Executive Director, Global Policy

About The Position

Requirements

• Juris Doctor (JD); active bar membership a plus.
• Privacy certifications (e.g., CIPP/E, CIPP/US, CIPM, CIPT).
• 15+ years of experience in privacy, data protection, legal, compliance, or risk management
• Significant experience managing or leading global privacy programs in multi-jurisdictional environments.
• Deep knowledge of global privacy regulations and frameworks (e.g., GDPR, UK GDPR, HIPAA, CCPA/CPRA, and other international laws).
• Experience with cross-border data transfers, data localization requirements, and global data governance.
• Strong understanding of privacy risk assessments, data lifecycle management, and compliance program integration.
• Ability to influence senior leadership and drive global, cross-functional initiatives.
• Strong strategic thinking with practical, business-oriented judgment.
• Excellent communication and stakeholder management skills across diverse geographies.
• Proven ability to lead teams and operate effectively in a matrixed, global organization.
• Strong organizational and project management capabilities.

Nice To Haves

• Experience in regulated industries (e.g., biotech, pharmaceutical, healthcare, or technology) preferred.
• Familiarity with emerging areas such as AI/ML governance, digital health, and global data strategy.

Responsibilities

• Lead the development and execution of a comprehensive global privacy strategy aligned with business objectives and the broader compliance program.
• Serve as a senior advisor to the General Counsel (GC) and other senior executives on global privacy risks, regulatory developments, and data governance.
• Establish and maintain enterprise-wide global privacy governance frameworks, policies, and standards.
• Design the Global Privacy team structure and operating model leveraging both regional and global resources, support design and implementation of technology-enabled systems and processes for regional adaptation where appropriate and recruit a high-performing team.
• Provide regular updates to the General Counsel and other senior executives on global privacy program performance, risks, and mitigation strategies.
• Design, implement, and continuously enhance a global privacy program aligned with international laws and best practices.
• Ensure alignment of the privacy program with the company’s overall compliance framework and enterprise risk management approach.
• Ensure compliance with global privacy and data protection regulations, including GDPR, UK GDPR, HIPAA, CCPA/CPRA, and other applicable international and local laws.
• Oversee Data Privacy Impact Assessments (DPIAs), cross-border data transfer mechanisms, and global risk assessments.
• Monitor and report on privacy metrics, trends, and program effectiveness across regions.
• Serve as the primary privacy lead for all clinical trial-related activities, including data collected from clinical sites, investigators, and patients.
• Partner with R&D and clinical teams to ensure compliant handling of sensitive clinical and health data.
• Collaborate with Commercialization teams to advise on processes, controls, and risks related to data-driven activities, including analytics, digital initiatives, and commercialization strategies.
• Embed privacy-by-design and privacy-by-default principles into systems, products, and business processes globally.
• Partner cross-functionally with Compliance, Legal, IT Security, R&D, HR, and Commercial teams across regions.
• Support global initiatives involving sensitive data, including clinical, digital, and analytics-driven programs.
• Work closely with HR and Information Security (IS) to address employee and internal data privacy matters, including monitoring, investigations, and governance of workforce data.
• Lead or oversee global privacy incident response, including breach assessment, notification, and remediation across jurisdictions.
• Lead and/or oversee privacy-related investigations, including internal reviews and regulatory-driven inquiries.
• Collaborate with Compliance and Information Security to ensure consistent global controls and preparedness.
• Identify, assess, and mitigate global privacy risks in alignment with enterprise risk management priorities.
• Serve as a key point of contact for global data protection authorities and regulators, in coordination with Compliance and Legal.
• Support global regulatory inquiries, audits, and inspections related to privacy.
• Oversee global privacy due diligence and risk management for third-party vendors and partners.
• Own and maintain privacy-related standards across the organization, including templates and playbooks.
• Review, negotiate, or oversee negotiation of privacy and data protection terms in contracts, including data processing agreements (DPAs), standard contractual clauses (SCCs), and related provisions.
• Ensure consistent and appropriate privacy language across all contractual forms and third-party engagements.
• Develop and deliver global privacy training and awareness programs aligned with compliance initiatives.
• Promote a culture of privacy, ethics, and accountability across all geographies.
• Partner with Compliance to integrate privacy into Code of Conduct, global policies, and enterprise training programs.