Senior Director,Data Privacy & Compliance

工作内容

Let Us Talk About You And The Team
We are looking for an experienced privacy counsel reporting into the Chief Privacy Officer. This professional will lead a privacy compliance and risk management team of privacy professionals across multiple regions (EU, the Americas and Asia Pacific) ensuring ongoing compliance with the GDPR, HIPAA, California CCPA and CPRA, China’s PILP and other applicable data privacy protection laws and policies applicable to ResMed’s operations.

You have a proven leadership experience developing privacy team members and operationalizing privacy principles based on the GDPR in a streamlined manner. You enjoy learning in a fast-paced environment. You operate with a partner and problem-solving mindset and collaborate with other privacy leaders within the global privacy organization and across the business to enable business objectives while minimizing privacy risks for data subjects.

You have good stamina and thrive in fast-paced, innovative, diverse work environments. You are agile, curious, lean process and results oriented. You also value the “how” in achieving results. You are self-aware, caring, collaborative and strive for excellence. 

Job Summary
The Head of Privacy Compliance and Risk Management, has accountability for the coordination of all activities relating to data privacy/protection applying GDPR-based principles across multiple regions where ResMed operates. This person collaborates with the Head of Privacy Advisory and Engagement and the Director of Privacy Technology & Operation and other business leaders and functions across ResMed.

Responsibilities

• This leader provides data privacy and protection advice to data controllers and functions to meet strategic goals and to protect business reputation and interests.
• Maintains and ensures operational effectiveness of privacy related policies, procedures and control in compliance with relevant laws and regulations.
• Ensures compliance-level documentation for assets, vendors and processes is completed, valid, and stored consistently in OneTrust.
• Works with the Director of Privacy Technology & Operations to establish and track OKRs approved by the CPO to effectively embed privacy by design/privacy by default controls in the products lifecycle, improve privacy teams’ performance and eliminate barriers for the privacy team and the business.
• Owns and maintains the privacy risk register and tracks remediation with tech support from the Director of Privacy Tech & Operations, working hand-in-hand with technology risk and information security teams.
• Leads and develops a team of privacy manager(s) and analysts, performing and documenting privacy impact analysis and responding to data subject requests.
• Collaborate across privacy teams in other regions (EEA, Asia Pacific, LATAM), Information Security Team, Legal, Compliance, Data Governance, Government Affairs, Regulatory, and Procurement, and others to streamline compliance processes that may intersect between each other.
• Oversees the investigation and management of privacy incidents in a designated region, breach notifications and reportable events in collaboration with the legal and corporate communications teams.
• Serve as privacy advisor on anticipating how changing/new privacy laws and regulations can potentially affect business operations and identifying solutions for integrating privacy for emerging technologies and complex business processes.
• Where necessary for strategic or specialist knowledge reasons, obtain and manage external counsel/legal advice.
  
  

Qualifications And Experience

• Demonstrated experience with at least 8+ years maturing and managing privacy programs. Demonstrated expertise running GDPR programs efficiently involving sensitive personal data in medical technologies connected to the cloud in the EU or a highly regulated industry.
• Experience responding to data subject or consumer requests, handling data incidents and breaches, supporting product development, preparing, or advising on privacy impact assessments, legal basis, and legitimate interest assessments.
• 6+ years of experience in managing high performing private professional teams.
• Demonstrated experience leveraging platforms, tools and systems to automate processes.
• Juris Doctor (JD) or equivalent legal training, LL.M. strongly preferred.
• IAPP industry certifications such as –CIPP/EU, CIPP/US, CIPM certification(s) and/or equivalent preferred with evidence of continuing professional development in privacy.
• In-depth knowledge of global privacy laws (e.g., GDPR, CCPA, CPRA, LGPD, PIPEDA).
• Experience working in a highly regulated and/or audited environment, particularly dealing with personal sensitive (health) data.
• Practical knowledge driving privacy by design/privacy by default in areas such as ad tech, use of data platforms, mobile applications, biometrics, and data analytics (using artificial intelligence), etc. is highly desirable.
• Experience in the connected health or medical technologies industries is a plus.
• Required language proficiency: English and French. Any other EU language strongly preferred.
  
  

Core Competencies

• Strong leadership, collaboration, and management skills; culturally savvy, self-aware, curious, agile, and able to exert influence at all organization levels.
• Strong analytical and problem resolution skills. Exceptional business judgment, with the ability to think strategically and give practical advice by balancing business needs with privacy and legal risks.
• Strong written and verbal communication skills, as well as the ability to work well with a diverse client base with diverse cultural backgrounds.
• Strong interpersonal and relationship building skills.
• Solid presentation skills. Good working knowledge of power point, excel, and other tools.
• Ability to work well under a fast-paced, dynamic environment with multiple competing priorities and projects.
• Works well with ambiguity and changing business environment.
• Technically savvy. Experience using OneTrust, JIRA, Asana, MS Teams, Slack, and/or related tools.
• Lean six sigma belts or similar training, process improvement a plus.
• Desire for continuous learning and professional development.
  
  

Flexible Work Environment

• This position is based in an EU country (e.g. Lyon, France, Munich, Germany, or Belgium). Travel to ResMed’s headquarter location in sunny San Diego and travel to other locations Dublin, Sydney, etc. may be needed from time to time.
• We encourage all team members and people leaders to be creative and open to new ideas regarding flexibility, hybrid working models and to work together to establish models that work for both the company and the individual. This aligns with ResMed’s high-trust culture and provides an environment for continued success.