Head of Compliance

Munich, Warsaw

MyTherapy is the world’s fastest-growing disease management app. More than 5 million users around the globe use MyTherapy to manage their medications, track their disease, establish healthy habits and share data with doctors and caregivers. Our partners use MyTherapy as Operating System for Digital Therapeutics (DTx), patient education and adherence support by deploying modules on the platform, thereby benefitting from MyTherapy’s world-class engagement and scalability. Being ISO 13485-certified, we have the capability to develop, and operate modules as certified medical devices under MDR (EU), FDA (US) and beyond.

We are looking for an experienced Head of Compliance who shares our passion for combining a global B2B service business with a B2C product that impacts the lives of millions of patients living with a disease. It will be your responsibility to ensure our compliance with applicable medical device (MDR/FDA) and privacy regulation (GDPR) and guide our IT teams on managing resulting information security requirements in line with ISO 27001. You will head our team of quality, compliance and regulatory affairs managers and will work closely with our product managers and the company's founders for aligning our regulatory strategy with our business priorities. You have a track record for combining compliance with a holistic view of commercial success and risk. You have shown that innovative processes and tools can enable compliance while without burdening the organization or being in conflict with agile processes. You have the capacity to lead the team and fully own all compliance-related agreements and conversations with our global B2B partners. If this sounds like you, see the responsibilities and tasks below.

Responsibilities

Coordinate our compliance team across Quality Management, Privacy Management and Information Security Management and thereby ensure that our products, processes and data handling efficiently and effectively comply with applicable legal/regulatory/contractual requirements and that we are taking a comprehensive and controlled approach to managing related business risks:

  • Effective compliance with European (MDR) and American (FDA) medical device regulation while minimizing the burden for the organization
  • ISO 13485 (re-)certification of our Quality Management System (QMS) while ensuring it stays lean and fit-for-purpose
  • Efficient and effective compliance with GDPR and other applicable privacy regulation
  • Effective identification and protection of critical systems and information assets through our Information Security Management System (ISMS)
  • Consistency and comprehensiveness of our approach to controlling business risks across the topics of (medical device) safety, privacy and data security
  • Leading, developing and inspiring the team and further establishing compliance as an enabler for our business

Tasks

Effective compliance with European (MDR) and American (FDA) medical device regulation while minimizing the burden for the organization

  • Guide the regulatory strategy for our medical devices, turn it into easy to understand guidance documents for our team and our partners and translate into quality agreements or similar cooperation contracts
  • Together with our QM/RA team ensure that our medical devices' development process and technical documentation is compliant with applicable standards, easily maintainable and designed to scale to additional regulatory environments
  • Together with our QM/RA team, implement efficient and compliant post-market processes in line with the regulatory requirements of our growing portfolio of medical devices
  • Ensure learnings from product development feedback into advancing our QMS, ISMS and DPMS

ISO 13485 (re-)certification of our Quality Management System (QMS) while ensuring it stays lean and fit-for-purpose

  • Own continuous compliance and efficiency of QMS through meaningful KPI, management review and by owning audit success
  • Ensure that our QMS effectively guides design, development and verification of medical device software while minimizing interference with software development and scrum processes
  • Provide guidance to the team on modularizing the QMS so it can serve different regulatory requirements without creating avoidable overhead

Compliance with GDPR and other applicable privacy regulation

  • Own the efficiency and effectiveness the smartpatient Data Protection Management System (DPMS) and ensure it is kept up to date and complies with GDPR and other applicable privacy regulation
  • Own privacy-related aspects of our cooperations inside and outside the Shop Apotheke Group and create and enforce contract templates around topics like data processing and data controllerships
  • Guide product managers and product owners on questions regarding data handling and consent management
  • Ensure overall efficiency by minimizing redundancy between DPMS and ISMS

Effective identification and protection of critical systems and information assets through our Information Security Management System (ISMS)

  • Guide the further build-out of our ISMS under strict application of a risk-based approach
  • Work closely with our development and sysops teams to define and implement security measures that are effective, efficient to maintain and do not interrupt our key workflows
  • Guide team towards ISO 27001 certification

Consistency and comprehensiveness of our approach to controlling business risks across the topics of (medical device) safety, privacy and data security

  • Establish shared procedures across QMS, DPMS and ISMS for driving consistency and minimizing redundancy in compliance-related procedures
  • Own overall regulatory compliance of our products
  • Own fulfillment of our pharmacovigilance duties
  • Ensure comprehensive view and efficient control of our business risk and a consistent, risk-based approach across safety (QMS), privacy (DPMS) and information security (ISMS)

Leading, developing and inspiring the team and further establishing compliance as an enabler for our business

  • Lead and develop our team of quality managers, risk managers, information security and privacy experts ensuring clear ownership for success and enabling everybody to deliver their best
  • Further establish the compliance team as a valuable expert resource that enables product development and efficient processes in a regulated, sensitive environment
  • Inspire our team by combining true ownership for our business objectives with a passion for helping patients
  • Be a role model for our respectful, inclusive working environment that everybody should love to spend time at

Skills

  • Strong experience in holistically owning compliance-related topics for a regulated digital service (e.g. healthcare, finance) being available in multiple regulatory environments such (5+ years)
  • Proven track record for establishing the compliance team as valued facilitator within the organization and for an outstanding business judgment when guiding the implementation of compliance-related processes
  • Professional experience with current EU and FDA medical device regulations and guidelines
  • Professional experience with the development, certification and operation of software as medical device (SaMD) in the EU and US and profound knowledge of applicable regulation standards (MDR, FDA, ISO 13485/13791, IEC 62304, AAMI TIR45)
  • Professional experience with managing GDPR compliance overall and during product development
  • Professional experience with information security management (ISMS) and ISO 27001
  • Track record of conceiving regulatory strategies and translating them into technical documentation and agreements with vendors and/or clients
  • Experience in authoring lean process descriptions that align with business importance and formal necessities while minimizing the impact on daily work as far as possible
  • Excellent oral and written English (our primary company language)
  • A passion for using innovative tools to establish lean distributed workflows
  • A passion for working on products and services that have a positive impact for people living with chronic diseases.
  • You deeply value working in and shaping a diverse, inclusive working environment and enabling your team to deliver their best

We are looking forward to receiving your CV.

The best way to share your application with us is via our application form. It doesn't take long, we promise – just tap on the button below to get started.

If you're unable to use the application form, you can always email us your application (jobs@smartpatient.eu).

Do you have questions? Write us through jobs@smartpatient.eu or call us at +49 89 1222493-00. We are looking forward to hearing from you!