SENIOR MANAGER - PRIVACY COMPLIANCE EMEA MDLOCATION: ZUCHWIL OR EMEA Main Responsibilities:
Effectively aligns with key stakeholders in the sector to ensure personal information processing activities by the company comply with Johnson & Johnson Privacy principles and applicable Privacy laws and regulations, in particular the EU General Data Protection Regulation (GDPR);
Ensures monitoring of Privacy program. Advises senior management team of their responsibilities and obligations and helps them to develop a culture of compliance;
Identifies Privacy risks and issues. Advises all staff where their activities put the company at risk and provides actionable solutions to remediate risks and issues;
Assists the Senior Director Privacy Compliance in the region with his/her oversight responsibility of Privacy Compliance for the Medical Devices sector:
Ensures data about Privacy Compliance program is collected and analyzed consistently for the sector.
Provides data and input to the Privacy Leadership Team to ensure that the Privacy risks of the assigned sector(s) are addressed in the overall Privacy Compliance strategy and allocation of resources by the Global Privacy Team.
Partners with company leadership and Privacy liaisons in an assigned cluster of countries, to ensure Companies deploy a Privacy Compliance program that effectively prevents and detects violations of law, regulations and policies;
Participates to applicable compliance committees (or similar governance structures), to highlight Privacy risks and status of Privacy program deployment;
Liaises with business process owners, to build understanding of Privacy risks related to their personal information processing activities and provides advice on how to mitigate these risks, by embedding Privacy into the design of business processes;
Collaborates with J&J Technology (JJT) on compliance assessments and Internet compliance review process;
Plans and deploys a Privacy program for the franchises of Medical Devices, in terms of Policies and Procedures, Training and Communication, Testing and Monitoring, in accordance with the requirements from J&J’s Global Privacy Compliance Framework;
Provides assistance to the Law Department and Procurement, if needed, to the insertion of adequate Privacy language into contracts with third party service providers or partners;
Monitors company’s compliance with J&J’s Global Privacy Compliance Framework and the applicable Privacy laws and regulations. This includes the deployment and coordination of the company’s privacy compliance self-assessment process as well as the monitoring of the execution of the resulting MAP;
May serve as first point of contact for internal and external audits and inspections;
May serve as first point of contact or escalation contact w.r.t. data subject requests or complaints against the organization;
Participates in the enterprise privacy incident response process, as required, in close collaboration with Information Security, Law Department and relevant business process owners. This may include the participation to investigations and the coordination of notifications to Privacy Regulators or data subjects;
Assists the EU DPO with the fulfilment of legal obligations under GDPR, in particular:
To maintain the organization’s internal records of processing activities, in accordance with GDPR art.30;
To provide advice as regards the Data Protection Impact Assessments (DPIA) and monitor its performance, in accordance with GDPR art.35;
Builds and maintains knowledge about applicable laws and regulations and assesses impact of changes in laws to Privacy program;
Actively engages with the Privacy liaisons in EMEA and presents the Privacy program for the franchises of Medical Devices to this community, in order to ensure maximal alignment across the region.
Qualifications
Functional understanding of applicable Privacy laws and regulations in Europe, preferably with multi-national companies
Minimum of 5 years business experience; familiarity with the healthcare industry and its business processes
Familiarity with the roll out of compliance programs
Good working knowledge of common IT systems, processes and information security practices
IAPP or equivalent certification
Familiarity with working in-house in a matrixed regulated global corporation
Ability to maintain the highest standards of quality, compliance and accountability when advising the business
Demonstrable ability to engage with a range of business units and functions and uncover their objectives and needs
Ability to translate a wide variety of principles and, sometimes complex, legal requirements into actionable solutions for the business
Excellent organizational, facilitation, communication and presentation skills
• Global mindset and preparedness to incorporate global standards and practices, for consistency and efficiency reasons
