Privacy Ops & Assurance Associate Director

Job Description

General Summary:

The individual in this position will provide strategic and solutions-oriented advice to a broad spectrum of internal clients on worldwide regulatory issues related to the processing of personal data including but not limited to the US State Privacy Laws Section 5 of the FTC Act CAN-SPAM EU General Data Protection Regulation (GDPR) and Canadian privacy laws. The role will also support the maturation of privacy-related policies notices and SOPs supporting the strategic direction for the global privacy program and related processes and training.

Key Duties and Responsibilities:

• Performing regular privacy assessments of new and existing business processes (including through data inventories and data protection impact assessments) providing practical and timely advice to internal clients to design business processes in compliance with applicable data protection requirements including those relating to data transfers while addressing risks and protecting the companys integrity and reputation.
• Acting as subject matter expert and internal escalation point for data protection issues in contracting including data processing agreements research collaborations and transactional agreements; continue to develop template materials for contracting and advise/train members of the legal department on handling privacy-related language in contracts.
• Working closely with our contracting teams to improve and streamline contracting processes and procedures related to data protection and security.
• Drafting privacy notices and consents for business processes across the organization and maintaining the organizations privacy and cookie notices on company websites
• Developing and reviewing content for privacy training materials and other communications to increase employee understanding of company privacy policies data handling practices and procedures and legal obligations as well as to ensure awareness of best practices on privacy and data security issues.
• Evaluating and responding to data subject requests (e.g. request for information clarifications rectification or deletion of personal data) and reports of potential data incidents. Supporting the monitoring
• Supporting the monitoring/auditing plan for compliance with internal data protection policies and processes and working with Internal Audit function Office of Business Integrity and Ethics or external auditors in carrying out audit plans.
• Keeping abreast of privacy developments affecting the company (e.g. evolving guidance out of the European Union California Privacy Act discussions of US privacy laws CAN-SPAM e-privacy and developments in Artificial Intelligence) and anticipating potential changes needed to global privacy program to meet new regulatory requirements.
• Participating in various Legal & Compliance Department projects and initiatives (e.g. Culture Diversity & Inclusion Committee Pro Bono & Community Engagement Committee Talent & Development Committee offsite planning strategic planning).

Knowledge and Skills:

• Consummate team player with excellent judgment and interpersonal skills.
• Demonstrable program management skills including strong organizational and multi-tasking abilities.
• Demonstrated teamwork and collaboration skills in particular in leading or contributing to global and multi-functional teams.
• Highly motivated to contribute and grow within a complex area of emerging importance.
• Demonstrable experience taking ownership of issues and providing timely actionable advice.
• Exceptional written oral and presentation skills.

Education and Experience:

• JD from an ABA accredited law school and member of a state bar or Masters degree highly preferred
• Minimum of 5 years experience providing privacy advice preferably to pharmaceutical biotechnology or medical device companies whether in-house or at a law firm OR experience in management of a corporate privacy program.
• Specific expertise required in statutes regulations and guidance concerning data protection throughout the US and Europe which could include GDPR and the ePrivacy Directive CCPA CPRA as well as other US privacy requirements (Section 5 of the FTC Act CAN SPAM state breach notification laws). Familiarity with data protection statutes and regulations in other areas of the world a bonus.
• CIPM CIPP/US or CIPP/EU certification(s) preferred but not required

#LI-DB1

#HYBRID

Pay Range:

Disclosure Statement:

The range provided is based on what we believe is a reasonable estimate for the base salary pay range for this job at the time of posting. This role is eligible for an annual bonus and annual equity awards. Some roles may also be eligible for overtime pay in accordance with federal and state requirements. Actual base salary pay will be based on a number of factors including skills competencies experience and other job-related factors permitted by law.

At Vertex our Total Rewards offerings also include inclusive market-leading benefits to meet our employees wherever they are in their career financial family and wellbeing journey while providing flexibility and resources to support their growth and aspirations. From medical dental and vision benefits to generous paid time off (including a week-long company shutdown in the Summer and the Winter) educational assistance programs including student loan repayment a generous commuting subsidy matching charitable donations 401(k) and so much more.

Flex Designation:

Flex Eligibility Status:

In this Hybrid-Eligible role you can choose to be designated as:
1. Hybrid : work remotely up to two days per week; or select
2. On-Site : work five days per week on-site with ad hoc flexibility.

Note: The Flex status for this position is subject to Vertexs Policy on Flex @ Vertex Program and may be changed at any time.

#LI-Hybrid

Company Information

Vertex is a global biotechnology company that invests in scientific innovation.

Vertex is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants without regard to a persons race color sex gender identity or expression age religion national origin ancestry ethnicity disability veteran status genetic information sexual orientation marital status or any characteristic protected under applicable law. Vertex is an E-Verify Employer in the United States. Vertex will make reasonable accommodations for qualified individuals with known disabilities in accordance with applicable law.

Any applicant requiring an accommodation in connection with the hiring process and/or to perform the essential functions of the position for which the applicant has applied should make a request to the recruiter or hiring manager or contact Talent Acquisition at

Required Experience:

Director