Job Summary
The Senior Counsel, Data Privacy is responsible for developing and leading a comprehensive global data privacy program that ensures compliance with worldwide data protection laws and supports organizational growth. This role will establish the foundation for scalable privacy processes, provide strategic counsel on data governance, and promote trust among patients, employees, and partners through effective policy implementation and risk management.
Key Responsibilities
Design, implement, and continuously enhance a global data privacy program that balances compliance with operational agility.
Advise teams on international and domestic data protection laws, including GDPR, UK GDPR, CCPA/CPRA, Swiss FADP, Section 5 of the FTC Act, CAN-SPAM, and other applicable regulations.
Conduct privacy assessments of business systems and initiatives, developing risk-based solutions that enable innovation while maintaining compliance.
Serve as the primary subject matter expert for data protection matters related to contracts, including vendor and partner agreements.
Partner with legal and contracting teams to standardize privacy-related terms and streamline processes.
Draft and maintain privacy notices, consent forms, and related disclosures for digital platforms.
Develop and lead company-wide training and communications to strengthen privacy awareness.
Provide legal guidance on data protection implications of artificial intelligence tools and technologies.
Manage responses to data subject access requests and potential data incidents.
Collaborate with compliance, internal audit, and IT security teams to monitor and audit adherence to data privacy standards.
Stay informed of evolving global privacy regulations and adapt organizational policies accordingly.
Qualifications
Juris Doctor (JD) from an accredited law school; active membership in a state bar required.
Minimum of 10 years of experience advising on data privacy and protection matters, preferably in the biotechnology, pharmaceutical, or healthcare sectors.
Experience working in fast-paced or pre-commercial environments preferred.
In-depth knowledge of U.S. and international privacy laws, including GDPR, UK GDPR, CCPA/CPRA, Swiss FADP, and related frameworks.
Proven experience designing and managing a corporate privacy program.
Strong leadership, analytical, and program management skills.
Excellent communication and interpersonal skills, with the ability to translate legal concepts into practical business guidance.
CIPM, CIPP/US, or CIPP/EU certifications preferred.