Careers that Change Lives
The Senior Manager, Data Protection and Privacy Program supports the Medtronic EMEA region (Europe, Middle East and Africa) Data Protection and Privacy Program Center of Excellence (“Global Program”) and manages EU located team members. This professional provides leadership and direct support for the development, implementation, and ongoing management of Medtronic’s Global Data Protection and Privacy Program activities for Medtronic’s EMEA region and EU data protection and privacy requirements.
A Day in the Life
Reporting to the Senior Director, Global Data Protection and Privacy Program, the Senior Manager actively engages and collaborates with privacy professionals within the Global Program; the EU Data Protection Official; partner functions such as legal, the Global Security Office, IT Architecture; business unit and regional leaders and personnel; and other key stakeholders to provide data protection and privacy expertise, direct support, and strong influence management for operational execution and compliance with EU based legal, regulatory and business data protection and privacy requirements and regional or country specific requirements. Significant focus will include support for operational compliance with the Global Data Protection Regulation (“GDPR”).
The Data Protection and Privacy team operates as a high functioning team within a relatively flat team structure. Members of this team are innovative, highly flexible; enthusiastic collaborators; results oriented and have strong ability to drive for results. In addition to these competencies, the successful candidate will have a strong ability to form productive relationships across and within all levels of the organization; to navigate highly matrixed business operations and accountabilities; a strong ability to influence without direct authority; ability to identify and address complex issues relating to business operations and legal/regulatory requirements; and a strong understanding of EU regulatory requirements for data protection and privacy.
The preferred location for this position is Heerlen, the Netherlands, although there is flexibility for locations that allow for easy travel to Heerlen in neighboring countries close to other Medtronic Offices including in the Netherlands, Belgium, France, UK, Ireland, Spain, or Switzerland. While not preferred, this position could be based in Minneapolis, Minnesota, USA at Medtronic Operation Headquarters where the Global Data Protection and Privacy Program team is located.
In close alignment with the Global Program standards and accountabilities, the Senior Manager collaborates with multiple partner functions and stakeholders across the organization to assess complex issues and identify appropriate business and operational solutions to address data protection and privacy requirements and risk.
In collaboration with the Global Program, this position supports the development and execution of standards and operations for effective data protection and privacy practices that meet legal and regulatory requirements for Medtronic’s EMEA/EU businesses. Key responsibilities include:
- Lead by example to model a culture of ethics and integrity; exercise sound judgment and courage as a trusted advisor to the business and to the team;
- In collaboration and alignment with the Global Program leadership, manages team and resources located in the EU.
- Provide in depth subject matter expertise for data protection and privacy program, legal, and regulatory requirements and as key resource for regional, business, partner functions, and other key stakeholders;
- Collaborate with the Global Program to develop and manage EMEA/EU data protection and privacy annual plan that aligns with and supports ongoing Program development/management and compliance with legal and regulatory data protection requirements;
- Collaborate with the Global Program team and key stakeholders to develop and implement regional or business level data protection and privacy policies, standards and procedures, as required. Ensure routine review and approvals through the Data Protection and Privacy Office when required;
- Provide subject matter expertise for development and implementation of role-based data protection and privacy training as required. Coordinate module review with the Program Office as necessary to confirm alignment of content and approach with the broader data protection and privacy training and awareness program;
- Design and deliver routine and ad hoc data protection and privacy EMEA region and EU Program and project status reporting for oversight and governance;
- Collaborate with business resources and key stakeholders on implementation of new legal and regulatory requirements relating to data protection and privacy impacting Medtronic EMEA businesses. Provide communication and guidance to regional and business leads personnel for implementation of identified requirements. Execute effectiveness testing for high risk implementation activities as appropriate;
- Develop and execute risk-based data protection and privacy operational compliance monitoring activities in collaboration and coordination with the organization's security, compliance, audit, risk management and other related corporate functions as appropriate;
- Collaborate with key stakeholders, including business leadership, to develop and implement global, regional or business unit corrective action for identified privacy incidents or breaches; provide routine remediation status reporting for management and governance oversight;
- Design and execute region or business level privacy assessments that results in program enhancement, mitigation and remediation activities as appropriate;
- As requested, conduct a broad range of privacy impact assessment (PIA) activities and/or business consulting for new product development, material changes to existing products, third party vendor privacy assessments and business consultation requests as required by the PIA standards and procedures;
- As appropriate, develop and support standards and processes for business access to EMEA and EU model data protection and privacy documents such as confidentiality notices, consents, authorization forms, contract language, business associate agreements and other related required documents; coordinate with the Global Program team for model document review, approval, maintenance and exception procedures for these types of privacy documents;
- In alignment with the Global Program team and in close collaboration with the Data Protection Official and other key stakeholders, provide subject matter expertise and support to develop, implement, validate and monitor GDPR and other EU regulatory requirements such as legitimate purpose, conditions for processing, appropriate use, international data transfers, storage, data subject rights, retention and destruction of data processes, and documentation requirements;
- Collaborate with Global Program leadership, legal and the business to confirm standards and processes for business response to data subject requests such as access, rectification, erasure, objection and portability as required by GDPR;
- Provide subject matter expertise and support for Medtronic local filings with, and notifications to, national DPAs within the European Union as applicable.
