Director privacy R&D and CPO

A Director Privacy for R&D/CPO ensures compliance with global data protection laws like GDPR and HIPAA. They mitigate privacy risks and safeguard sensitive health data to ensure patient privacy rights are respected and to avoid legal and reputational damage. The role fosters study participants' trust by ensuring confidentiality and ethical data handling in research. They oversee data governance, ensuring secure and appropriate use of information. The Director provides strategic guidance in product development, partnerships, and mergers, integrating privacy into innovation. They lead training initiatives to build a privacy-conscious organizational culture across R&D and CPO. The role enhances security and supports digital health initiatives. Ultimately, it protects both the company and patient interests in a highly regulated sector. The role will also have line management responsibilities. The job holder will report to the Head of Bioethics and CMO Oversight.

Key Responsibilities

• Develop and implement a strategy to ensure Privacy by Design into R&D & CPO processes.
• Oversee the privacy strategy to ensure timely creation and review of existing R&D & CPO privacy inventories and privacy impact assessments.
• Provide inventory and monitor R&D/CPO privacy gaps, risks and issues.
• Support the design of privacy-related training for R&D & CPO staff.
• Analyze and implement process changes required to enhance R&D/CPO Privacy framework.
• Maintain ongoing communication with relevant stakeholders, Privacy Legal, Data Privacy Officer and enterprise risk.
• Coordinate efforts with the privacy lead needed to respond to Data Privacy Regulators in the event of Data Privacy Breaches.
• Oversee and ensure adequate privacy expertise related to data and human biological sample reuse.
• Create and maintain R&D/CPO’s approach to the GSK Privacy Enterprise Risk Plan.
• Provide Risk Management expertise and oversight for R&D/CPO Privacy.
• Lead the review of R&D/CPO risks and update the Risk Register.
• Ensure a sustainable, controlled, R&D/CPO enterprise risk management plan is in place.
• Escalate any relevant risks to appropriate bodies within the organization.
• Maintain up to date knowledge of appropriate national and international regulatory legislation and guidelines.
• Educate, guide and influence GSK management and staff on best quality and compliance policy and practices.
• Support the development, management, and implementation of processes specific to Privacy.

Basic Qualifications:

• Expertise in essential regulation guidelines and medical governance policies applicable to R&D.
• Broad scientific/pharmaceutical industry background with more than 10 years of experience in privacy EU and ex EU.
• Previous experience in implementing Privacy risk controls into a worldwide organization.
• Proven success in developing and executing activities that improve the application of the internal control framework.
• Good understanding of privacy regulatory framework.
• Relevant experience in governance type activities with understanding of R&D, medical, commercial and compliance functions.

Preferred Qualifications:

• Accreditation/qualification in Privacy.
• Strong Bioethical mindset, and ability to evaluate complex cases.
• Able to leverage various bioethical options autonomously.
• Performance and results driven with a proven sense of urgency.
• Excellent English language written and verbal communication skills.
• Ability to resolve problems flexibly and successfully in a matrix environment.
• Self-motivated with the ability to work independently.
• Act as a role model in line with GSK core values and behaviours.
• Comfortable to evolve in changing and challenging environments.
• Ability to set directions, lead and motivate a team.
• Risk management or business experience with Privacy.

If you have a disability and require assistance during the selection process, you will have the opportunity to let us know what specific assistance you require.

Why GSK?

GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how we deliver for patients, shareholders and our people.