Data Privacy Operations & Assurance Associate Director

About The Position

Requirements

• Bachelor's degree
• Typically requires 5 years of experience in Privacy Operations within the pharma or biotech industry inhouse or as an external advisor.
• Minimum 2 + yrs experience in life sciences across multiple jurisdictions.
• Strong working knowledge of data mapping technology (e.g., OneTrust or similar tool).
• Demonstrable program management skills, including strong organizational and multi-tasking abilities.
• Ability to prioritize workload and projects with minimal supervision.
• Demonstrated teamwork and collaboration skills.
• Exceptional written, oral, and presentation skills.

Responsibilities

• Develop and mature processes and procedures to maintain compliance with the Global Data Privacy Policy and applicable data protection laws, regulations, and guidelines.
• Develop and review content for training materials, guidance documents, and communications to increase employee understanding of privacy policies, data handling practices, legal obligations, and best practices.
• Serve as the primary owner for the design and maintenance of the Data Inventory, Triage, Assessment, and Data Protection Impact Assessment (DPIA) processes.
• Perform regular privacy assessments of low and medium-risk business processes, providing practical and timely advice to internal clients to ensure compliance while protecting the company’s integrity and reputation.
• Work with the network of "Super Users" and "Privacy Champions" (individuals embedded in the business) through regular touchpoints, training, and strategic direction.
• Assist process owners and Super Users in completing data inventories and DPIAs, coordinating with the business and the global Data Protection Officer (DPO) to mitigate residual risks.
• Mature the vendor privacy and security risk management process with the Third Party Risk Management (TPRM) team to ensure vendors with access to personal data are appropriately vetted.
• Support the monitoring and auditing plan for compliance with internal data protection policies and processes, coordinating with Internal Audit, the Office of Business Integrity and Ethics, or external auditors.
• Support the process for responding to data subject requests and reports of potential data incidents (in coordination with Privacy Counsel and Litigation).
• Maintain and enhance privacy program metrics and reporting, driving the implementation and maintenance of appropriate reporting tools (e.g., Tableau).
• Coordinate with business units to embed privacy triggers within organizational processes, such as the Software Development Lifecycle (SDLC), to proactively integrate privacy across the organization.
• Work with the data technology & engineering team to identify and employ internal tools to strengthen operational processes and implement improved programmatic mitigations and controls.
• Keep abreast of global privacy developments (e.g., EU guidance, US state laws, e-privacy developments) and proactively anticipate changes needed for the global privacy program.

Benefits

• This role is eligible for an annual bonus and annual equity awards.
• Some roles may also be eligible for overtime pay, in accordance with federal and state requirements.
• From medical, dental and vision benefits to generous paid time off (including a week-long company shutdown in the Summer and the Winter), educational assistance programs including student loan repayment, a generous commuting subsidy, matching charitable donations, 401(k) and so much more.