Director, Privacy & Data Protection, Americas

About The Position

Requirements

• A minimum of a Bachelor's degree is required.
• Strong expertise in GDPR, UK GDPR, and major Americas data protection laws.
• Deep knowledge of MedTech environments, including clinical data, product lifecycle data, device telemetry, robotics/digital surgery platforms, and connected devices.
• Experience with privacy‑by‑design, data governance, AI/ML governance, and cross‑border data mechanisms.
• Proven ability to lead complex privacy programs across multinational, matrixed organizations.
• Strong executive influence and strategic advisory experience across technical, clinical, and commercial functions.
• Demonstrated success leading large, distributed teams and extended steward networks.
• Strong coaching, mentoring, and talent‑development capabilities.
• Exceptional communication, relationship‑building, and facilitation skills.
• Ability to translate complex regulatory requirements into clear, actionable business guidance.
• Strong understanding of MedTech business models, connected‑device ecosystems, clinical operations, product development lifecycles, and digital transformation.
• Demonstrated ability to drive modernization and enable responsible, innovative uses of data.

Nice To Haves

• Audit and Compliance Trends
• Audit Findings and Recommendations
• Compliance Management
• Compliance Policies
• Compliance Risk
• Confidentiality
• Consulting
• Controls Compliance
• Developing Others
• Inclusive Leadership
• Leadership
• Legal Function
• Legal Services
• Policy Development
• Risk Management Framework
• Tactical Planning
• Team Management

Responsibilities

• Serve as the senior regional privacy executive for MedTech across the Americas, responsible for strategic leadership, direction‑setting, and regulatory oversight.
• Translate the global MedTech privacy strategy into an Americas regional execution plan aligned with business priorities and legal requirements.
• Oversee day‑to‑day privacy operations across the region, including governance, risk management, escalations, and regulatory engagement.
• Promote ethical, responsible, and innovative data use across MedTech Commercial, Clinical, R&D, Robotics, Digital, and connected‑device programs.
• Represent privacy at regional leadership forums and partner with senior leaders across Commercial, Clinical, R&D, Technology, Quality, Supply Chain, and Medical Affairs.
• Lead and develop regional and sub‑regional privacy leaders across the Americas region.
• Manage one direct report—a Senior Manager for Latin America (LATAM)—providing coaching, strategic direction, and performance management.
• Establish governance routines, operating mechanisms, prioritization processes, and performance standards to ensure effective regional execution.
• Establish a community and oversee a large network (approximately 130) of named Privacy Stewards embedded in MedTech Commercial, Clinical, and R&D organizations across the Americas.
• Provide active support for PFDS deployment.
• Monitor Self-Assessment results and sharing of best practices across teams.
• Define Steward responsibilities, operational expectations, capability‑building requirements, and quality standards.
• Act as the primary escalation point for Steward‑raised risks, issues, or cross‑border complexities.
• Ensure consistent implementation of the Privacy Policy, Rulebook, Specifications, and Global Privacy Organization (GPO) processes across all of the Americas markets.
• Drive maturity, operational consistency, and continuous improvement in the Steward community.
• Establish a channel with the Business to communicate impactful regulatory changes and set compliance strategies.
• Provide expert privacy and data‑ethics guidance to leaders across MedTech Commercial, R&D, Clinical, Digital Surgery/Robotics, Data Science, Technology, and Medical Affairs.
• Privacy Assessment approvals (i.e. XIA) for all medium and high-risk data processing.
• Embed privacy‑by‑design in product development, clinical research, digital platforms, connected devices, IoT systems, imaging technologies, and analytics programs.
• Deliver practical, business‑focused guidance on risk mitigation, regulatory interpretation, and complex privacy decision-making; and, as appropriate, document this guidance with a Rulebook Specification.
• Monitor and advise on emerging privacy, AI, digital‑health, and clinical‑data regulations across the Americas.
• Represent the Americas region in global privacy leadership forums, ensuring alignment with global privacy strategy, policies, modernization initiatives, and enterprise processes.
• Work closely with Privacy Centers of Excellence, back‑office teams, and governance groups to implement globally consistent solutions and recommend and drive enhancements that meet MedTech’s regional needs.
• Contribute to privacy‑related transformation initiatives to enhance operational simplicity, agility, and scalability.
• Support the translation of recurring MedTech Americas privacy use cases into global Specifications and playbooks.
• Lead regional governance routines, privacy reviews, reporting mechanisms, and risk‑management processes.
• Participation in periodic Management Reviews of Privacy Self-Assessment results by the Business.
• Oversee DPIAs, Legitimate Interest Assessments, high‑risk processing reviews, incident response, and remediation activities.
• Ensure compliance with GDPR, UK GDPR, national privacy laws, AI regulations, digital‑health frameworks, and emerging requirements relevant to MedTech operations.
• Provide privacy leadership during acquisitions, integrations, and divestitures within the MedTech Sector in the Americas.
• Support regulatory inquiries, audits, and consultations across the Americas markets.

Benefits

• Consolidated retirement plan (pension)
• Savings plan (401(k))
• Long-term incentive program
• Vacation –120 hours per calendar year
• Sick time - 40 hours per calendar year (or 48/56 hours in CO/WA)
• Holiday pay, including Floating Holidays –13 days per calendar year
• Work, Personal and Family Time - up to 40 hours per calendar year
• Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
• Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
• Caregiver Leave – 80 hours in a 52-week rolling period
• Volunteer Leave – 32 hours per calendar year
• Military Spouse Time-Off – 80 hours per calendar year