Sr. Counsel, Data Privacy/Sr. Data Privacy Officer
Gaithersburg, MD, US, 20879
We go where others won’t, taking on some of the biggest public health challenges to protect and enhance millions of lives, and create a better, more secure world. Here, you will join passionate professionals who advance their scientific, technical and professional skills to develop products designed-to protect and enhance life.
I. JOB SUMMARY
Based in Emergent’s Legal Department, the Sr. Counsel, Data Privacy/ Data Privacy Officer is a newly created position that will work closely with legal, business, compliance and technology teammates to ensure the company’s compliance with current/developing rules and regulations. This position is responsible for leading Emergent’s data privacy program, including driving understanding of and compliance with U.S. and international privacy laws. This role has global impact across the products and services that the company provides.
II. ESSENTIAL FUNCTIONS
Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions.
- Serve as primary privacy contact for internal stakeholders regarding data privacy incidents, inquiries from governing regulatory bodies, conducting data privacy impact assessments (DPIA), data subject access requests, maintaining the Company’s privacy policy and third-party data risk assessments, among other duties;
- Maintain subject matter expertise in multiple areas of privacy, including United States and international data privacy frameworks, regulations and requirements and ability to drive compliance;
- Responsible for implementing and managing company-wide privacy program. Assess and drive further development of company’s privacy program, ensuring Emergent meets its legal, regulatory, and reputational responsibilities, including translating legal requirements into privacy program deliverables and processes;
- Manage and lead the implementation of the global training and communication programs and monitor privacy risk across the business while also providing updates to internal clients on changes in legal developments in the area of data protection, security, data governance and privacy.
- Manage cross-functional partnerships with information security colleagues, including Chief Information Security Officer;
- Lead cross-functional privacy efforts including the identification of and mapping of applicable regulatory obligations to risks, controls, controls testing and policy documents;
- Lead the DPIA review process and identify potential improvements including enhancing the workflow for the intake, monitoring and tracking of assessments, as well as developing key metrics;
- Provide oversight for the strategic review, drafting and negotiating of privacy and data security terms in contracts, including data processing agreements and data transfer agreements;
- Provide oversight and support to the team in partnering with the business and support functions to conduct analyses of the key personal data processing of their areas, including documentation of data flows, processes and procedures while providing risk and controls knowledge to the team to improve business compliance;
- Develop and implement policies and procedures for privacy compliance processes in support of our privacy strategy;
- Manage incident response for data privacy breaches, conduct root cause analyses, and oversee remediation efforts;
- Develop and leverage key performance indicators to track, manage, measure and report on metrics across the organization related to key privacy and compliance trends; and
- Implement appropriate data privacy compliance controls and tools, including working with compliance technology support and other internal functions to make improvements and address any gaps identified.
The above statements are intended to describe the nature of work performed by those in this job and are not an exhaustive list of all duties. Nothing in this job description restricts managements right to assign or reassign duties and responsibilities to this job at any time which reflects management’s assignment of essential functions.
III. MINIMUM EDUCATION, EXPERIENCE, SKILLS
- Minimum 8 years of data privacy compliance and/or legal experience in-house, at a privacy regulator, a law firm, and/or in the government;
- Law degree and/or equivalent relevant experience is preferred
- Substantial subject matter expertise in US and international data privacy laws, rules, regulations, and industry standards, including sound working knowledge of EU GDPR as well as expertise in privacy risk and compliance management;
- Ability to work independently and effectively manage and prioritize multiple projects simultaneously;
- Maintain industry certification in privacy such as CIPP-US;
- Experience with NIST Privacy and Cybersecurity frameworks;
- Experience in identifying, assessing and working with stakeholder groups to mitigate identified risk (across different functions and levels of the business);
- Ability to work collaboratively in a fast-paced environment in cross-functional teams, prioritize and meet deadlines;
- An ability to and experience with advising senior business leaders and boards of directors on data privacy matters;
- Strong stakeholder management experience and skills to collaborate effectively with IT, commercial leads, security and risk professionals, engineers, software developers, product development, Human Resources, and other teams;
- Strong attention to detail and excellent organizational skills.
- Team player with the ability to build relationships, internally and externally.
- Self-motivated and able to motivate others.
- J.D. preferred but not required
IV. PHYSICAL/MENTAL DEMANDS AND WORK ENVIRONMENT CHARACTERISTICS
The physical/mental demands are representative of those that must be met by an individual to successfully perform the essential functions of the job.
The work environment characteristics described here are representative of those an individual would encounter while performing the essential functions of the job.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Physical/Mental Demands and Work Environment Characteristics:
Mental Demands:
- Ability to organize/coordinate
- Comprehend and follow instructions
- Direct, control and plan
- Problem Solve
- Analyze/Interpret data and information
- Perform with frequent interruptions
- Make decisions using sound judgment
Physical Demands:
- Use keyboard/computer/phone
Travel:
- Occasional travel as required
U.S. Base Pay Ranges and Benefits Information
The estimated annual base salary as a new hire for this position ranges from [$194,500 to $235,900]. Individual base pay depends on various factors such as applicant’s education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant’s geographic location. Certain roles are eligible for additional incentive compensation, including merit increases, annual bonus, [and/or long-term incentives in the form of stock options.]
Additionally, Emergent offers a comprehensive benefits package*. Information regarding additional benefits can be found here: https://www.emergentbiosolutions.com/careers/life-at-emergent
(*Eligibility for benefits is governed by the applicable plan documents and policies).
If you are selected for an interview, please feel welcome to speak to a Human Resources Partner about our compensation philosophy and available benefits.
There are physical/mental demands and work environment characteristics that must be met by an individual to successfully perform the essential functions of the job. This information is available upon request from the candidate.
Reasonable accommodations may be made to enable individuals with disabilities to perform all essential functions.
Emergent BioSolutions is an Equal Opportunity/Affirmative Action Employer and values the diversity of our workforce. Emergent does not discriminate on the basis of race, color, creed, religion, sex or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, age, national origin, ancestry, citizenship status, marital status, physical or mental disability, military service or veteran status, genetic information or any other characteristics protected by applicable federal, state or local law.
Per CDC guidelines, Emergent strongly recommends that all employees working on site are vaccinated to help ensure their safety, as well as the safety of fellow employees. This includes the use of good judgment when determining when the CDC guidelines advise that you stay home when ill.
Information submitted will be used by Emergent BioSolutions for activities related to your prospective employment. Emergent BioSolutions respects your privacy and any use of the information submitted will be subject to the terms of our Privacy Policy .
Emergent BioSolutions does not accept non-solicited resumes or candidate submittals from search/recruiting agencies not already on Emergent BioSolutions’ approved agency list. Unsolicited resumes or candidate information submitted to Emergent BioSolutions by search/recruiting agencies not already on Emergent BioSolutions’ approved agency list shall become the property of Emergent BioSolutions and if the candidate is subsequently hired by Emergent BioSolutions, Emergent BioSolutions shall not owe any fee to the submitting agency.
Nearest Major Market: Washington DC