Johnson & Johnson Careers
[HCC]Senior Manager, Privacy Compliance
Requisition ID: 1905721978W
I. Summary of the Job Description
· The Senior Manager Privacy Compliance of the Johnson & Johnson Family of Companies in Japan is responsible, at cross sector level, for: [i] developing and implementing the privacy program for all J&J companies in Japan; [ii] identifying privacy risks; [iii] developing, maintaining and implementing privacy policies and procedures, and [iv] providing orientation and training to J&J Japan employees; and [v] establishing controls to ensure that the conduct of Johnson & Johnson’s businesses and operations are compliant with applicable privacy laws and regulations and J&J privacy policies and guidelines. The role includes coordination of all activities related to implementation of and adherence to Johnson & Johnson privacy policies and applicable data protection laws, in accordance with the Johnson & Johnson Privacy Framework. The role also includes the responsibilities of the Privacy Compliance Officer function for each of the Japanese J&J operating companies, as may be required by Japanese law.
· The Senior Manager Privacy Compliance reports directly to the Global Privacy Organization’s leadership in the region with dotted reporting line responsibilities to the appropriate leadership levels of the above-mentioned companies.
II. Main responsibilities
Ø Aligns with key stakeholders and business owners and ensures compliance of the Japanese Operating Companies to Japan’s Act of Protection of Personal Information (APPI) and other applicable privacy-related laws and regulations as well as all applicable Johnson and Johnson privacy and data protection policies and procedures.
Ø Establishes and implements a Personal Information protection strategy and plan.
Ø Identifies privacy risks and informs business owners and management of data privacy and protection related risks which may arise. Participates in the company’s Compliance Committee or similar or equivalent governance structure, to highlight privacy risks and provide status updates on the Privacy Compliance Program. Advises all staff whose activities possibly put the company at risk and provides actionable solutions to remediate risks and issues.
Ø Ensures local oversight of Privacy Compliance Programs as implemented by the operating companies. Helps the companies develop a culture and discipline of data privacy compliance. Advises and updates executive and senior management teams of significant data privacy concerns.
Ø Reviews and handles privacy-related complaints and incidents and implements remediation in accordance with J&J’s procedures.
Ø Partners with the Information Security Officer to establish internal control systems that [i] prevent leakage, abuse, misuse or unauthorized use or processing of personal information and [ii] protect the confidentiality of personal information files.
Ø Collaborates with IT and ISRM on compliance assessments and internet compliance review process.
Ø Conducts training and orientation on personal information protection, including the company’s privacy framework, relevant sections of data privacy laws, notice and consent, data incident and breach, and data breach reporting.
Ø Increases awareness of the stakeholders (such as employees, business partners, third party vendors and service providers) of the company’s data protection policies and guidelines.
Ø Provides assistance, when necessary, to the Law Dept and Procurement and other stakeholders about the review and recommendation of adequate privacy language in contracts with third party service providers.
Ø Liaises with the Personal Information Protection Commission, where necessary.
Ø Serves as first point of contact for internal and external audits and inspections in respect of data privacy and protection or data privacy related complaints against the company.
Ø Builds and maintains knowledge about applicable laws and regulations and assesses impact of changes in laws to the Privacy Program.
Ø Actively engages with the Global Privacy Team and participates in its information sessions, to ensure maximal alignment with global standards and practices.
Liaises / works with:
Ø Representatives from business process owners who collect or process personal information (including, as applicable, Human Resources, Clinical, Sales and Marketing, Customer Call Centers, Information Technology and Procurement)
Ø Global Privacy Team
Ø key functional partners, like
o the Law Department, to obtain legal advice when needed
o IT Security including the organization’s Information Security Officer (ISO), to ensure adequate security and access controls on systems that process personal information and to partner on an adequate response to security incidents with a Privacy impact
o The company’s responsible person for Records and Information Management, on issues pertaining to retention and purging of records that contain personal information
o Healthcare Compliance, to ensure coordination into the overall compliance program for the company
o Corporate internal audit function to support the engagement and regularly assess the personal information processing and make improvements
I. Required work experience
Ø Familiarity with the healthcare or pharmaceutical / medical device industry and its business processes; experience of 8 years in industry, preferably health care or pharmaceutical / medical device industry
Ø Functional understanding of applicable data privacy laws and regulations
Ø Significant experience with the roll out of (privacy) compliance programs and their management
II. Required skill set
Ø Ability to maintain the highest standards of quality, compliance and accountability when advising the business
Ø Demonstrable ability to engage with a range of business units and functions and uncover their objectives and needs
Ø Ability to translate a wide variety of principles and, sometimes complex, legal requirements into actionable solutions for the business
Ø Excellent organizational, facilitation, communication and presentation skills (management, employees, business partners, government agencies)
Ø Global mindset and preparedness to incorporate global standards and practices, for consistency and efficiency reasons
Ø Ability to work autonomously
Ø Attention to details and strategic thinking
Johnson & Johnson K.K. (8235)
Health Care Compliance