to improve employee health and add to our benefits!What we offer:
  • Competitive salary and equity packages
  • Health, dental, vision insurance, and mental health resources
  • An Oura Ring of your own plus employee discounts for friends & family
  • 20 days of paid time off plus 13 paid holidays plus 8 days of flexible wellness time off
  • Paid sick leave and parental leave
Oura takes a market-based approach to pay, which may vary depending on your location. US locations are categorized into tiers based on a cost of labor index for that geographic area. While most offers will be closer to the starting range, successful candidates' pay will be determined based on job-related skills, experience, qualifications, work location, internal peer equity, and market conditions. These ranges may be modified in the future.
  • Region 1: $191,000-$239,000
  • Region 2: $178,000-$223,000
  • Region 3: $165,000-$206,000
A recruiter can determine your zones/tiers based on your US location.We are not considering candidates residing in the following states: Alaska (AK), Delaware (DE), Iowa (IA), Mississippi (MS), Missouri (MO), Nebraska (NE), South Dakota (SD), Vermont (VT), West Virginia (WV), and Wisconsin (WI)Oura is proud to be an equal opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. Individuals seeking employment at Oura are considered without regard to age, ancestry, color, gender (including pregnancy, childbirth, or related medical conditions), gender identity or expression, genetic information, marital status, medical condition, mental or physical disability, national origin, protected family care or medical leave status, race, religion (including beliefs and practices or the absence thereof), sexual orientation, military or veteran status, or any other characteristic protected by federal, state, or local laws. We will not tolerate discrimination or harassment based on any of these characteristics.We will work to ensure individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions, and to receive other benefits and privileges of employment.Disclaimer: Beware of fake job offers!
We’ve been alerted to scammers posing as ŌURA recruiters, especially for remote roles. Please note:
  • Our jobs are listed only on the ŌURA Careers page and trusted job boards.
  • We will never ask for personal information like ID or payment for equipment upfront.
  • Official offers are sent through Docusign after a verbal offer, not via text or email.
Stay cautious and protect your personal details.To all recruitment agencies: Oura does not accept agency resumes. Please do not forward resumes to our jobs alias, Oura employees, or any other organization's location. Oura is not responsible for any fees related to unsolicited resumes.

Oura