Medtronic

Helaas, deze vacature is niet langer actief

Originele vacaturetekst

EMEA Legal Director, Data & Privacy Program

A Day in the Life
The EMEA Legal Program Director reports into the Chief Privacy Legal Counsel and dotted line into the Regional General Counsel, and is a member of the leadership team of the Data & Privacy Center of Excellence (“COE”). This position closely collaborates with a network of professionals within the team and across the organization to build, implement and manage a highly visible, best-in-class regional Data & Privacy Program and related requirements across Medtronic businesses in a highly regulated environment.

The Legal Program Director EMEA, Data and Privacy (“EMEA Legal Program Director”) provides a broad range of leadership and direct support and execution for the design, development, coordination, implementation and ongoing management of Medtronic’s global data protection and privacy program that covers all Medtronic businesses and functions, in the EMEA region.


Key responsibilities include:

  • Lead by example to model a culture of ethics and integrity; exercise sound judgment and courage as a trusted advisor to the business and to the team;
  • A role model among leaders, displaying personal integrity and ability to affect change.
  • Foster ethical culture, including “tone at the top” and “tone in the middle” through strategic influence and leadership.
  • Lead Counsel on Data and Privacy for the Region
  • Overall accountability for Data and Privacy regional program process, performance, and customer satisfaction.
Implements Operational Work @ Local Level:
  • Regional Policies & Standards
    • Collaborate with key stakeholders in region to develop, obtain required approvals, and implement data protection and privacy policies and procedures that meet legal, regulatory and business requirements; collaborate with regional and business privacy professionals and business leads to develop and obtain approvals of regional or business level data protection and privacy policies as necessary;
    • Implement and operationalize Global Policies and standards in region
  • Local Training:
    • In cooperation with Privacy Operations, collaborate with stakeholder partners to develop and implement a global data protection and privacy training and awareness program in region that address data protection and privacy requirements for employees, contractors and vendors as appropriate; ensure standards and processes to monitor individual completion of mandatory training and escalate as necessary;
  • Regional governance:
    • In close cooperation with Privacy Operations, collaborate with regional leadership to establish, refine and manage effective data protection and privacy governance activities such as the establishment and management of an executive level governance board, communication, routine and ad hoc meeting management, reporting, notification and escalation, program management, and meeting administration;
  • Customize Templates and Tools to regional requirements
    • Ensure that the organization has and maintains appropriate data protection and privacy model documents in accordance with regional requirements, such as notices, consents, authorization forms, contract language, business associate agreements, and other similar required documents; develop and maintain model document development, review, approval, maintenance and exception procedures for these types of privacy documents;
  • Triage advising and assessment work to Global team or OU Privacy Specialists, or keep and execute in regional team.
    • In cooperation with Privacy Operations, develop and manage requirements, standards and processes for conducting privacy impact assessment and/or business consulting activities to be conducted by the regional team, or by the Privacy Operations with support of regional team and other key stakeholders; these assessments and consulting activities may include new product development, material changes to existing products, third party vendor privacy assessments and business consultation requests;
    • Perform regional vendor and risk assessments in accordance with global policies and procedures
    • Engage in regional Privacy by Design and bespoke advising in accordance with global policies and procedures
    • Provide data protection and privacy program and requirements subject matter expertise as key resource to Operating Units, partner functions, and other key stakeholders in region.
  • Compliance associated with local law
    • In cooperation with Privacy Operations, develop and manage processes and procedures for identification and implementation of new legal requirements relating to data protection and privacy impacting Medtronic businesses. Provide communication and guidance to COE as well as OU, functional and partnering teams in region for implementation of identified requirements. Collaborate with stakeholders to test implementation effectiveness for high risk implementation activities as appropriate
    • Drive regional/country action plans (GDPR; POPIA; data localization projects; …)
    • Coordinate local notifications to authorities
    • Support certification activities in the region ; lead local Code of Conduct initiatives, monitor compliance
    • Regional incidents and Data Subject Requests
    • Support Regional M&A related work
    • Remediation
      • Ensure remediations adequately and timely resolved
      • Foster strategic partnerships with multiple key internal and external high-level stakeholders, such as executive leadership.
  • Local Monitoring
    • In close cooperation with Chief Privacy Counsel, point of Contact for Risk Partners to support regional coordination and alignment of risk management activities relating to data protection and privacy requirements;
    • In close collaboration with the Sr. Legal Director, Global Data & Privacy Programs and Privacy Operations, implement and manage effective reporting processes and standards; develop and implement routine and ad hoc management and governance reporting and metrics;
    • As requested, support execution of a risk based annual plan and routine reporting that is approved by Chief Privacy Counsel. This plan addresses, at a minimum, key Program activities and enhancements, department or organizational commitments, and program based mitigation projects anticipated by the Global Program leadership; resources, prioritization and budget implications will be identified in development of the plan;
    • As requested, support periodic internal Program assessment that results in program enhancement, mitigation and remediation activities as appropriate;
    • Appoint and oversee Regional and country-level DPO (Data Protection Officer) where required
  • Local record keeping and reporting
  • Regional customer go-to-model
    • Support go to market
    • Support customer discussions on privacy
Other responsibilities include:
  • Provide regional support to Privacy Operations including budget planning and monitoring, resource management, talent management, performance management, coaching/mentoring, and function metrics and reporting;
  • Represent Regional Needs On Global Leadership Team
  • People Manager for Regional Team
  • In close cooperation with Sr. Director, Global Data Strategy and Governmental Affairs, engage in regional advocacy and policy shaping initiatives, and take up roles in Regional Trade Associations

