Reporting to the Chief Privacy Counsel, this position closely collaborates with a network of professionals within the team and across the organization to build, implement and manage a highly visible, best-in-class regional Data & Privacy Program and related requirements across Medtronic businesses in a highly regulated environment.
- Manage Regional Data & Privacy Program
- Provide expert legal advice & local law interpretations/guidance
- Manage regional work by privacy legal counsels and privacy program specialists
- Manage DPO if any for countries in scope
- Implement compliance program at regional level
- Execute global program requirements locally
- Primary point of contact for OUs and Functions for data and privacy issues in Region
- In close cooperation with Global Data Strategy Lead and Governmental Affairs, regional participation in trade associations, support & advocacy
The Americas Legal Program Director reports into the Chief Privacy Legal Counsel and dotted line into the Regional General Counsel and is a member of the leadership team of the Data & Privacy Center of Excellence (“COE”).
Due to the need to gain significant matrixed collaboration and alignment, influence management will be instrumental in this role.
The Data and Privacy COE operates as a high functioning team within a relatively flat team structure. Members of this team are innovative, highly flexible; enthusiastic collaborators; results orientated; independent; actively engaged; and able to influence without direct authority.
The Americas Legal Program Director provides a broad range of leadership and direct support and execution for the design, development, coordination, implementation and ongoing management of Medtronic’s global data protection and privacy program that covers all Medtronic businesses and functions, in the AMERICAS region.
A Day in the Life
- Lead by example to model a culture of ethics and integrity, exercise sound judgment and courage as a trusted advisor to the business and to the team.
- A role model among leaders, displaying personal integrity and ability to affect change.
- Foster ethical culture, including “tone at the top” and “tone in the middle” through strategic influence and leadership.
- Lead Counsel on Data and Privacy for the Region
- Overall accountability for Data and Privacy regional program process, performance, and customer satisfaction.
- Implements Operational Work @ Local Level:
- Regional Policies & Standards
- Collaborate with key stakeholders in region to develop, obtain required approvals, and implement data protection and privacy policies and procedures that meet legal, regulatory and business requirements; collaborate with regional and business privacy professionals and business leads to develop and obtain approvals of regional or business level data protection and privacy policies as necessary;
- Implement and operationalize Global Policies and standards in region
- Local Training:
- In cooperation with Privacy Operations, collaborate with stakeholder partners to develop and implement a global data protection and privacy training and awareness program in region that address data protection and privacy requirements for employees, contractors and vendors as appropriate; ensure standards and processes to monitor individual completion of mandatory training and escalate as necessary.
- Regional governance:
- In close cooperation with Privacy Operations, collaborate with regional leadership to establish, refine and manage effective data protection and privacy governance activities such as the establishment and management of an executive level governance board, communication, routine and ad hoc meeting management, reporting, notification and escalation, program management, and meeting administration.
- Regional governance:
- Customize Templates and Tools to regional requirements
- Ensure that the organization has and maintains appropriate data protection and privacy model documents in accordance with regional requirements, such as notices, consents, authorization forms, contract language, business associate agreements, and other similar required documents; develop and maintain model document development, review, approval, maintenance and exception procedures for these types of privacy documents;
- Triage advising and assessment work to Global team or OU Privacy Specialists, or keep and execute in regional team.
- In cooperation with Privacy Operations, develop and manage requirements, standards and processes for conducting privacy impact assessment and/or business consulting activities to be conducted by the regional team, or by the Privacy Operations with support of regional team and other key stakeholders; these assessments and consulting activities may include new product development, material changes to existing products, third party vendor privacy assessments and business consultation requests;
- Perform regional [VC1] vendor and risk assessments in accordance with global policies and procedures.
- Engage in regional Privacy by Design and bespoke advising in accordance with global policies and procedures.
- Provide data protection and privacy program and requirements subject matter expertise as key resource to Operating Units, partner functions, and other key stakeholders in region.
- Compliance associated with local law
- In cooperation with Privacy Operations, develop and manage processes and procedures for identification and implementation of new legal requirements relating to data protection and privacy impacting Medtronic businesses. Provide communication and guidance to COE as well as OU, functional and partnering teams in region for implementation of identified requirements. Collaborate with stakeholders to test implementation effectiveness for high risk implementation activities as appropriate
- Drive regional/country action plans (GDPR; POPIA; data localization projects; …)
- Coordinate local notifications to authorities
- Support certification activities in the Region; lead local Code of Conduct initiatives, monitor compliance
- Regional incidents and Data Subject Requests
- In close collaboration with Privacy Operations and other key stakeholders, support incident response management, root cause analysis and remediation for privacy incidents and regulator/ government privacy issue inquiries and requests as necessary
- Collaborate with Privacy Operations and partnering legal functions to define standards and processes for response to individual rights requests such as data access requests, accounting of disclosures, the right to inspect and copy, restrictions on disclosures, opt-in or opt-out requirements and other related individual rights; execute in region, where needed with support of OU Privacy partners
- Support Regional M&A related work
- Ensure remediations adequately and timely resolved
- Foster strategic partnerships with multiple key internal and external high-level stakeholders, such as executive leadership.
