Senior Counsel Specialist, Assistant General Counsel, Privacy Law

About The Position

Requirements

• A U.S. law degree (J.D.) and current “good standing” admission to at least one U.S. state bar, or be eligible to apply to California’s Registered In-House Counsel program
• 12+ years of experience as a practicing attorney, in-house and/or at a law firm, including at least 5+ years of direct, hands-on experience providing legal counseling on data privacy and security matters to biotechnology and/or pharmaceutical companies.
• CIPP/US certification required
• Subject matter expert on requirements of data protection and privacy legal issues affecting the business activities of a research-based biotechnology and/or pharmaceutical company.
• Comprehensive understanding of relevant privacy and consumer protection statutes, regulations and guidance, such as comprehensive state privacy laws, Section 5 of the FTC Act, California Confidentiality of Medical Information Act (CMIA), Washington My Health My Data Act, state breach notification laws, HIPAA, EU General Data Protection Regulation (GDPR), TCPA, and CAN-SPAM.
• Understanding of the emerging AI legal landscape, including an understanding of the requirements of the Colorado AI Act and related legislation.
• Substantial experience assessing and practically mitigating privacy and data protection legal risks.
• Experience managing and supporting a corporate privacy program.
• Ability to deliver clear, concise and practical advice regarding challenging legal issues to legal and non-legal colleagues, including senior management.
• Strong organizational skills, ability to multitask and prioritize effectively, take initiative, lead projects, and work independently and collaboratively with others.
• Demonstrated experience taking ownership of issues and providing timely, actionable advice.
• Demonstrated enterprise-wide thinking and growth mindset.

Nice To Haves

• AIGP certification is a plus.

Responsibilities

• Act as a key internal point-of-contact and subject matter expert on privacy and data protection, providing practical, timely, strategic, and high-quality legal advice on data privacy and security matters.
• Influence strategic implementation of privacy legal and compliance requirements across the organization.
• Drive privacy strategy and implementation based on continuous monitoring of new and evolving privacy laws, enforcement, and litigation across jurisdictions.
• Draft, update, and implement internal privacy policies, procedures, and guidances, and external privacy notices and consent language, to reflect evolving legal requirements and industry best practices.
• Develop standards, templates, playbooks, and training for drafting and negotiation of data processing agreements.
• Provide legal support for the strategic reviewing, drafting, and negotiating of privacy and data security terms in contracts with business partners and vendors, including data processing agreements and data protection terms in clinical research agreements.
• Provide advice, education, training, and legal direction on data protection laws impacting business operations and contractual relationships.
• Advise on data privacy, legal risk identification and mitigation efforts, as well as data privacy compliance efforts.
• Develop content for privacy training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations, as well as to ensure awareness of “best practices” on privacy and data security issues.
• Review Privacy Impact Assessments (PIAs) and advise on the management of complex privacy matters involving systems and data processing activities.
• Provide legal counsel on investigations involving reports of inappropriate or unauthorized access, loss or disclosure of personal data, including advising on potential liability, identifying legal obligations, and supporting incident response efforts.
• Collaborate with External Affairs colleagues on opportunities to influence privacy and data security legislation.
• Participate in industry group meetings to stay updated on best practices and emerging trends.
• Partner and align with global colleagues on development and implementation of compliance and training programs.