Johnson & Johnson Careers

Sr Manager, Privacy Compliance EMEA MD

Zuchwil, Switzerland; Belgium; Germany; France; England, United Kingdom
Health Care Compliance

Job Description

Requisition ID: 1805683317W

Main Responsibilities:
  •  Effectively aligns with key stakeholders in the sector to ensure personal information processing activities by the company comply with Johnson & Johnson Privacy principles and applicable Privacy laws and regulations, in particular the EU General Data Protection Regulation (GDPR);
  • Ensures monitoring of Privacy program. Advises senior management team of their responsibilities and obligations and helps them to develop a culture of compliance;
  • Identifies Privacy risks and issues. Advises all staff where their activities put the company at risk and provides actionable solutions to remediate risks and issues;
  • Assists the Senior Director Privacy Compliance in the region with his/her oversight responsibility of Privacy Compliance for the Medical Devices sector:
  • Ensures data about Privacy Compliance program is collected and analyzed consistently for the sector.
  • Provides data and input to the Privacy Leadership Team to ensure that the Privacy risks of the assigned sector(s) are addressed in the overall Privacy Compliance strategy and allocation of resources by the Global Privacy Team.
  • Partners with company leadership and Privacy liaisons in an assigned cluster of countries, to ensure Companies deploy a Privacy Compliance program that effectively prevents and detects violations of law, regulations and policies;

  • Participates to applicable compliance committees (or similar governance structures), to highlight Privacy risks and status of Privacy program deployment;
  • Liaises with business process owners, to build understanding of Privacy risks related to their personal information processing activities and provides advice on how to mitigate these risks, by embedding Privacy into the design of business processes;
  • Collaborates with J&J Technology (JJT) on compliance assessments and Internet compliance review process;
  • Plans and deploys a Privacy program for the franchises of Medical Devices, in terms of Policies and Procedures, Training and Communication, Testing and Monitoring, in accordance with the requirements from J&J’s Global Privacy Compliance Framework;
  • Provides assistance to the Law Department and Procurement, if needed, to the insertion of adequate Privacy language into contracts with third party service providers or partners;
  • Monitors company’s compliance with J&J’s Global Privacy Compliance Framework and the applicable Privacy laws and regulations. This includes the deployment and coordination of the company’s privacy compliance self-assessment process as well as the monitoring of the execution of the resulting MAP;
  • May serve as first point of contact for internal and external audits and inspections;
  • May serve as first point of contact or escalation contact w.r.t. data subject requests or complaints against the organization;
  • Participates in the enterprise privacy incident response process, as required, in close collaboration with Information Security, Law Department and relevant business process owners. This may include the participation to investigations and the coordination of notifications to Privacy Regulators or data subjects;
  • Assists the EU DPO with the fulfilment of legal obligations under GDPR, in particular:
  • To maintain the organization’s internal records of processing activities, in accordance with GDPR art.30;
  • To provide advice as regards the Data Protection Impact Assessments (DPIA) and monitor its performance, in accordance with GDPR art.35;
  • Builds and maintains knowledge about applicable laws and regulations and assesses impact of changes in laws to Privacy program;
  • Actively engages with the Privacy liaisons in EMEA and presents the Privacy program for the franchises of Medical Devices to this community, in order to ensure maximal alignment across the region.


  • Functional understanding of applicable Privacy laws and regulations in Europe, preferably with multi-national companies
  • Minimum of 5 years business experience; familiarity with the healthcare industry and its business processes
  • Familiarity with the roll out of compliance programs
  • Good working knowledge of common IT systems, processes and information security practices
  • IAPP or equivalent certification
  • Familiarity with working in-house in a matrixed regulated global corporation
  • Ability to maintain the highest standards of quality, compliance and accountability when advising the business
  • Demonstrable ability to engage with a range of business units and functions and uncover their objectives and needs
  • Ability to translate a wide variety of principles and, sometimes complex, legal requirements into actionable solutions for the business
  • Excellent organizational, facilitation, communication and presentation skills
  • •      Global mindset and preparedness to incorporate global standards and practices, for consistency and efficiency reasons

•             Ability to work autonomously

Primary Location
Other Locations
Europe/Middle East/Africa-Belgium, Europe/Middle East/Africa-Germany, Europe/Middle East/Africa-France, Europe/Middle East/Africa-United Kingdom-England
Synthes GmbH (7111)
Job Function
Health Care Compliance
Requisition ID