Senior Manager, Privacy Operations (Legal)
About The Position
Corcept is leading the way in the research and development of cortisol modulators, molecules that regulate cortisol activity at the glucocorticoid receptor (GR). To date, we have discovered more than 1,000 selective proprietary cortisol modulators. In 2012, we received FDA approval of Korlym® (mifepristone), the first approved treatment for hypercortisolism (Cushing’s syndrome). Today, our team and collaborators continue to unlock the possibilities of cortisol modulation as a way to treat serious diseases. With more than 30 ongoing studies across a wide range of disease areas, including endocrinology, oncology, metabolism, and neurology, we remain dedicated to advancing the possibilities of cortisol modulation. What began as a ripple of scientific truth is now poised to unleash a sea change of discovery representing a fundamental shift in the way we understand and treat disease. The Senior Manager, Privacy Operations will be responsible for implementing, operationalizing, and continuously improving Corcept’s global privacy program. This role will translate legal and regulatory privacy requirements into practical, scalable, and auditable operational processes across the organization. The role requires close collaboration with IT, HR, Clinical, Commercial, Drug Safety, and Quality functions to ensure that privacy requirements are embedded into day‑to‑day business activities, systems, and vendor relationships. The ideal candidate combines strong privacy program management experience with the ability to work hands‑on in a regulated pharmaceutical environment. The role also offers the opportunity to support broader compliance topics. This is a hybrid position typically requiring on-site presence 3 days per week. This role reports to the Sr. Director, Legal & Privacy.
Requirements
- Hands‑on experience operationalizing privacy programs in a regulated environment, preferably pharmaceuticals, biotech, or life sciences
- Strong working knowledge of global privacy frameworks, including GDPR, CCPA and U.S. privacy laws
- Demonstrated experience managing DSARs, PIAs/DPIAs, and privacy incident workflows
- Familiarity with information security and IT concepts (e.g., access controls, encryption, data lifecycle management)
- Proficiency with Microsoft 365 tools (Excel, Word, PowerPoint, Teams) for documentation and reporting
- Ability to translate legal requirements into clear, practical operational processes
- Strong project management, organizational, and documentation skills
- Excellent communication skills with the ability to work effectively across legal, technical, and business teams
- 7+ years of experience in privacy and data protection, preferably in the pharmaceutical/biotech/life sciences industry
- Bachelor’s degree required
Nice To Haves
- Familiarity with Privacy management and workflow tools (e.g., OneTrust or similar platforms), Data mapping, RoPA, and DSAR management tools
- Relevant privacy or compliance certifications preferred, such as: Certified Information Privacy Manager (CIPM) Certified Information Privacy Professional (CIPP/US, CIPP/E, or equivalent)
Responsibilities
- Implement and maintain the Corcept’s privacy program, including policies, guidelines, and work instructions
- Operationalize privacy requirements under applicable data protection laws (e.g., GDPR, UK GDPR, CCPA, U.S. state privacy laws, and other global regulations)
- Maintain records of processing activities (RoPA), data inventories, and supporting documentation
- Support privacy‑by‑design principles in business processes and systems
- Own and manage the intake, tracking, and fulfillment of data subject rights requests (DSARs), including access, deletion, correction, and objection requests
- Support privacy incident and breach response activities, including intake, triage, investigation support, documentation, and remediation tracking
- Coordinate with internal stakeholders to ensure timely, accurate, and well documented responses within statutory deadlines
- Coordinate and perform privacy impact assessments / data protection impact assessments (PIAs/DPIAs) in collaboration with IT and business teams
- Identify operational privacy risks and recommend mitigation strategies
- Support internal audits, inspections, and regulatory inquiries related to privacy
- Support vendor privacy due diligence and onboarding processes, including privacy questionnaires and risk assessments
- Assist with the operational implementation of data processing agreements and privacy‑related contractual requirements
- Track and monitor privacy obligations applicable to vendors
- Develop and deliver role‑based privacy training and awareness materials
- Act as a point of contact for business teams on operational privacy questions
- Promote a culture of privacy, accountability, and data protection across the organization
- Track and report on privacy metrics and key performance indicators (KPIs)
- Identify opportunities to streamline and automate privacy processes and workflows
- Monitor regulatory developments and recommend operational enhancements as needed
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
251-500 employees
