Executive Director, Privacy Law & Compliance

Role Summary

The Executive Director, Privacy Law and Compliance is responsible for leading the organization's global privacy strategy, governance, and compliance programs under the NextGen Privacy Program framework in partnership with Business Insights and Technology (BI&T). This role sits in the newly formed AI, Data and Privacy Law and Compliance department and ensures adherence to international data protection laws and internal standards while enabling responsible data use across all business units. The position requires strategic vision, operational excellence, and strong leadership to manage privacy risks, foster a culture of compliance and trust, and drive technology-enabled solutions for scalability.

Responsibilities

• Strategic Leadership
  Leads global privacy team. Define and execute the global privacy strategy aligned with corporate objectives and regulatory requirements. Serve as the primary advisor to senior leadership on privacy risks and emerging regulations.
• Governance & Compliance
  Oversee implementation of global privacy frameworks, including Binding Corporate Rules (BCRs) and GDPR compliance programs. Ensure harmonization of global privacy notices and standards across jurisdictions. Monitor changes in global privacy laws and assess their impact on pharmaceutical operations, ensuring timely updates to compliance strategies. Drive market-level privacy compliance by shaping strategies that align global frameworks with local regulatory landscapes, enabling operational agility and business continuity. In partnership with Data Governance Law and Compliance and BI&T, establish a global data transfer strategy that ensures compliance with evolving cross-border regulations while enabling secure, lawful, and efficient data flows to support business operations and innovation.
• Policy Development
  In partnership with BI&T, establish and maintain privacy policies, SOPs, and directives for personal data processing, sensitive data handling, and employee data protection.
• Risk Management & Audits
  Direct privacy impact assessments (DPIAs), audits, and remediation plans for high-risk data processing activities. Collaborate with internal audit, compliance, and Cybersecurity teams to monitor adherence to privacy obligations. Advise BI&T on notice obligations attendant to data breaches.
• Technology & Innovation
  In partnership with BI&T, advise on and develop technology platforms to aid the automation of privacy operations.
• Cross-Functional Collaboration
  Partner with AI Law & Compliance, Data Governance Law & Compliance, Digital Health Law & Compliance, BI&T, and business teams to integrate privacy into technology and product development. Act as liaison with regulators and industry bodies on privacy matters.
• Training & Awareness
  Partner with BI&T to develop and deliver global privacy training programs and awareness campaigns for employees and third parties. Promote a culture of accountability and ethical data use across the enterprise.

Qualifications

• Advanced degree in Law, Compliance, or related field.
• 15+ years of experience in privacy, data protection, or compliance, with global leadership exposure.
• Expertise in GDPR, CCPA, PIPL, and other international privacy regulations.
• Strong leadership, communication, and stakeholder engagement skills.
• Experience leveraging AI-enabled tools to enhance efficiency and impact.