- Local Monitoring
- In close cooperation with Chief Privacy Counsel, point of Contact for Risk Partners to support regional coordination and alignment of risk management activities relating to data protection and privacy requirements.
- In close collaboration with the Sr. Legal Director, Global Data & Privacy Programs and Privacy Operations, implement and manage effective reporting processes and standards; develop and implement routine and ad hoc management and governance reporting and metrics.
- As requested, support execution of a risk based annual plan and routine reporting that is approved by Chief Privacy Counsel. This plan addresses, at a minimum, key Program activities and enhancements, department or organizational commitments, and program-based mitigation projects anticipated by the Global Program leadership; resources, prioritization and budget implications will be identified in development of the plan.
- As requested, support periodic internal Program assessment that results in program enhancement, mitigation and remediation activities as appropriate.
- Appoint and oversee Regional and country-level DPO (Data Protection Officer) where required
- Local record keeping and reporting
- complete and up to date GDI and DMA
- Regional customer go-to-model
- Support go to market
- Support customer discussions on privacy
- Provide regional support to Privacy Operations including budget planning and monitoring, resource management, talent management, performance management, coaching/mentoring, and function metrics and reporting.
- Represent Regional Needs on Global Leadership Team
- People Manager for Regional Team
- In close cooperation with Sr. Director, Global Data Strategy and Governmental Affairs, engage in regional advocacy and policy shaping initiatives, and take up roles in Regional Trade Associations
MUST HAVE: Law Degree from a well-regarded and accredited university and a minimum of 7+ years as a practicing lawyer with specific experience in data protection/privacy requirements, laws and regulations in the US; 7+ years of managerial experience; and 3+ years in comparable program leader role with privacy strategy and experience in privacy or operations within a global, multi businesses and services organization
Specialized Knowledge or Skills Required
- Knowledge of and experience providing legal advice and business solutions relating to EU data protection and privacy laws and regulations – with specific expertise relating to health data requirements.
- Experience providing legal advice, support and business solutions for a data protection, privacy, security, or equivalent function directly or indirectly for a large, regulated and matrixed organization.
- Prior compliance oversight of complex systems responsibilities preferred, as well as experience in the healthcare industry (particularly medical devices).
- Prior success in effectively identifying, assessing and prioritizing compliance-related risks, such as through risk assessment, policies & procedures, training, monitoring, and remediation actions.
NICE TO HAVE:
This is an optional section and can include things not easily identified from the resume, but more likely to be explored during the interview process.
- Seasoned legal professional with 12+ years as a practicing lawyer
- Legal experience in the medical device, pharma or healthcare industry
- Legal experience in advising on direct-to-customer (B2C) business models.
- Ability to manage and execute multiple complex projects (including those with systems responsibilities) across multiple stakeholder groups within required timelines and expectations required.
- Understand complex and diverse compliance environments and ability to work effectively with multi-divisional teams in different locations / businesses / geographies to ensure compliance particularly in matrixed and/or multinational organizations.
- Ability to work effectively in a team environment and build strong working relationships, involving multiple business functions, units, and/or geographies.
- Ability to identify high risk situations and provide appropriate guidance, including the ability to make courageous and unpopular decisions.
- Ability to make an impact and influence at all levels of employee and management groups, including executive leaders, to implement compliance program initiatives.
- Strong ability to influence across functions and Operating Units to negotiate and gain cooperation on operational issues and internal divergent objectives
- Demonstrated results orientation (driving to deadlines, financial targets, project goals, etc.)
- Proven execution under pressure and ability to maintain positive, enthusiastic attitude.
- Demonstrated ability to work on multiple competing priorities simultaneously.
- Demonstrated ability to work across a matrixed or virtual organization and still meet objectives
- Experience and demonstrated ability to present to a variety of audiences including the ability to translate technical information
- Exceptional interpersonal, oral, presentation, and written communication skills, including to senior leaders/executive audiences.
Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.
We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let’s work together to address universal healthcare needs and improve patients’ lives. Help us shape the future.
Physical Job Requirements
The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position.
The physical demands described within the Day in the Life section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Application Submission Information: