VP, Chief Privacy Officer, Orthopedics

About The Position

Requirements

• JD in the United States or in a European jurisdiction.
• 14+ years of progressive experience in privacy, data protection, cybersecurity, or related risk functions including in private practice or within a complex, global organization in a healthcare field (e.g., hospital system, medical device or medtech company, pharmaceutical industry).
• Demonstrated expertise interpreting and applying global privacy regulations in a regulated industry, including GDPR and the U.S. federal and state privacy laws, including HIPAA, and relevant FDCA regulations.
• Experience advising senior executives on privacy strategy and enterprise risk.
• Demonstrated ability to build, operationalize, and improve processes and high-performing teams.
• Proven ability to lead global, cross‑functional teams and influence without direct authority.
• Strong strategic thinking, judgment, and decision‑making capabilities.

Nice To Haves

• Prior experience supporting or managing a data incident management and response process, including data subject and regulatory enforcement agency notifications.
• Background partnering with information systems, cybersecurity, and digital technology teams.
• Experience supporting business transformation or operating‑model changes.
• Degree in Information Systems, Master of Business Administration or Master of Public Policy a plus.
• Certifications such as CIPP, CIPM, or equivalent preferred.

Responsibilities

• Set and execute the global privacy strategy, policies, and governance framework for DePuy Synthes.
• Ensure compliance with global privacy, data protection and cybersecurity laws and regulations (including, e.g., GDPR, U.S. state privacy laws, digital product standards and laws and other applicable international requirements).
• Serve as the primary executive leader for privacy risk management, including oversight of privacy impact assessments and mitigation plans.
• Partner with Legal, R&D, Cybersecurity, and Technology teams to integrate privacy‑by‑design and privacy‑by‑default into systems, products, and digital initiatives.
• Monitor new and proposed privacy laws and regulations and provide strategic guidance to senior leaders and the Board on privacy risks, trends, and regulatory developments.
• Lead and develop a global privacy organization, including talent development and succession planning, to operationalize privacy requirements and to promote a strong culture of privacy and data protection.
• Oversee privacy contracting practices to ensure compliance with applicable laws, guidelines and best practices.
• Direct the development and implementation of a company-wide privacy training program, including the institution and instruction of named privacy stewards in the relevant functions.
• Together with Cybersecurity, oversee privacy incident response, investigations, and support regulatory interactions as needed.
• Working together with Government Affairs, develop and maintain trusted relationships with data protection commissioners and government enforcement agencies and execute a strategy for impacting the evolving privacy laws affecting the company.

Benefits

• Vacation –120 hours per calendar year
• Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year
• Holiday pay, including Floating Holidays –13 days per calendar year
• Work, Personal and Family Time - up to 40 hours per calendar year
• Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
• Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
• Caregiver Leave – 80 hours in a 52-week rolling period
• Volunteer Leave – 32 hours per calendar year
• Military Spouse Time-Off – 80 hours per calendar year