Johnson & Johnson Careers

Sr Mgr Privacy Compliance EMEA Corp/Cons

Zug, Switzerland
Legal (Non Attorney)

Job Description

Requisition ID: 1805691133W

Caring for the world, one person at a time... inspires and unites the people of Johnson & Johnson. We embrace research and science - bringing innovative ideas, products and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.

Senior Manager, Privacy Compliance EMEA, Corporate and Consumer

Member of the EU Data Protection Officer (DPO) Team

The Senior Manager will lead and drive the Privacy Compliance program for the Corporate functions (e.g. HR, Procurement, Finance, Employee Health Services) as well as for the Consumer business in the region. He/She will serve as a strategic business partner towards regional business and functional leadership, to ensure that the Privacy Compliance program effectively prevents and/or detects violations of law, regulations and policies. 

The position will require 10-25% of travel, depending on business assignment and need.

Preferred locations are any of our campuses with significant employee presence (Switzerland, Belgium, Ireland) or any of our lead clusters in Consumer (United Kingdom, Germany, France, Spain).

Main responsibilities: 
  • Effectively aligns with key stakeholders in the sector to ensure personal information processing activities by the company comply with Johnson & Johnson Privacy principles and applicable Privacy laws and regulations, in particular the EU General Data Protection Regulation (GDPR);
  • Ensures monitoring of Privacy program. Advises senior management team of their responsibilities and obligations and helps them to develop a culture of compliance;
  • Identifies Privacy risks and issues. Advises all staff where their activities put the company at risk and provides actionable solutions to remediate risks and issues;
  • Assists the Senior Director Privacy Compliance in the region with his/her oversight responsibility of Privacy Compliance for the Corporate functions and for the Consumer sector:
    • Ensures data about Privacy Compliance program is collected and analyzed consistently for the sector.
    • Provides data and input to the Privacy Leadership Team to ensure that the Privacy risks of the assigned sector(s) are addressed in the overall Privacy Compliance strategy and allocation of resources by the Global Privacy Team.
  • Partners with company leadership and Privacy liaisons in an assigned cluster of countries, to ensure Companies deploy a Privacy Compliance program that effectively prevents and detects violations of law, regulations and policies

Liaises with:
  • representatives from business process owners that collect or process personal information (including, as applicable, HR, Procurement, Finance, Employee Health Services, Digital, Sales and Marketing, Customer Care, Information Technology);
  • the global/regional Privacy Compliance community to share approaches to Privacy Compliance and serve on teams to harmonize and standardize company approaches to privacy.
  • key functional partners, like
    • the Law Department, to obtain legal advice when needed;
    • Information Security and Risk Management (ISRM), to ensure adequate security and access controls on systems that process personal information and to partner on an adequate response to security incidents with a Privacy impact;
    • Healthcare Compliance, to ensure roll out of Privacy program fits into overall compliance program roll out for the company;
Key activities:
  • Participates to applicable compliance committees (or similar governance structures), to highlight Privacy risks and status of Privacy program deployment;
  • Liaises with business process owners, to build understanding of Privacy risks related to their personal information processing activities and provides advice on how to mitigate these risks, by embedding Privacy into the design of business processes;
  • Collaborates with J&J Technology (JJT) on compliance assessments and Internet compliance review process;
  • Plans and deploys a Privacy program for the Corporate functions and the Consumer business, in terms of Policies and Procedures, Training and Communication, Testing and Monitoring, in accordance with the requirements from J&J’s Global Privacy Compliance Framework;
  • Provides assistance to the Law Department and Procurement, if needed, to the insertion of adequate Privacy language into contracts with third party service providers or partners;
  • Monitors company’s compliance with J&J’s Global Privacy Compliance Framework and the applicable Privacy laws and regulations. This includes the deployment and coordination of the company’s privacy compliance self-assessment process as well as the monitoring of the execution of the resulting MAP;
  • May serve as first point of contact for internal and external audits and inspections; 
  • May serve as first point of contact or escalation contact w.r.t. data subject requests or complaints against the organization;
  • Participates in the enterprise privacy incident response process, as required, in close collaboration with Information Security, Law Department and relevant business process owners. This may include the participation to investigations and the coordination of notifications to Privacy Regulators or data subjects;
  • Assists the EU DPO with the fulfilment of legal obligations under GDPR, in particular:
    • To maintain the organization’s internal records of processing activities, in accordance with GDPR art.30;
    • To provide advice as regards the Data Protection Impact Assessments (DPIA) and monitor its performance, in accordance with GDPR art.35;
  • Builds and maintains knowledge about applicable laws and regulations and assesses impact of changes in laws to Privacy program;
  • Actively engages with the Privacy liaisons in EMEA and presents the Privacy program for the Corporate functions and Consumer business to this community, in order to ensure maximal alignment across the region.

  • Minimum of bachelor’s degree (e.g. with legal, regulatory or IT background)
  • Functional understanding of applicable Privacy laws and regulations in Europe, preferably with multi-national companies
  • Minimum of 5 years business experience; familiarity with the healthcare industry and its business processes
  • Familiarity with the roll out of compliance programs
  • Good working knowledge of common IT systems, processes and information security practices
  • IAPP or equivalent certification
  • Familiarity with working in-house in a matrixed regulated global corporation

Required skill set:
  • Ability to maintain the highest standards of quality, compliance and accountability when advising the business
  • Demonstrable ability to engage with a range of business units and functions and uncover their objectives and needs
  • Ability to translate a wide variety of principles and, sometimes complex, legal requirements into actionable solutions for the business
  • Excellent organizational, facilitation, communication and presentation skills
  • Global mindset and preparedness to incorporate global standards and practices, for consistency and efficiency reasons
  • Ability to work autonomously
  • Fluent in English
We are offering you a multifaceted challenge in a dynamic, international environment with attractive terms and an excellent infrastructure.

If you feel attracted by this challenge and want to be part of a successful and growing organization, then please send us your online application (CV, Motivation Letter, Working References etc.)

Primary Location
Cilag AG (8562)
Job Function
Legal (Non Attorney)
Requisition ID