About Abby Care: Powering the future of care at home for all of America.

Abby Care is building the leading AI-native platform for family-led care. America is facing a growing care crisis. Millions more people need care at home than ever. Over 50 million family caregivers support loved ones without the tools, training, or recognition they deserve.

We believe families are the largest untapped caregiving workforce in America, and that technology can help them deliver better care while driving stronger outcomes and greater transparency across the healthcare system.

Abby Care combines clinical oversight with an AI-powered platform to train, enable, and support family caregivers in delivering high-quality care at home. Our platform helps health plans and government partners better understand, verify, and improve care in the home. We expand access to care, reduce reliance on higher-cost settings, and help ensure public dollars are spent effectively.

We are proud to partner with leading health plans, providers, and community organizations and are backed by top VCs. We envision a future where family-led care is a core part of the healthcare system. Abby Care is building that future.

Join us in solving one of the most important challenges of our time.

The Opportunity:

As we expand our capacity to support more family caregivers at scale, we’re growing the teams that support this work. We're looking for a high-agency operator to join us as our Senior Privacy & AI Counsel. Reporting to the General Counsel, you'll be the day-to-day owner of Abby Care’s privacy and AI governance programs in a high-tempo, rapidly evolving environment where the regulatory landscape shifts fast and ambiguity is the norm, not the exception.

Sitting at the intersection of strategy and execution, this is a senior, build-and-lead role. While our privacy program has a working foundation, our next phase—broader AI deployment, new state environments, and a denser vendor ecosystem—requires a senior lawyer who can set program strategy, run day-to-day operations, and serve as a true subject matter expert. You won't just be reviewing individual cases; you will own the AI governance program, scale our HIPAA Privacy program, and partner closely with the GC, Product, Engineering, Operations, and Clinical leadership to unlock safe, compliant growth. Alongside the GC, you will also brief the Executive team and Board on privacy and AI risk.

A true player-coach, you are equally comfortable setting high-level program strategy as you are rolling up your sleeves to handle daily reviews. Highly collaborative, you find energy working across diverse, cross-functional teams toward a common goal. If you are excited by the opportunity to build the playbook for AI and privacy at scale, all while transforming care at home for vulnerable populations, we’d love to hear from you!

This is a Full-Time Hybrid opportunity based in San Francisco.

What you’ll work on:

• Own Abby Care's privacy program — HIPAA compliance, state privacy law compliance, BAA program, data mapping and ROPA, privacy incident response, breach assessment and notification, and individual rights workflows — including its design, operation, measurement, and continuous improvement.

• Own Abby Care's AI governance program — the responsible AI policy suite, AI inventory, AI use case intake and review process, model risk classification, ongoing monitoring, and AI incident response — and evolve it as the regulatory and deployment landscape shifts.

• Lead AI use case reviews for internal generative and agentic AI tools and for AI-powered features in Abby Care's product, including chart update, documentation extraction, and clinical decision support. Set the SLAs and the review framework; escalate the hard cases to the GC.

• Set regulatory change management strategy across federal and state privacy and AI law. Translate horizon scanning into program and product decisions, not just memos.

• Own the BAA program end-to-end, including standard templates, fallback positions, vendor risk integration, and downstream subcontractor flow-downs.

• Serve as the senior legal partner to Product, Engineering, Operations and Clinical teams on the privacy and AI implications of new and existing features. Review PRDs, design documents, and model cards; sit in design reviews; influence the roadmap.

• Lead privacy and AI incident response, including investigation, breach analysis, regulator and individual notification, and post-incident program remediation.

• Prepare the privacy and AI sections of the Board package, with the General Counsel.

• Manage outside privacy and AI counsel relationships, including scope, budget, and quality of work product.

• Hire, develop, and lead the privacy and AI team as it grows.

• Partner with the General Counsel and Compliance leadership on Privacy Officer designation, training and awareness programs, and the integration of privacy and AI controls into the broader compliance program.

What success looks like:

In your first six months, you have taken full operational ownership of the privacy and AI governance programs from the General Counsel. You have completed a program assessment, set the 12-month work plan, and aligned the GC and Compliance leadership on it. The AI use case review process is yours — documented, in operation, and meeting SLAs you set. The BAA program has a refreshed template, a clear playbook, and a current portfolio.

