Description:

Role Summary:
The Privacy Counsel will play a pivotal role in ensuring An Independent International Pharmaceutical Laboratory's compliance with privacy laws and regulations across the US. Reporting to the US Head of Data Privacy, this Director level professional will provide privacy legal and compliance guidance and support to business stakeholders to ensure compliance with privacy regulatory requirements. This position requires a strategic problem solver with a legal background in privacy who can lead initiatives, provide expert guidance, and collaborate with business teams and stakeholders to effectively manage privacy risks. The Director will partner closely with cross functional groups including Business Development, Legal and Compliance, Global Privacy, Clinical, Procurement, R&D, Patient Advocacy and Patient Services.

Primary Responsibilities:

Serve as a U.S. data privacy subject matter expert providing practical, business-focused counsel on privacy matters.
Drive key initiatives related to the development, implementation, and maintenance of An Independent International Pharmaceutical Laboratory's U.S. data privacy program.
Monitor and advise on necessary compliance and implementation positions for current and emerging U.S. State data privacy and other relevant federal laws (e.g., CCPA/CPRA, CPA, VCDPA, HIPAA, Colorado AI Act, DOJ Data Security Rule, CAN-SPAM, TCPA, etc.).
Collaborate with the U.S. legal department and Global privacy team members with the negotiation of various agreements (Master Services Agreements, Informed Consent Forms, Clinical Trial Agreements, Professional Services Agreements, etc.), including Data Processing Agreements (DPAs).
Stay abreast of U.S. privacy regulations to proactively advise business teams on the impact and develop practical advice on approaches to compliance.
Appropriately balance business objectives with privacy risks.
Educate and influence internal stakeholders on privacy best practices and risk mitigation strategies.
Draft and update privacy policies, notices, guidelines, patient authorizations, and consent forms.
Develop and provide privacy training to U.S. business teams.
Review privacy and vendor risk assessments.
Manage and provide strategic advice and guidance in the event of a data breach.

External Long Description
Education and Required Skills

JD Degree from an accredited law school and a member in good standing of the Massachusetts Bar, or the ability to obtain a Massachusetts limited in-house counsel license
8+ years of experience providing privacy legal, compliance and security support
In-depth knowledge of U.S. privacy laws and requirements. Knowledge of GDPR and Canadian privacy laws and regulations is a plus
Proven track record of assessing risk and developing privacy legal and compliance strategies to minimize and manage risk
In-depth experience incorporating privacy by design and regulatory requirements into business programs and activities including but not limited to patient support programs, patient HUBs, marketing and market research activities
Proven ability to collaborate effectively with cross-functional partners
Strong communication, project management, and presentation skills
Ability to influence across business functions
Experience supporting clients within the life sciences or a similar industry focused on data privacy and security is preferred but not required.
CIPP/US privacy certification is a plus

Travel and Location