- Execute data protection and privacy efforts for the due diligence and integration of acquisitions within the businesses;
- Support budget planning, monitoring, and function metrics and reporting as requested;
- Provide subject matter expertise for the Global Data Protection and Privacy Program in development and implementation of core global Program elements as requested.
- Other responsibilities as assigned.
- Bachelor Degree
- 7-10 years of combined privacy/data protection and/or other relevant legal, IT, or Program Management experience with a bachelor’s degree or at least 5-8 years of similar experience with a master’s or advanced degree
- Requires 5+ years’ experience in managing and/or leading cross-functional teams
- Knowledge of and experience supporting business understanding and compliance with EU data protection and privacy laws and regulations
- Experience supporting a data protection, privacy, security, legal or equivalent function directly or indirectly for a large, regulated and matrixed organization
- Experience with business operations requirements identification and implementation
- Experience in supporting cross-functional teams
- Solid understanding of the Global Data Protection Regulation
- Experience managing professional staff, contractors, cross functional teams or equivalent.
Nice to haves
- Advanced degree
- Proven track record of successful and broad influence management
- Experience in the healthcare industry
- Experience directly or indirectly with compliance, privacy or similar function
- Experience supporting change management projects
- Strong knowledge of, and experience in program and project management
- Experience working with global and/or matrixed IT systems, services, operations or other related management environment
- Demonstrated cross-functional team execution skills
- Experience assessing and defining system specifications preferably in relation to compliance with data protection and privacy regulations
- Demonstrated advocate for proper data management systems
- Demonstrated experience building positive relationships with a variety of stakeholders, including with employees, clients, senior management, external parties/authorities and suppliers.
- Demonstrated results orientation (driving to deadlines, financial targets, project goals, etc.)
- Strong ability to work collaboratively and partner with employees, other leaders, clients, and vendors.
- Demonstrated ability to work across many levels of an organization, from VP to non-exempt staff
- Demonstrated ability to work across a matrixed or virtual organization and still meet objectives
- Demonstrated ability to manage multiple priorities simultaneously.
- Demonstrated ability to utilize excellent decision-making skills.
- Experience and demonstrated ability to present to a variety of audiences including the ability to translate technical information
- Lean Sigma or Six-Sigma training/experience
- Vendor management experience
- Familiarity with EU 95/46 and GDPR, Breach Notification laws, ISO and other standards bodies and international standards
Physical Job Requirements
- The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to use a computer and communicate with peers and co-workers.
- Travel 10%.
Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life.
We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.
We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team.
Let’s work together to address universal healthcare needs and improve patients’ lives. Help us shape the future.
Founded in 1949 as a medical repair company, we're now among the world's largest medical technology, services and solutions companies, employing more than 89,000 people worldwide, serving physicians, hospitals and patients in over 155 countries. With our European Operations Center for Distribution and Shared Services in Heerlen, the Bakken Research Center in Maastricht, our manufacturing facility in Kerkrade, and the Dutch sales office in Eindhoven, Medtronic Netherlands has more than 1,750 employees.
Whatever your specialty or ambitions, you can make a difference at Medtronic - both in the lives of others and your career. Join us in our commitment to take healthcare Further, Together.
Application Submission Information: