Executive Director, Global Privacy

Revolution Medicines is a clinical-stage precision oncology company focused on developing novel targeted therapies to inhibit frontier targets in RAS-addicted cancers.  The company’s R&D pipeline comprises RAS(ON) Inhibitors designed to suppress diverse oncogenic variants of RAS proteins, and RAS Companion Inhibitors for use in combination treatment strategies. As a new member of the Revolution Medicines team, you will join other outstanding Revolutionaries in a tireless commitment to patients with cancers harboring mutations in the RAS signaling pathway.

The Opportunity:

RevMed is seeking an experienced privacy executive to support RevMed’s business.  The Executive Director, Global Privacy will lead the strategy, development, and execution of the company’s Privacy Program, ensuring all activities are conducted ethically and in accordance with applicable laws, regulations, and industry codes. This attorney will be instrumental in shaping and sustaining a culture of integrity as the company advances and commercializes its oncology pipeline.

The Executive Director, Global Privacy is a senior leader responsible for driving the organization’s global privacy strategy, governance, and compliance framework. This role ensures that all business activities involving personal data are conducted ethically and in compliance with applicable international laws, regulations, and industry standards.

Reporting to the Vice President, Compliance, this role serves as a key advisor to the General Counsel (GC) and other senior executives on global privacy, data protection, and responsible data use, while fostering a culture of privacy-by-design across all business functions worldwide. Key responsibilities include:

Strategic Leadership & Governance

• Lead the development and execution of a comprehensive global privacy strategy aligned with business objectives and the broader compliance program.

• Serve as a senior advisor to the General Counsel (GC) and other senior executives on global privacy risks, regulatory developments, and data governance.

• Establish and maintain enterprise-wide global privacy governance frameworks, policies, and standards.

• Design the Global Privacy team structure and operating model leveraging both regional and global resources, support design and implementation of technology-enabled systems and processes for regional adaptation where appropriate and recruit a high-performing team.

• Provide regular updates to the General Counsel and other senior executives on global privacy program performance, risks, and mitigation strategies.

Global Privacy Program Management

• Design, implement, and continuously enhance a global privacy program aligned with international laws and best practices.

• Ensure alignment of the privacy program with the company’s overall compliance framework and enterprise risk management approach.

• Ensure compliance with global privacy and data protection regulations, including GDPR, UK GDPR, HIPAA, CCPA/CPRA, and other applicable international and local laws.

• Oversee Data Privacy Impact Assessments (DPIAs), cross-border data transfer mechanisms, and global risk assessments.

• Monitor and report on privacy metrics, trends, and program effectiveness across regions.

Clinical and Commercialization Data-Driven Activities

• Serve as the primary privacy lead for all clinical trial-related activities, including data collected from clinical sites, investigators, and patients.

• Partner with R&D and clinical teams to ensure compliant handling of sensitive clinical and health data.

• Collaborate with Commercialization teams to advise on processes, controls, and risks related to data-driven activities, including analytics, digital initiatives, and commercialization strategies.

Operational Integration

• Embed privacy-by-design and privacy-by-default principles into systems, products, and business processes globally.

• Partner cross-functionally with Compliance, Legal, IT Security, R&D, HR, and Commercial teams across regions.

• Support global initiatives involving sensitive data, including clinical, digital, and analytics-driven programs.

• Work closely with HR and Information Security (IS) to address employee and internal data privacy matters, including monitoring, investigations, and governance of workforce data.

Risk Management, Investigations & Incident Response

• Lead or oversee global privacy incident response, including breach assessment, notification, and remediation across jurisdictions.

• Lead and/or oversee privacy-related investigations, including internal reviews and regulatory-driven inquiries.

• Collaborate with Compliance and Information Security to ensure consistent global controls and preparedness.

• Identify, assess, and mitigate global privacy risks in alignment with enterprise risk management priorities.

Regulatory & External Engagement, Third-party & Contractual Oversight

• Serve as a key point of contact for global data protection authorities and regulators, in coordination with Compliance and Legal.

• Support global regulatory inquiries, audits, and inspections related to privacy.

• Oversee global privacy due diligence and risk management for third-party vendors and partners.

• Own and maintain privacy-related standards across the organization, including templates and playbooks.

• Review, negotiate, or oversee negotiation of privacy and data protection terms in contracts, including data processing agreements (DPAs), standard contractual clauses (SCCs), and related provisions.

• Ensure consistent and appropriate privacy language across all contractual forms and third-party engagements.

Training, Culture & Awareness

• Develop and deliver global privacy training and awareness programs aligned with compliance initiatives.

• Promote a culture of privacy, ethics, and accountability across all geographies.

• Partner with Compliance to integrate privacy into Code of Conduct, global policies, and enterprise training programs.

Required Skills, Experience and Education:

• Juris Doctor (JD); active bar membership a plus.

• Privacy certifications (e.g., CIPP/E, CIPP/US, CIPM, CIPT).

• 15+ years of experience in privacy, data protection, legal, compliance, or risk management

• Significant experience managing or leading global privacy programs in multi-jurisdictional environments.

• Experience in regulated industries (e.g., biotech, pharmaceutical, healthcare, or technology) preferred.

• Deep knowledge of global privacy regulations and frameworks (e.g., GDPR, UK GDPR, HIPAA, CCPA/CPRA, and other international laws).

• Experience with cross-border data transfers, data localization requirements, and global data governance.

• Strong understanding of privacy risk assessments, data lifecycle management, and compliance program integration.

• Familiarity with emerging areas such as AI/ML governance, digital health, and global data strategy.

• Ability to influence senior leadership and drive global, cross-functional initiatives.

• Strong strategic thinking with practical, business-oriented judgment.

• Excellent communication and stakeholder management skills across diverse geographies.

• Proven ability to lead teams and operate effectively in a matrixed, global organization.

• Strong organizational and project management capabilities. 

  #LI-Hybrid  #LI-YG1