Position Scope and Key Responsibilities:
Genentech, a member of the Roche Group, is looking for an experienced privacy manager and attorney to join our Legal Department as Director and Assistant General Counsel of the Privacy Program. In this role, you will report to the company's Chief Privacy Officer in the Privacy Law Group and be responsible for leading and driving aspects of the Privacy Program and promoting compliance with data protection and privacy laws and regulations affecting business activities primarily in the United States. You will develop and implement related policies, practices, and training programs, and help business stakeholders to understand and address data protection and privacy issues as they emerge in the development of new products and technologies. You will be expected to stay abreast of developments and trends in data protection and privacy laws and regulations and enforcement.
● Play a leading role in shaping and executing on the organization’s Privacy Program and strategic plan, including policies, procedures, training and awareness, and ongoing monitoring and improvement.
● Work to design, implement, and enhance privacy operations mechanisms to meet the needs of the company and to ensure compliance with privacy requirements, including, without limitation, processes for product launches, marketing programs, vendor privacy management, and data mapping and assessments (PIAs).
● Develop and maintain a deep comprehension of company processes, systems, technologies, data, customers, consumers, partners, and the privacy-related compliance/regulatory environment in which the organization operates.
● Facilitate the implementation of “Privacy by Design” standards and practices throughout relevant policies and procedures in accordance with applicable legal, regulatory, and industry standards.
● Manage privacy program compliance managers and privacy operations professionals who support the Privacy Program.
● Work closely with stakeholders to identify and prioritize gaps in privacy implementation across global business units and proactively identify opportunities for improvement.
● Lead efforts to drive a high level of company awareness of privacy standards through continual training, communication programs, and initiatives.
● Execute on additional key initiatives, such as individual rights, metrics, and data privacy governance.
● Identify privacy risks, trends, and vulnerabilities, and help establish procedures for proactively identifying and responding to changes in the regulatory landscape.
● Partner with control and oversight groups to create, maintain, test, and monitor for privacy and data protection compliance.
● Establish and maintain relationships, credibility and trust with clients, stakeholders, legal team members and other colleagues.
● Lead and/or participate in Group, Department, and cross-functional projects and initiatives that impact the people and/or practices of the Privacy Office.
● Exhibit a “can do” attitude in anticipating and proactively resolving issues and conflicts, streamlining processes, and reducing redundancies and/or inefficiencies in operating models and systems.
● Foster an inclusive environment where diverse perspectives are valued and encouraged in our operational functions and strategies, as well as our team culture.
● Act as a role model across the team and Genentech/Roche organization in effective communication, poise under pressure, a solution oriented mindset, collaboration across local and global teams, tackling new challenges with curiosity, effectively utilizing available resources, and a willingness to listen and learn from others.
● A JD degree and U.S. state bar membership in good standing are required.
● At least 10-12 years of experience as a practicing attorney, in-house and/or at a law firm, including at least 7 years of direct, hands-on experience advising on data privacy matters to biotechnology and/or pharmaceutical companies.
● At least 2+ years demonstrated experience and track record of success in:
○ Designing and implementing privacy compliance programs, policies, and processes.
○ Presenting to internal and external audiences.
○ Communicating and influencing internal stakeholders regarding creation and adherence with data privacy requirements.
○ Driving and implementing organizational change.
○ Assessing legal risks relating to data protection and privacy, and identifying and advising on practical, compliant ways to mitigate those risks.
○ Managing people and advancing culture and community.
● CIPP/US and CIPM certification preferred.
● The successful candidate will be a subject matter expert on requirements of data protection and privacy legal issues that affect the business activities of a research-based biotechnology company, including scientific research involving patient-derived data, clinical trials, patient support services, digital health information, intra- and inter-company business transactions, sales and marketing, and consumer protection; will also serve as a subject matter expert on privacy issues associated with employment and e-discovery.
● Comprehensive understanding of relevant statutes, regulations and guidance is required, such as state privacy, medical information, and breach notification laws, HIPAA, EU General Data Protection Regulation (GDPR), TCPA, and CAN-SPAM.
● Ability to work and influence a wide range of cross-functional teams and leaders within a matrixed organization.
● Strong organizational and teamwork skills.
● Detail-oriented, self-motivated, and able to motivate others.
● A strong commitment to integrity and professionalism and demonstrated passion for excellence.