Job Description Summary
The Director, Corporate Privacy will report to the Chief Privacy Officer and will serve a critical role in BD’s Privacy Compliance Program. The role will be responsible for assisting the Chief Privacy Officer in developing, implementing, and maintaining an effective compliance program to help ensure compliance with BD privacy policies and procedures and the various privacy laws applicable to a major global medical device manufacturer, with a particular focus on U.S. laws related to the protection of patient health information such as HIPAA and similar state laws.
- Assist the Chief Privacy Officer in managing aspects of the daily operations of the Company’s U.S. privacy compliance program and leads projects that have global scope in the privacy area in order to ensure the global privacy compliance program is as integrated and consistent as possible.
- Partner with various business personnel to identify and address potential privacy compliance issues and proactively design solutions to meet the needs of BD’s businesses and customers, as well as the expectations of regulators.
- Collaborate closely with a team of at least three privacy professionals and with professionals in various other functions (including Legal, IT, Information Security, R&D, HR, and Quality) and the privacy liaisons/coordinators in the Company’s business units to ensure cross-functional cooperation in privacy compliance.
- Advise the Company’s business units on appropriate controls to maintain the privacy and security of sensitive information and on requirements of applicable laws.
- Assists in the identification, implementation and maintenance of the Company’s privacy policies and procedures in coordination with his/her manager, legal and compliance personnel, and other relevant functions.
- Conduct privacy risk assessments to identify privacy risks on a periodic basis and work with business units and functions to develop plans to address those risks.
- Develop, oversee, and deliver effective and engaging privacy training and guidance to all employees, contractors, vendors, and other third parties who need such training.
- Assist with investigation of alleged violations of privacy policies or laws and alleged breaches or incidents in coordination and collaboration with other functions and, when necessary, legal counsel.
- Assist with compliance auditing and monitoring activities to assess the effectiveness and efficiency of the Company’s privacy compliance program, in coordination with the entity’s other compliance and operational assessment functions.
- Work with legal counsel and management, key departments, and committees to ensure the organization has and maintains appropriate privacy and confidentiality agreements, consent, authorization forms, and information notices and materials reflecting organizational data flows and company practices.
- Work with Company personnel, legal counsel, and other related parties to represent the Company’s privacy interests with external parties (e.g., government bodies, trade associations) who undertake to adopt or amend privacy legislation, regulations, or standards.
- Maintain current knowledge of applicable federal and state privacy laws and accreditation standards, and monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.
Qualifications & Experience:
- Bachelor’s degree required. Advanced degree such as a J.D. is a significant plus.
- At least 4-5 years of experience in a role focused on privacy and/or IT security. Experience with privacy and/or IT security in the healthcare industry would be a significant plus.
- Knowledge and experience on building and maintaining compliance programs and/or controls is required.
- Experience in an in-house role is preferred.
- Experience working in a multinational company and a complex, matrixed environment is a plus.
- Unquestionable integrity and ability to stay true to these principles under substantial pressure.
- Strong interpersonal and relationship skills and ability to work collaboratively and influence diverse stakeholders to change traditional ways of doing business.
- Excellent oral and written communication skills, with proven ability to listen and communicate effectively with individuals at various levels and functions within an organization.
- Proven ability to proactively drive projects as a self-starter, to exercise good independent judgment, and to effectively manage multiple priorities under significant time pressure.
- Strong analytical, critical thinking, and problem solving skills; ability to understand complex topics and identify the critical issues in a timely manner.
- Proven project management experience, excellent organizational skills, and a keen attention to detail.
- Strong work ethic and ability to produce high quality work under significant time pressure.
- Curiosity and eagerness to learn; positive, “can-do” attitude.
- Ability to travel up to 25% of the time.