Privacy Compliance is currently recruiting a Senior Manager, Privacy Compliance, for the Pharmaceutical Sector and specifically to globally support the Pulmonary Hypertension business within the Johnson & Johnson Actelion business. This role will be located in Allschwil, Switzerland.
The Senior Manager will lead and drive the Privacy Compliance program for the Actelion business globally and other therapeutic areas primarily within the EMEA region in the Pharmaceutical Sector. He/She will serve as a strategic business partner towards employees and functional leadership (e.g. CRM, Commercial, Digital, IT, R&D, etc.) to ensure that the Privacy Compliance program effectively prevents and/or detects violations of law, regulations and policies.
The position will require 10-25% of travel, depending on business assignment and need.
Essential duties and responsibilities
Assists the Senior Manager for the EMEA Pharmaceutical Sector and the EU DPO in the region with his/her oversight responsibility of Privacy Compliance for the Pharmaceutical Sector:
· Ensures data about Privacy Compliance program is collected and analyzed consistently for the sector.
· Provides data and input to the Privacy Leadership Team to ensure that the Privacy risks of the assigned sector(s) are addressed in the overall Privacy Compliance strategy and allocation of resources by the Global Privacy Team.
· Collaborates with business process owners in the region to understand the Privacy risks of new business processes and provides guidance to ensure Privacy controls are embedded into the design of these processes.
Assists the EU DPO with the fulfilment of legal obligations under GDPR, in particular:
· To maintain the organization’s internal records of processing activities, in accordance with GDPR art.30;
· To provide advice as regards the Data Protection Impact Assessments (DPIA) and monitor their performance, in accordance with GDPR art.35;
Partners with company leadership and Privacy liaisons in an assigned cluster of countries, to ensure Companies deploy a Privacy Compliance program that effectively prevents and detects violations of law, regulations, policies and that includes the following components:
· Assignment of functional leaders who are accountable for privacy compliance (e.g. incident response team/process and audit readiness process for each operating company within the country cluster)
· Understanding of risks related to business processes that involve personal information and provision of guidance to mitigate these risks
· Education, training, and regular communications on Privacy Compliance to all relevant employees
· Any required reporting obligations to data protection authorities
· Presentations to management, covering the status of the Privacy Compliance program
· Self and risk assessments, to detect process gaps and inconsistencies
· Preparation for internal and external Privacy compliance audits and implementation of corrective action solutions
· Privacy incident response processing
Interfaces with legal counsel regarding Privacy Compliance requirements, interpretation and Privacy Incident Response process
Interfaces with the global/regional Privacy Compliance community to share approaches to Privacy Compliance and serve on teams to harmonize and standardize company approaches to privacy.
Other duties may be assigned.
· Minimum of bachelor’s degree (e.g. with legal, regulatory or IT background)
· Functional understanding of applicable Privacy laws and regulations in Europe and US, preferably with multi-national companies and a basic understanding of the developing global privacy trends
· Minimum of 6 years business experience; familiarity with the healthcare industry and its business processes
· Familiarity with the roll out and management of compliance programs
· Good working knowledge of common IT systems, processes and enterprise information security practices (e.g. ISO, NIST)
· IAPP or equivalent certification
· Familiarity with working in-house in a matrixed regulated global corporation
Required Skill Set
· Ability to maintain the highest standards of quality, compliance and accountability when advising the business
· Demonstrable ability to engage with a range of business units and functions and levels of seniority and uncover their objectives and needs
· Ability to translate a wide variety of principles and, sometimes complex, legal requirements into actionable solutions for the business, IT, clinical and data-driven research functions
· Ability to advise business, IT, clinical and data-driven research functions during the whole lifecycle (ideation, design, implementation, BAU, decommissioning) of their initiatives
· Excellent organizational, facilitation, communication and presentation skills
· Global mindset and preparedness to incorporate global standards and practices, for consistency and efficiency reasons
· Ability to work autonomously
· Fluent in English and German, French of benefit
Actelion Pharmaceuticals Ltd (Swiss Confederation) (8542)
Legal (Non Attorney)