Senior Manager, Privacy Operations (Legal)

About The Position

Requirements

• Hands‑on experience operationalizing privacy programs in a regulated environment, preferably pharmaceuticals, biotech, or life sciences
• Strong working knowledge of global privacy frameworks, including GDPR, CCPA and U.S. privacy laws
• Demonstrated experience managing DSARs, PIAs/DPIAs, and privacy incident workflows
• Familiarity with Privacy management and workflow tools (e.g., OneTrust or similar platforms), Data mapping, RoPA, and DSAR management tools
• Familiarity with information security and IT concepts (e.g., access controls, encryption, data lifecycle management)
• Proficiency with Microsoft 365 tools (Excel, Word, PowerPoint, Teams) for documentation and reporting
• Ability to translate legal requirements into clear, practical operational processes
• Strong project management, organizational, and documentation skills
• Excellent communication skills with the ability to work effectively across legal, technical, and business teams
• 7+ years of experience in privacy and data protection, preferably in the pharmaceutical/biotech/life sciences industry
• Bachelor’s degree required

Nice To Haves

• Relevant privacy or compliance certifications preferred, such as:
• Certified Information Privacy Manager (CIPM)
• Certified Information Privacy Professional (CIPP/US, CIPP/E, or equivalent)

Responsibilities

• Implement and maintain the Corcept’s privacy program, including policies, guidelines, and work instructions
• Operationalize privacy requirements under applicable data protection laws (e.g., GDPR, UK GDPR, CCPA, U.S. state privacy laws, and other global regulations)
• Maintain records of processing activities (RoPA), data inventories, and supporting documentation
• Support privacy‑by‑design principles in business processes and systems
• Own and manage the intake, tracking, and fulfillment of data subject rights requests (DSARs), including access, deletion, correction, and objection requests
• Support privacy incident and breach response activities, including intake, triage, investigation support, documentation, and remediation tracking
• Coordinate with internal stakeholders to ensure timely, accurate, and well documented responses within statutory deadlines
• Coordinate and perform privacy impact assessments / data protection impact assessments (PIAs/DPIAs) in collaboration with IT and business teams
• Identify operational privacy risks and recommend mitigation strategies
• Support internal audits, inspections, and regulatory inquiries related to privacy
• Support vendor privacy due diligence and onboarding processes, including privacy questionnaires and risk assessments
• Assist with the operational implementation of data processing agreements and privacy‑related contractual requirements
• Track and monitor privacy obligations applicable to vendors
• Develop and deliver role‑based privacy training and awareness materials
• Act as a point of contact for business teams on operational privacy questions
• Promote a culture of privacy, accountability, and data protection across the organization
• Track and report on privacy metrics and key performance indicators (KPIs)
• Identify opportunities to streamline and automate privacy processes and workflows
• Monitor regulatory developments and recommend operational enhancements as needed