Skip to main content

Legal & Compliance

Senior Privacy Manager

  • Job Title Senior Privacy Manager
  • Function Legal & Compliance
  • Sub Function Enterprise Compliance
  • Location Shanghai, China
  • Date Posted
  • Requisition Number 2406176512W
Apply Now
Share

Description

Main responsibilities

The Senior Privacy manager of Johnson & Johnson (J&J) in China is responsible for providing practical, timely, strategic, and high-quality counseling on applicable cybersecurity, data security and other related laws, regulations & guidelines with a focus on cybersecurity and data security as it impacts Company Business, cross border operations as well as new commercial models.

The Individual, as a core member of the J&J China Privacy team, shall be primarily responsible for providing robust regulatory and operational support related to the implementation and monitoring of the Company’s specific data security and cybersecurity compliance programs across J&J sectors in China, identifying cyber and data security risks and working closely with the J&J DPO, J&J Data Security officer (DSO), Information security team (ISRM) and global Data Protection Legal Team (DPLT)  to develop controls, policies & procedures, and trainings to ensure the Company is operating in compliance with applicable Cybersecurity, data security laws and related security regulations and national standards, including cross border data transfer measures, as well as J&J policies and data security framework.

In this role, the Individual shall have opportunity to actively support, shape and help implement all projects and participate in assessment and remediations measures across J&J organization in China that involve specific cybersecurity, data security considerations and risks, working closely with other J&J sectors’ senior privacy managers as the need arises.

The individual shall advise on potential liability and other legal aspects related to privacy, cybersecurity and data security incidents and support the Company's data security and cybersecurity incident response programs, including supporting the investigation of potential incidents, identifying applicable legal obligations, supporting timely incident response efforts and notification to regulatory authorities, and addressing any visits, controls and follow up requests from Chinese regulatory authorities.

The position will report to the China Privacy Director /Data Privacy officer of J&J China.

Core responsibilities include:

1.       Provide practical, timely, strategic, and high-quality counseling on cybersecurity, data security and related matters across the Company.

·       Monitor closely any new developments in China cybersecurity, data security laws and impact on other related regulations/standards/programs, ensure timely reporting to China DPO, DPLT, ISRM and other J&J functional teams.

·       Provide legal support to interpret any new cybersecurity  and data security laws & regulations and analyze the impact to JNJ’s business in China, including on cross border operations and specific privacy programs. Work in close coordination with external counsels where need be.

·       Partner closely with DSO/ISRM team and DPLT to develop controls, policies & procedures to ensure Company’s compliance with China applicable cybersecurity and data security laws, as well as all applicable Johnson and Johnson data security and cybersecurity policies and procedures, including reporting of incidents and conducting investigations.

·       In close alignment with China DPO and privacy team , support related stakeholders at Company and Sector level on cybersecurity and data security matters , as well as partner closely with ISRM, DPLT, BU legal and other functions to proactively address data security and cybersecurity matters in China.  

·       Act as the primary point of contact in China in the event of data security or cybersecurity incident in liaison with DPLT:

·               Review and help to develop and implement timely incident response plans in the event of a data security or cybersecurity incident.

·               Coordinate the response to data security/cybersecurity incidents, including reporting obligations as per Chinese regulations, in close alignment with DPLT.

·               Attend any inspection, down raid and address follow up requests from regulatory authorities, in close alignment with DPO, DPLT, BU legal and ISRM.

·       Where applicable, provide data security and cybersecurity input on corporate projects including any acquisitions, divestitures, licensing and development terms that involve data security requirements.

2.       Support the strategic implementation of data security and cybersecurity programs in China:

Ø  Support China Data Security Officer and Information security partners for successful continuous implementation and advise on any change in regulation impacting Company cybersecurity program (CSL) and related national security standards (including for new systems) in China

Ø  Support China Data Security Officer and Information security partners in implementing strategic DSL Compliance Program to meet China DSL regulations and other related measures.

·       Partner with and assist DSO/ISRM and DPLT to self-identify the Important Data for J&J once the applicable Important Data Catalog is officially released, create an inventory list of the Important Data, and complete the governmental filing of the Important Data inventory list.

·       Provide legal support to internal regular security assessment for processing of the Important Data, assist the governmental filing of the risk assessment report for processing of the Important Data, and advise on risk mitigation strategies.

