Data Privacy Operations & Assurance Associate Director

Job Description

General Summary:

• Program Management & Compliance: Develop and mature processes and procedures to maintain compliance with the Global Data Privacy Policy and applicable data protection laws, regulations, and guidelines.
• Training & Awareness: Develop and review content for training materials, guidance documents, and communications to increase employee understanding of privacy policies, data handling practices, legal obligations, and best practices.
• Process Ownership: Serve as the primary owner for the design and maintenance of the Data Inventory, Triage, Assessment, and Data Protection Impact Assessment (DPIA) processes.
• Risk Assessment & Mitigation: Perform regular privacy assessments of low and medium-risk business processes, providing practical and timely advice to internal clients to ensure compliance while protecting the company’s integrity and reputation.
• Stakeholder Collaboration: Work with the network of "Super Users" and "Privacy Champions" (individuals embedded in the business) through regular touchpoints, training, and strategic direction. Assist process owners and Super Users in completing data inventories and DPIAs, coordinating with the business and the global Data Protection Officer (DPO) to mitigate residual risks.
• Vendor Risk Management: Mature the vendor privacy and security risk management process with the Third Party Risk Management (TPRM) team to ensure vendors with access to personal data are appropriately vetted.
• Monitoring & Auditing: Support the monitoring and auditing plan for compliance with internal data protection policies and processes, coordinating with Internal Audit, the Office of Business Integrity and Ethics, or external auditors.
• Incident & Request Response: Support the process for responding to data subject requests and reports of potential data incidents (in coordination with Privacy Counsel and Litigation).
• Metrics & Reporting: Maintain and enhance privacy program metrics and reporting, driving the implementation and maintenance of appropriate reporting tools (e.g., Tableau).
• Privacy by Design (PbD): Coordinate with business units to embed privacy triggers within organizational processes, such as the Software Development Lifecycle (SDLC), to proactively integrate privacy across the organization.
• Technology & Tools: Work with the data technology & engineering team to identify and employ internal tools to strengthen operational processes and implement improved programmatic mitigations and controls.
• Regulatory Intelligence: Keep abreast of global privacy developments (e.g., EU guidance, US state laws, e-privacy developments) and proactively anticipate changes needed for the global privacy program.

• Bachelor's degree

• Typically requires 5 years of experience in Privacy Operations within the pharma or biotech industry inhouse or as an external advisor.
• Minimum 2 + yrs experience in life sciences across multiple jurisdictions.
• Strong working knowledge of data mapping technology (e.g., OneTrust or similar tool).
• Demonstrable program management skills, including strong organizational and multi-tasking abilities.
• Ability to prioritize workload and projects with minimal supervision.
• Demonstrated teamwork and collaboration skills.
• Exceptional written, oral, and presentation skills.

#LI-DB1

#HYBRID

Pay Range:

Disclosure Statement:

Flex Designation:

Flex Eligibility Status:

In this Hybrid-Eligible role, you can choose to be designated as: 
1.    Hybrid: work remotely up to two days per week; or select
2.    On-Site: work five days per week on-site with ad hoc flexibility.

Note: The Flex status for this position is subject to Vertex’s Policy on Flex @ Vertex Program and may be changed at any time. 

#LI-Hybrid
 

Company Information

Vertex is a global biotechnology company that invests in scientific innovation.

Vertex is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants without regard to a person's race, color, sex, gender identity or expression, age, religion, national origin, ancestry, ethnicity, disability, veteran status, genetic information, sexual orientation, marital status, or any characteristic protected under applicable law. Vertex is an E-Verify Employer in the United States. Vertex will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.

Any applicant requiring an accommodation in connection with the hiring process and/or to perform the essential functions of the position for which the applicant has applied should make a request to the recruiter or hiring manager, or contact Talent Acquisition at [email protected]