Data Protection & Privacy Consultant - MITG, Medtronic, Minneapolis, MN, Boulder, CO, New Haven, CT

The Data Protection and Privacy Consultant (“Consultant”) provides leadership and direct support for the strategy, design, development, implementation, and ongoing management of Medtronic’s Global Data Protection and Privacy Program activities that address and support US and OUS legal and regulatory requirements.  In collaboration with the Senior Director, this seasoned professional actively engages with privacy professionals within the team as well as regional and business unit personnel and leaders to provide privacy expertise, direct support, and influence management for operational execution and compliance with US and OUS based legal, regulatory and business data protection and privacy requirements.  

 In alignment with the Global Data Protection and Privacy Program policies, standards and requirements, this position focuses on a wide range of business operations activities, practices and standards to meet US and OUS privacy regulatory requirements such as HIPAA, PIPEDA, US Patriot Act, Breach Notification laws, EU 95/46, GDPR, regional and country specific laws throughout globe, ISO and other standards bodies and international standards.  

The Data Protection and Privacy team operates as a high functioning team within a relatively flat team structure.  Members of this team are innovative, highly flexible; enthusiastic collaborators; results orientated; independent; actively engaged; and able to influence without direct authority.    

This position could reside in Boulder, CO, New Haven, CT or Minneapolis, MN (preferred in one of those 3 cities), or elsewhere if near a Medtronic facility.

A Day in the Life

In collaboration with data protection and privacy leadership, the broader team, and the business, the Consultant closely aligns with multiple partner stakeholders and the global data protection professionals to design, execute, and execute standards and practices for effective data protection and privacy across Medtronic. Key responsibilities include:

  • Lead by example to model a culture of ethics and integrity; exercise sound judgment and courage as a trusted advisor to the business and to the team; 
  • Provide data protection and privacy program and requirements subject matter expertise as key resource and point of contact to regional, business, partner functions, and other key stakeholders;
  • Conduct and evaluate privacy impact assessment (PIA) activities and/or business consulting for new product development, material changes to existing products, third party vendor privacy assessments and business consultation requests as required by the PIA standards and procedures.  Analyze results of assessments to identify trends and patterns that can be used to improve review efficiencies, existing processes, and standards: 
  • Lead or direct region or business level privacy assessments that results in program enhancement, mitigation and remediation activities as appropriate;
  • Lead or direct the development and implementation of regional or business unit corrective action for identified privacy incidents or breaches; provide routine remediation status reporting for management and governance oversight;
  • Collaborate with business resources and leadership and other key stakeholders to implement new legal and regulatory requirements relating to data protection and privacy impacting Medtronic businesses.   Provide communication and guidance to regional and business leads personnel for implementation of identified requirements.  Design and   implement effectiveness testing for high risk implementation activities as appropriate;  
  • Design, direct and execute data protection and privacy operational compliance monitoring activities in collaboration and coordination with the organization's security, compliance, audit, risk management and other related corporate functions as appropriate;
  • Develop and implement business level data protection and privacy policies, standards and procedures, as required.  Ensure routine review and approvals thorough the Data Protection and Privacy Office as required; 
  • Provide subject matter expertise for development and implementation of role based data protection and privacy training as required.  Coordinate module review with the Data Protection and Privacy Office as necessary to confirm alignment of content and approach with the broader data protection and privacy training and awareness program;  
  • Collaborate with the legal team to develop and provide business access to model data protection and privacy documents such as confidentiality notices, consents, authorization forms, contract language, business associate agreements and other related required documents; coordinate with DPP Program team for model document review, approval, maintenance and exception procedures for these types of privacy documents;
  • Collaborate with legal and the business privacy leads to design and implement standards and processes for business response to individual rights requests such as data access requests, accounting of disclosures, the right to inspect and copy, restrictions on disclosures, opt-in or opt-out requirements and other related individual rights;
  • Design and implement business unit privacy “Covered Entity”, “Business Associate” or similar privacy related contracting requirements; 
  • Lead and execute data protection and privacy efforts for the due diligence and integration of acquisitions within the businesses;
  • Provide input and detail for  budget planning, monitoring, and function metrics and reporting as requested;
  • Provide subject matter expertise for the Global Data Protection and Privacy Program in development and implementation of core privacy program elements as requested.  
  • Other responsibilities as assigned.

Must Have: Minimum Requirements 

Education Required:  

  • BS/ BA Degree

Years of Experience: 

  • 10+  years of privacy experience with a Bachelor’s Degree and 8+ years of privacy experience with a Master’s or Advanced degree

Specialized Knowledge/Skills Required:

  • Knowledge of and experience supporting business understanding and compliance with US privacy laws 
  • Experience supporting a data privacy, security or equivalent function directly or indirectly for a large, regulated and matrixed organization
  • Project/program management experience
  • Experience with business operations requirements implementation
  • Experience in supporting cross-functional teams

Nice to Have 

  • Advanced degree
  • Proven track record of successful and broad influence management
  • Experience in the healthcare industry
  • Experience directly or indirectly with compliance or similar function
  • Experience supporting change management projects
  • Strong knowledge of, and experience in program and project management
  • Experience working with global and/or matrixed IT systems, services, operations or other related management environment
  • Demonstrated cross-functional team execution skills 
  • Experience assessing and defining system specifications preferably in relation to compliance with data protection and privacy regulations
  • Demonstrated advocate for proper data management systems
  • Demonstrated experience building positive relationships with a variety of stakeholders, including with employees, clients, senior management, external parties/authorities and suppliers.
  • Demonstrated results orientation (driving to deadlines, financial targets, project goals, etc.)
  • Strong ability to work collaboratively and partner with employees, other leaders, clients, and vendors.
  • Demonstrated ability to work across many levels of an organization, from VP to non-exempt staff
  • Demonstrated ability to work across a matrixed or virtual organization and still meet objectives 
  • Demonstrated ability to manage multiple priorities simultaneously.
  • Demonstrated ability to utilize excellent decision making skills.
  • Experience and demonstrated ability to present to a variety of audiences including the ability to translate technical information
  • Lean Sigma or Six-Sigma training/experience
  • Vendor management experience
  • Familiarity with FDA and FTC regulations,  HIPAA, PIPEDA, US Patriot Act,  EU 95/46 and GDPR, Breach Notification laws, ISO and other standards bodies and international standards

About Medtronic

Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be. 

We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let’s work together to address universal healthcare needs and improve patients’ lives. Help us shape the future. 

Physical Job Requirements

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. 

The physical demands described within the Day in the Life section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Travel 10%.

Application Submission Information: