Job Details

Privacy Officer (CORPORATION)

New York, NY, United States
  • Employment Type: Direct Hire

Our client, a sophisticated international healthcare company focused on patient wellness technology, is seeking a Privacy Officer in its New York headquarters. This is a career for a passionate thought leader with superior credentials and excellent experience. In return, this candidate will be joining a truly dynamic, fearless team leading healthcare innovation. The Privacy Officer will oversee the entirety of the privacy program for the organization, including clinical research, program monitoring, domestic and international compliance, product-level privacy by design input, and policy leadership. All candidates should have lateral, senior experience leading a global program. Send resumes to [email protected].

Position Description
This role will lead and manage the Privacy function within the broader Legal Privacy & Compliance team, overseeing all activities and functionality related to the development, implementation, oversight, and continuous improvement of the company’s policies and procedures regarding the privacy of personal information (including PII/PHI), particularly in the context of clinical research, in compliance with international, federal and state laws and regulations.

Reporting to the General Counsel, the Privacy Officer will enhance and elevate the company’s existing privacy program, drive company-wide adoption and education that supports a clearly defined privacy posture and own the responsibility of the strategic direction for protecting and leveraging the company’s data assets. This includes, but is not limited to program compliance monitoring, incident and breach investigation and tracking, and ongoing awareness of and compliance with all potentially applicable evolving privacy laws and regulations worldwide. In addition will:

  • Strengthen and customize delivery of privacy and related trainings to all employees, contractors, and other appropriate third parties
  • Redefine, facilitate and promote activities to foster a company-wide culture of information privacy awareness, protection and compliance
  • Serve as a strategic liaison to the business with an overarching responsibility to identify, illuminate and balance legal risks against business opportunities specifically as it relates to data privacy, security, and governance
  • Collaborate closely with security, engineering, human resources, marketing, product development, and other business teams to build in privacy safeguards and ensure awareness of best practices on privacy and data security issues
  • Serve as a sounding board and creative partner with product development to enhance offerings and provide legal guidance and solutions for the company portfolio
  • Grow and enhance policies and procedures for responding to privacy incidents and privacy breaches including, without limitation, investigation of and response to such events and appropriate notification of clients, affected individuals and government agencies
  • Actively manage the engagement of outside counsel for privacy related services and consultation; internalize privacy functionality that increases the company’s privacy program autonomy and productivity while simultaneously optimizing external spend
  • In partnership with the Privacy Counsel and other members of the LP&C team, assist with negotiation of agreements related to data privacy and advise on the regulatory implications of the company’s products and services
  • Participate in the development, implementation, and ongoing monitoring of vendors for compliance with privacy and data security-related policies and legal requirements
  • Construct and institutionalize a repeatable process for PIAs (privacy impact assessments) and conduct related ongoing compliance monitoring activities to evaluate any potential risks associated with privacy-related policies, procedures and practices
  • Oversee and foster compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all staff and vendors, in cooperation with People Operations, Security, Quality and Legal, as applicable
  • Stay abreast of of applicable privacy-related state, federal and international laws and regulations and associated best practices, advise stakeholders on potential impact, and ensure organizational compliance
  • Represent the company in interactions with external stakeholders, including regulators, governmental bodies and media, regarding the company’s privacy position and efforts


Qualifications
A collaborative Privacy Officer with substantial experience creating and implementing privacy programs, including experience with the privacy implications of research activities in the academic medical center, health system, private practice and/or life sciences settings. Must have a deep understanding of federal, state and international information privacy laws, including but not limited to HIPAA, HITECH, Common Rule, Privacy Shield, CCPA and GDPR. Will have an in-depth understanding of data aggregation and de-identification, tokenization versus anonymization, and experience with strategic and contractual data acquisition negotiation. Should be excited by the prospect of rolling up their sleeves to tackle meaningful problems each and every day.  Looking for a kind, passionate and collaborative problem-solver who seeks and gives candid feedback and values the chance to make an important impact to our organization as well as society at large.

  • Excellent judgment, a principled, practical, collaborative and solutions-oriented approach to problem-solving, and a willingness to think outside the box
  • Provide sound, clear and succinct recommendations and analysis to senior stakeholders, legal and business teams that enables innovation to move forward and break new ground
  • Demonstrated organization, facilitation, communication, presentation and people management and mentorship skills
  • Value and encourage diversity and inclusion of all kinds and thrive working in a culture that shares an enthusiasm for diverse perspectives and professional backgrounds
  • Additional experience in any of these areas would be highly valued: role-based access control processes and technologies; machine learning; privacy policy advocacy; exposure to Japan’s privacy regulations and practices
  • Ability to multitask, work under tight time pressures, prioritize work, and react quickly to changing business needs and demands all in a fast-paced, high-growth business environment


Preferred

  • Juris Doctor degree

Interested in this job? Get in touch.

(Accepted file formats are PDF, DOC, DOCX, TXT, RTF and ZIP. File size maximum is 2 MB.)