Job Description:We are seeking a seasoned privacy specialist to join our team in the newly created Global Privacy Office within the whip-smart and highly respected Legal and Compliance Department at the company’s world headquarters in Boston, MA. The Department is committed to a trusting and collaborative culture where we value growth and development. We engage proactively with our business colleagues to truly understand them and to deliver results for our company and for patients. The Global Privacy Office is a small but growing team – if you thrive in a fast-paced and hands-on environment where you can have a big impact on the organization, we’d love to talk to you!
The individual in this position is a key role in the Global Privacy Office and will support the Chief Privacy Officer in the development and maintenance of ongoing privacy-related efforts at the company. This role will be responsible for the maturation of privacy-related policies and SOPs, establishing strategic direction for the global privacy program and related processes, and training, as well as providing risk-based and solutions-oriented advice to a broad spectrum of internal clients related to the processing of personal data. This role will also be responsible for identifying new opportunities for programmatic mitigations and controls and implementing operational improvements as the program - and company - continue to grow. This position will report to the Chief Privacy Officer.
- Developing and reviewing content for training materials, guidance documents and other communications to increase employee understanding of company privacy policies, data handling practices and legal obligations, as well as to ensure awareness of “best practices” on privacy and data security issues via global and local communications plans;
- Performing regular privacy assessments of business processes, providing practical and timely advice to internal clients to design processes in compliance with applicable data protection requirements, while protecting the company’s integrity and reputation;
- Assisting business process owners and privacy champions in completing data inventories and DPIAs and working with the business, as well as the global DPO, to mitigate any residual risks;
- Maturing vendor privacy and security risk management process at the Company to ensure that all vendors with potential access to personal data are appropriately vetted;
- Overseeing monitoring/auditing plan for compliance with internal data protection policies and processes and working with Internal Audit function, Office of Business Integrity and Ethics or external auditors in carrying out plan;
- Managing process for responding to data subject requests and reports of potential data incidents (in compliance with Privacy Counsel and Litigation);
- Working with our engineering team to identify and employ internal tools to strengthen operational processes and implement improved programmatic mitigations and controls;
- Keeping abreast of privacy developments affecting clients (e.g., evolving guidance out of the European Union, California Privacy Act, discussions of US privacy laws, CAN-SPAM and e-privacy developments) and proactively anticipating potential changes needed to global privacy program to meet new regulatory requirements; and,
- Participating in various Legal & Compliance Department projects and initiatives (e.g., Culture Committee, Pro Bono & Community Engagement Committee, Talent & Development Committee, Diversity Committee, offsite planning).
- JD or Master’s degree highly preferred
- Minimum of 5 years’ experience providing privacy advice, preferably to pharmaceutical, biotechnology, or medical device companies; legal background preferred but not required
- Extensive knowledge of privacy laws and data security requirements helpful
- Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), or equivalent professional certification is preferred
- Consummate team player with excellent judgment and interpersonal skills;
- Demonstrable program management skills, including strong organizational and multi-tasking abilities;
- Attention to detail and accuracy;
- Ability to prioritize and complete daily workload and projects with minimal supervision and in accordance with deadlines and shifting priorities
- Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and multi-functional teams;
- Ability to be proactive, exercise independent judgment and demonstrated ability to work effectively on cross-functional teams with all levels of management and other company personnel
- Highly motivated to contribute and grow within a complex area of emerging importance;
- Exceptional written, oral and presentation skills.