Sr. Corporate Counsel, US Privacy

About The Position

Requirements

• A Doctor of Jurisprudence from an ABA-accredited law school, licensed to practice law in one or more of the 50 states in good standing.
• At least eight (8) years’ experience practicing law at a large- to medium-sized law firm or experience within a privacy, compliance, legal or contracting department in a Life Sciences company (i.e., Pharma, Diagnostics, Devices, Biotech).
• Knowledge of, and working experience advising on data privacy and digital matters, federal, state, and international information security and privacy laws, rules, regulations, and industry standards (such as HIPAA, CCPA, GDPR).
• Experience reviewing, drafting, and negotiating; experience with information security and privacy provisions in agreements, Business Associate Agreements and data transfer or processing agreements is preferred.
• A demonstrated ability to establish and maintain open, candid, collaborative, and trusting work relationships.
• An ability to exercise independent judgment and deliver a consistent message in the face of pressure or adversity, and to work with and maintain confidential and sensitive information.
• A positive can-do attitude with a flexible and adaptable approach, wide-ranging experience, business acumen, professionalism, sound judgment and ability to manage responsibilities with an appropriate sense of urgency.

Nice To Haves

• CIPP/US or similar certification or willingness to obtain such certification within 6 months of starting the role.

Responsibilities

• Provide guidance to key stakeholders including, other Legal and Compliance colleagues, the business and the Roche Diagnostics North America Digital & Privacy team in order to support the organizations’ compliance with US state and federal privacy laws (e.g., HIPAA, CCPA/CPRA, TCPA), and other applicable data protection and privacy laws and regulations.
• Review privacy impact assessments for new projects and technologies and advise on risk mitigation strategies.
• Support the Diagnostics US Privacy Office in developing and maintaining policies, procedure and communications.
• Develop and conduct training programs for our Legal and Compliance colleagues and other workforce members on compliance with data privacy laws and best practices for data governance.
• Review and negotiate contracts with third parties, ensuring that data protection and privacy clauses align with Roche’s policies and positions.
• Advise and support during the response to a suspected Breach or other data privacy incidents, including internal investigations and advising on notification and reporting obligations.
• Stay updated on applicable cybersecurity requirements, new digital technologies like blockchain, AI, and the Internet of Things and advise on their legal implications.
• Develop and maintain networks by working closely with other Legal and Compliance colleagues, IT security, People & Culture, Finance, Support Services, and other business teams to ensure a cohesive approach to US data protection and digital operations.

Benefits

• Relocation benefits are not available for this position.
• A discretionary annual bonus may be available based on individual and Company performance.
• This position also qualifies for the benefits detailed at the link provided below.