In your first twelve months, Abby Care's privacy program is operating against documented standards that you own, with active monitoring, a current data map, a refreshed BAA portfolio, and a tested incident response workflow. The AI governance program is operating end-to-end and has reviewed every AI use case in production and in the active product pipeline. You have built credibility as the senior legal partner to Product, Engineering, Operations and Clinical leadership; you sit in the design reviews that matter; and the AI roadmap reflects your input.

In year two, the privacy and AI programs are running on a predictable cadence, with measurable improvements year over year and meaningful leverage from the team growing under you. You are the company's internal authority on healthcare AI deployment, you manage the outside privacy counsel relationship directly, and you have presented to the Board of Directors and are the company's named lead for privacy and AI risk at that level.

What you’ll have:

• JD from an accredited law school and active bar membership in good standing in at least one U.S. jurisdiction.

• 7+ years of legal experience, in-house or at a top law firm, with substantial privacy and AI work. In-house experience at a healthcare or healthcare technology company strongly preferred.

• Deep working command of HIPAA/HITECH — including the Privacy, Security, and Breach Notification Rules — and a demonstrated track record of building HIPAA Privacy programs.

• Deep working command of U.S. state privacy laws and the emerging U.S. state AI law landscape.

• Demonstrated track record of building or materially rebuilding an AI governance program — responsible AI policy design, AI use case review framework, model risk classification, and AI-related product review — not just operating an inherited one.

• Demonstrated experience leading privacy incident response end-to-end, including regulator-facing notification and post-incident remediation.

• Strong written communication and the credibility to take and defend a position with executives, the Board, regulators, and outside counsel.

• Comfort operating in a fast-growth environment with imperfect data, parallel priorities, and the need to write the policy yourself before handing it off.

Nice to Have:

• Experience advising on healthcare AI deployment, including FDA SaMD/CDS analysis, clinical decision support governance, and patient-facing AI disclosures.

• Familiarity with 42 CFR Part 2, the 21st Century Cures Act information blocking rules, and state Medicaid confidentiality requirements.

• Familiarity with NIST AI RMF, ISO/IEC 42001, and other AI assurance frameworks.

• Prior work with state Medicaid agencies, MCOs, or other government payors on privacy or data use matters.

• Experience hiring, developing, and leading a small legal or privacy team.

• IAPP certifications: CIPP/US strongly preferred; AIGP a meaningful plus; CIPM useful.

• A sense of humor and a steady temperament under pressure.

Benefits

• Competitive compensation packages that reflect the value you bring. We reward our team for the impact of their work – full-time employees are eligible for an annual company performance bonus.

• Comprehensive health coverage that works for you. We cover 90% of your premiums and 70% for your dependents, with multiple PPO plan options to choose from for medical, vision, dental, life, and short-term disability.

• Generous paid time off. We provide policies that allow you to recharge along with 10 paid company holidays.

• Team bonding. We love bringing our teams together. As a full-time employee, you’ll get to connect, collaborate, and have fun through team activities and our annual company retreat.

• Financial savings benefits to support your future. We support your financial well-being with HSA contributions, optional FSA and commuter benefits, and full coverage of all 401(k) account fees (employer match not currently offered).

• Paid parental leave to support your growing family. We provide paid leave, so you can focus on bonding and adjusting to life as your family grows.

We are an equal opportunity employer and welcome applicants from all backgrounds, consistent with applicable laws. Employment is contingent upon successful completion of a background check, satisfactory references, and any required documentation.

Our Values

1. Families First
   Redefining healthcare starts with how we treat the parents and children we serve. We go above and beyond for every family, building strong, lasting relationships. We continually ask ourselves, “Would we want this for our own families?”

2. Urgency with Precision
   Millions of families are waiting for care, and they cannot wait, therefore this is not your typical 9 to 5 job. We match their urgency with our own, delivering exceptional care without compromise. Here, speed and excellence go hand in hand.

3. Relentlessly Resourceful
   As an ambitious startup, we adapt quickly and make the most of limited time and resources. We solve challenges with creativity to deliver results without unnecessary complexity.

4. Purpose with Positivity
   We take our mission seriously while never losing sight of the people behind the work. Respect, kindness, memes, and coffee make us stronger as a team and better for the families we serve.

5. Driven to Redefine What’s Possible
   We are here to make healthcare better, which means asking hard questions, challenging outdated systems, and finding smarter, more compassionate ways to deliver care.