·       Work closely with China DPO, ISRM, JJT and DPLT to draft and file for CBDT CAC security assessment of the Important Data and other related obligations.

·       Support DSO/ISRM and JJT to complete data categorization and data classification for J&J China.

·       Partner with DSO/ISRM and DPLT to establish internal control policies, systems & technical measures that prevent leakage, abuse, misuse of J&J data and protects the confidentiality of J&J files.

·       Collaborate with the ISRM team to identify and address potential security vulnerabilities.

·       Act as the legal partner of the DSO of J&J China towards the government authorities, provide legal support to DSO during government regulatory bodies’ visits and down raids inspections, assist DSO in implementing, maintaining and monitoring the data security and cybersecurity compliance program for J&J China.

Ø  Collaborate with China DPO and privacy team to address and comply with PI audit regulations and any government filing requests related to data security or cybersecurity matters

3.       Provide day to day base business data security and cybersecurity support for global and local projects involving China market.

·       Support the DPLT in Review of global projects involving specific data security/cybersecurity considerations in China

·       Advising the local teams on strategic security requirements needed at project level when data localization is foreseen or requested by government regulatory authorities in China (e.g., CaC)

·       Support J&J China Privacy team and review of specific data security or cybersecurity concerns or escalation related to J&J China third parties: this includes supporting data classification, compliance analysis, participate in internal compliance review processes with copy review of necessary stakeholders before digital asset launch, e.g. BPRA, CA, etc.

·       Support Contract review to manage risks with third parties processing JNJ data: review and negotiation of Data Safeguards Exhibit (DSE), Supplier Information Security Requirements (SISR), and related contractual data security provisions.

4.       Develop local Training and Communication plan focused on data security and cybersecurity risks

·       Support the development and conducting of data security and cybersecurity training materials and other communications to increase employee understanding of Company data security policies, data protection handling practices and procedures.

·       Support GA &P, Participate in industry association groups to shape the external environment, benchmark, review and influence strategies in relation to data security and cybersecurity matters.

In this role, the Senior Privacy manager liaises with:

·       China, APAC and Global Privacy Team, mainly DPLT

·       Law Department, to assess risks related to new laws and regulations, assess responsibilities and obligations of partners, third parties, Heath Care professionals when conducting contract review

·       DSO/ISRM, to support DSL compliance program and ensure to develop and implement data security policies and procedures

·       Company’s responsible person for Records and Information Management, on issues pertaining to data retention and purging of records

·       Healthcare Compliance, to ensure a data security program that fits into the overall compliance program roll out for the company

·       Corporate internal audit function to support the engagement and regularly assess the data security environment and make improvements

·       Government Affairs & Policy, to support in monitoring and shaping new privacy regulations in alignment with J&J position

Qualifications

Requirements

  • Law degree and admitted to practice law in China
  • At least 8 to 10 years' experience working in law firm or company’s legal department with healthcare industry background preferred.
  • Relevant certifications in data protection and security (e.g. CIPP, CISSP) would be a plus.  This position requires sound knowledge of China data security, cybersecurity, CBDT and privacy requirements and good knowledge of compliance management involving the collection, use and processing of data.
  • Experience with developing and implementing data security compliance programs, policies and procedures,
  • Strong ability to grasp legal issues quickly, strong analytical problem solving and decision-making skills, exercise sound business judgment and provide practical and constructive legal advice in a time-sensitive dynamic and fast-paced complex global environment
  • Strong negotiation and communication skills (both oral and written); ability to communicate legal issues in a clear and understandable manner; inspires trust and confidence through effective communication and interpersonal skills
  • Strong work ethic and ability to manage large workload, multi-task, focus on critical priorities, and otherwise effectively meet client needs; ability to produce high quality work under deadline pressures
  • Ability to independently develop solutions that generate value through partnerships while ensuring compliance
  • Proven track record of success in an environment that demands a sound understanding of the need to balance complex legal/regulatory/public policy issues
  • Able to build relationships, both internally and externally and to collaborate effectively with cross-functional teams across the enterprise
  • Strong organization and teamwork skills, good team player, detail-oriented, self-motivated and able to motivate others
  • A strong commitment to integrity and professionalism and demonstrated passion for excellence
  • Chinese native, English Fluency required

Your next move could mean our next breakthrough.

We invite you to join our Global Talent Hub, where we keep in touch with people around the world who share our passions for bold innovations and are inspired by our mission of changing the trajectory of human health.

Join now