Education Required & Years of Experience

  • Law Degree from a well-regarded and accredited university and a minimum of 7+ years as a practicing lawyer with specific experience in data protection/privacy requirements, laws and regulations in the EEA, UK or Switzerland;
  • 7+ years of managerial experience; and ABOUT MEDTRONIC
    Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.

    We can accelerate and advance our ability to create meaningful innovations – but we will only succeed with the right people on our team. Let’s work together to address universal healthcare needs and improve patients’ lives. Help us shape the future.
    3+ years in comparable program leader role with privacy strategy and experience in privacy or operations within a global, multi businesses and services organization

Specialized Knowledge or Skills Required

  • Knowledge of and experience providing legal advice and business solutions relating to EU data protection and privacy laws and regulations – with specific expertise relating to health data requirements;
  • Experience providing legal advice, support and business solutions for a data protection, privacy, security, or equivalent function directly or indirectly for a large, regulated and matrixed organization;
  • Prior compliance oversight of complex systems responsibilities preferred, as well as experience in the healthcare industry (particularly medical devices).
  • Prior success in effectively identifying, assessing and prioritizing compliance-related risks, such as through risk assessment, policies & procedures, training, monitoring, and remediation actions.
Nice to haves:
  • Legal experience in the medical device, pharma or healthcare industry
  • Ability to manage and execute multiple complex projects (including those with systems responsibilities) across multiple stakeholder groups within required timelines and expectations required.
  • Understand complex and diverse compliance environments and ability to work effectively with multi-divisional teams in different locations / businesses / geographies to ensure compliance particularly in matrixed and/or multinational organizations.
  • Ability to work effectively in a team environment and build strong working relationships, involving multiple business functions, units, and/or geographies.
  • Ability to identify high risk situations and provide appropriate guidance, including the ability to make courageous and unpopular decisions.
  • Ability to make an impact and influence at all levels of employee and management groups, including executive leaders, to implement compliance program initiatives.
  • Demonstrated results orientation (driving to deadlines, financial targets, project goals, etc.)
  • Proven execution under pressure and ability to maintain positive, enthusiastic attitude.
  • Demonstrated ability to work on multiple competing priorities simultaneously;
  • Demonstrated ability to work across a matrixed or virtual organization and still meet objectives

ABOUT MEDTRONIC
Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.

We can accelerate and advance our ability to create meaningful innovations – but we will only succeed with the right people on our team. Let’s work together to address universal healthcare needs and improve patients’ lives. Help us shape the future.

Additional Information
  • Posting Date: Nov 26, 2020
  • Travel: No
Type vacature:
Intern

Vaardigheden

  • Er is geen minimale opleiding vereist
  • Voor deze functie is er geen minimale werkervaring vereist