JOB DESCRIPTION
Your Role The Stellarus Legal and Compliance team oversees enterprise-wide compliance with privacy laws, regulations, and policies. The Chief Privacy and Compliance Officer will report to the Stellarus Chief Executive Officer along with dotted line reporting to the Stellarus Chief Legal Officer. As the company's first Chief Privacy and Compliance Officer, you will design and lead a comprehensive privacy and compliance program tailored to a fast-moving technology startup environment. You will play a hands-on role in ensuring that our health technology platform and digital health plan solutions comply with healthcare regulations (e.g., HIPAA, HITECH, CCPA) and internal compliance and ethical standards—without slowing down innovation. This role blends strategic oversight, cross-functional collaboration with leaders in the company and the ability to execute quickly and build sound a compliance program and operational processes from the ground up. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning. ABOUT THE TEAM
About Stellarus and the Ascendiun Family of Companies Stellarus, launched in January 2025, is designed to scale innovative healthcare solutions that support customers in creating a health care experience deserving of their family, friends, and neighbors. Stellarus is part of a family of organizations that is overseen by a nonprofit corporate entity named Ascendiun. The Ascendiun Family of Companies also includes Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan and Altais, a clinical services company. Stellarus' vision is to empower its customers to create a healthcare experience that is worthy of their family, friends, and neighbors. Stellarus' objective is to offer innovative, modern, scalable solutions that challenge the health care status quo. This very closely aligns with Blue Shield of California's vision by using innovation to improve quality, affordability, and experience for members. To achieve our mission, we foster an environment where all employees can thrive and contribute fully to address the needs of the various communities we serve. We are committed to creating and maintaining a supportive workplace that upholds our values and advances our goals. Our Values:
At Stellarus, our core values of agility, trust, drive, courage and service shape our approach to developing innovative product offerings. Our Workplace Model:
We believe in fostering a workplace environment that balances purposeful in-person collaboration with flexibility - providing clear expectations while respecting the diverse needs of our workforce. Our workplace model is designed around intentional in-person interaction, collaboration, connection, creativity and flexibility: For most teams, this means coming into the office two days per week. Employees living more than 50 miles from an office location, out of state employees, and employees in certain member-facing roles should work with their manager to determine in-office time based on business need. For employees with medical conditions that may impact their ability to work in-office, we are committed to engaging in an interactive process and providing reasonable accommodations to ensure their work environment is conducive to their success and well-being. The Company reserves the right to require more presence in the office based on business needs, and requirements are subject to change with periodic reviews. Physical Requirements:
Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day. Please click here for further physical requirement detail. Equal Employment Opportunity:
External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws. RESPONSIBILITIES
Your Work In this role, you will: Oversee Privacy & Data Governance Act as the company's Privacy Officer and Compliance Officer. Establish privacy policies, procedures, and data use governance aligned with HIPAA, HITECH, CCPA, and similar U.S. regulations. Partner with Product, Engineering, Security, and teams to embed privacy into the product lifecycle. Participate in privacy impact assessments, incident response planning, and data breach mitigation efforts. Monitor the evolving regulatory landscape and maintain organizational readiness. Compliance Program Leadership Build and operate a scalable compliance program suited for a growing tech organization including key compliance policies and processes. Develop and deliver compliance training and awareness programs. Manage and ensure internal and external audit readiness (e.g., HIPAA audits, SOC 2, HITRUST). Manage and ensure third-party compliance with data handling standards. Executive Strategy & Operations Advise the Board, CEO and Executive Leadership team on privacy and compliance risks, regulatory trends, and operational requirements. Provide practical, business-focused guidance to enable compliant innovation. Develop metrics, internal and external reporting and dashboards that demonstrate the effectiveness of the privacy and compliance program. Represent the company in Compliance and regulatory interactions and industry forums, where applicable. QUALIFICATIONS
Your Knowledge and Experience Juris Doctor (JD) from an ABA accredited law school and Bar admission required (CA strongly preferred) CHC or CCEP certification preferred Requires substantive experience dealing with privacy, HIPAA and health care regulations Requires Privacy Program management experience Requires at least 8 (eight) years prior relevant experience as a Privacy SME Experience drafting and negotiating complex contracts between health plans and external vendors/technology partners related to Privacy requirements Superior contract drafting skills and an ability to assess and draft agreements with a complete understanding of ramifications integrating law and business Knowledge of HIPPA Strong ability to provide risk assessment/risk mitigation support Combination of law firm and in-house experience preferred Your Knowledge and Experience Juris Doctor (JD) from an ABA accredited law school and Bar admission required (CA strongly preferred) CHC or CCEP certification preferred Requires substantive experience dealing with privacy, HIPAA and health care regulations Requires Privacy Program management experience Requires at least 8 (eight) years prior relevant experience as a Privacy SME Experience drafting and negotiating complex contracts between health plans and external vendors/technology partners related to Privacy requirements Superior contract drafting skills and an ability to assess and draft agreements with a complete understanding of ramifications integrating law and business Knowledge of HIPPA Strong ability to provide risk assessment/risk mitigation support Combination of law firm and in-house experience preferred