Data Protection Analyst - USA

Information Security · United States, Massachusetts
Department Information Security
Employment Type Permanent
Minimum Experience Experienced
Compensation Competitive

Please note this is a remote-based role. 

LumiraDx is a medical technology company developing, manufacturing and marketing smart connected diagnostics and diagnostic-led care solutions. Founded in 2014 by entrepreneurs with a successful track record in building and scaling medical diagnostics and health IT businesses, the company has major operations in the UK and the USA, and is supported by a global sales network, LumiraDx currently has over 900 employees worldwide. We have recently launched the innovative LumiraDx Platform, and are looking for proactive, experienced, focused and enthusiastic individuals who can make a significant contribution to the continued growth and success of our dynamic and forward-looking company. 


The key objective of this role is the implementation, management and operation of the data protection programme. The responsibilities include championing data protection in LumiraDx organisations, maintaining knowledge of relevant standards and regulations and legislation, reviewing and updating the data protection framework against the relevant standards, participating in the internal audit programme, monitoring the effectiveness of the data protection programme, reporting KPIs and understanding regulatory environment for data protection.

Key Areas of Responsibility

  • Working Knowledge of global data protection and privacy standards, regulations and legislation including but not limited to GDPR, UK Data Protection Act 2018, HIPAA, HITECH, CCPA, ISO 27701
  • Work to implement, evaluate and improve the Data Protection Management System including LumiraDx binding corporate rules
  • Experience of managing data subject requests, data breaches and performing data protection impact assessments including risk assessments
  • Experience of data processing agreements
  • Oversea management of the LumiraDx Binding Corporate Rules
  • Knowledge of information security
  • Perform training, competency reviews and induction training for the data protection programme.
  • Oversee maintenance of the LumiraDx record of processing
  • Member of Cyber Emergency Response Team (CERT)
  • Participate in cyber emergency response rehearsal exercises
  • Maintain expert knowledge of regulatory, legislative and privacy environment
  • Participate in internal and external ISMS audit programmes
  • Identify non-conformances, create, implement and review corrective and preventative action plans
  • Responsible for compliance relating to the reporting and first line remediation of events involving personally identifiable data
  • Work with product team and business owners to provide data protection expertise and guidance
  • Improve data protection in LumiraDx products and services

About You

To be successful in this role you must be a highly motivated individual that can demonstrate flexibility and a can-do attitude. You should ensure positive, productive and proactive relationships with a range of internal and external key stakeholders

 Essential skills

  • Working Knowledge of global data protection and privacy standards, regulations and legislation including but not limited to GDPR, UK Data protection Act, HIPAA, ISO 27701.
  • Experience of using OneTrust privacy platform.
  • Experience of conducting data privacy impact assessments including risk analysis.
  • Handling of data subject requests.
  • Handling of breaches of personally identifiable data.
  • Have, or be working towards data protection qualification including a data protection related degree or IAPP.

Desirable skills

  • Ability to be an advocate for data protection with business leaders.
  • Delivery of data protection training and awareness programmes.
  • Flexibility in working style to meet business needs.
  • Strong team worker.
  • Health industry experience.


At LumiraDx, diversity and inclusion are part of who we are. LumiraDx is committed to inclusion across race, colour, religion, age, gender, sexual orientation or identity. We celebrate uniqueness and believe diversity drives innovation. LumiraDx seeks to deliver high quality, affordable medical diagnostics and healthcare services accessible to everyone around the world, and we wish to reflect a global multi-cultural approach across our business


Please note, if you wish to submit an application for this role, please consider the following information:

This vacancy is open to internal and external candidates. If you are an internal candidate, please notify your line manager before you submit your application. If you’re successful, you may be subject to all or some of the LumiraDx standard pre-employment checks.


Criminal records data is processed as part of our recruitment and selection processes and, where necessary, in the course of employment, we verify that candidates are suitable for employment or continued employment to comply with legal and regulatory obligations to which the company is subject. LumiraDx place a high level of importance on its responsibilities for information security and privacy and have put in place an information security management system to ensure that the company and its staff maintain the highest standards with respect to data protection and information security. All staff are responsible for information security and therefore must understand and comply with the Company information security policies, procedures and guidance.

Thank You

Your application was submitted successfully.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

  • Location
    United States, Massachusetts
  • Department
    Information Security
  • Employment Type
  • Minimum Experience
  • Compensation