The individual in this position will provide strategic and solutions-oriented legal advice to a broad spectrum of internal clients, including senior leadership, on worldwide regulatory issues related to the processing of personal data, including but not limited to the EU General Data Protection Regulation (GDPR), Section 5 of the FTC Act, CAN-SPAM, PIPEDA and the EU ePrivacy, and Retention Directives. This role will also have responsibility for advising our legal colleagues on issues and considerations relating to data protection and security.
This position will report to the Head Privacy Counsel.
- Performing regular privacy assessments of new and existing business processes, providing practical and timely advice to internal clients to design business processes in compliance with applicable data protection requirements, while addressing legal risks and protecting the company’s integrity and reputation.
- Reviewing data inventories and data protection impact assessments for certain high risk business processes and working with the business, as well as the global data protection officer, to mitigate any residual risks.
- Drafting privacy notices and consents for business processes across the organization, and maintaining the organization’s global privacy notice on company websites
- Developing and reviewing content for privacy training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations, as well as to ensure awareness of “best practices” on privacy and data security issues
- Working with colleagues in IT to further develop and refine security practices, mature company procedures and questionnaires for vetting and auditing vendors for privacy and data security related requirements, and review system-related information security plans.
- Acting as subject matter expert and internal escalation point for data protection issues in contracting, including data processing agreements, research collaborations, and transactional agreements; continue to develop template materials for contracting and advise/train members of the legal department on handling privacy-related language in contracts.
- Evaluating and responding to data subjects requests (e.g., request for information, clarifications, rectification or deletion of personal data) and reports of potential data incidents.
- Keeping abreast of privacy developments affecting clients (e.g., evolving guidance out of the European Union, California Privacy Act, discussions of US privacy laws, CAN-SPAM and e-privacy developments) and anticipating potential changes needed to global privacy program to meet new regulatory requirements.
- Participating in various Legal & Compliance Department projects and initiatives (e.g., Culture Committee, Pro Bono & Community Engagement Committee, Talent & Development Committee, Diversity Committee, offsite planning, strategic planning).
- JD from an ABA accredited law school and member of a state bar.
- Minimum of 5 years’ experience providing privacy advice, preferably to pharmaceutical, biotechnology, or medical device companies, whether in-house or at a law firm
- Specific expertise required in statutes, regulations and guidance concerning: GDPR and the ePrivacy Directive, as well as US privacy requirements (Section 5 of the FTC Act, CAN SPAM, state breach notification laws). Familiarity with data protection statutes and regulations in other areas of the world a bonus.
- CIPM, CIPP/US or CIPP/EU certification(s) preferred but not required
- Consummate team player with excellent judgment and interpersonal skills.
- Ability to constructively counsel and influence clients in making the right decisions, and to make tough calls.
- Ability to balance risks in ambiguous and complex situations.
- Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and multi-functional teams.
- Highly motivated to contribute and grow within a complex area of emerging importance.
- Capacity to simultaneously handle a variety of complex legal matters with minimal guidance
- Demonstrable experience taking ownership of issues and providing timely, actionable advice.
- Exceptional written, oral and presentation skills.
Vertex is a global biotechnology company that aims to discover, develop and commercialize innovative medicines so people with serious diseases can lead better lives. In addition to our clinical development programs focused on cystic fibrosis, Vertex has more than a dozen ongoing research programs aimed at other serious and life-threatening diseases.
Founded in 1989 in Cambridge, Mass., Vertex today has research and development sites and commercial offices in the United States, Europe, Canada and Australia. For five years in a row, Science magazine has named Vertex one of its Top Employers in the life sciences. For additional information and the latest updates from the company, please visit www.vrtx.com.
Vertex is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants without regard to a person's race, color, gender, age, religion, national origin, ancestry, disability, veteran status, genetic information, sexual orientation or any characteristic protected under applicable law. Vertex will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.
Application Submission Informaion