Director privacy R&D and CPO

A Director Privacy for R&D / CPO ensures compliance with global data protection laws like GDPR and HIPAA. They mitigate privacy risks and safeguard sensitive health data to ensure patient privacy rights are respected and avoid legal and reputational damage. The role fosters study participants' trust by ensuring confidentiality and ethical data handling in research. They oversee data governance, ensuring secure and appropriate use of information. The Director provides strategic guidance in product development, partnerships, and mergers, integrating privacy into innovation. They lead training initiatives to build a privacy-conscious organisational culture across R&D and CPO. The role enhances security and supports digital health initiatives. Ultimately, it protects both the company and patient interests in a highly regulated sector. The role will also have line management responsibilities. The job holder will report to the Head of Bioethics and CMO Oversight.

Key Responsibilities

• Develop and implement a strategy to ensure Privacy by Design into R&D & CPO processes.
• Oversee the privacy strategy to ensure timely creation and review of existing R&D & CPO privacy inventories and privacy impact assessments to identify gaps, assign appropriate actions, and track actions to completion.
• Ensure new innovative areas are timely addressed and risks identified including adequate review of third-party global processes relevant to the enterprise risk.
• Provide inventory and monitor R&D / CPO privacy gaps, risks and issues as well as developing adequate risk minimisation measures, corrective and preventative actions.
• Provide status updates to senior governance bodies such as R&D’s Risk Management and Compliance Board (RDCB) and Data Ethic and Governance Council as well as CPO related board.
• Support the design of privacy-related training for R&D & CPO staff to foster a privacy by design culture.
• Analyze and implement process changes required to enhance R&D / CPO Privacy framework.
• Maintain ongoing communication with relevant LOC stakeholders, Privacy Legal, Data Privacy Officer and enterprise risk ensuring continued alignment between global and local R&D / CPO Privacy processes.
• Coordinate efforts with the privacy lead needed to respond to Data Privacy Regulators in the event of Data Privacy Breaches.
• Monitor frequency and resolution of breaches as well as implement remediation strategies to avoid recurrence.
• Coordinate with privacy lead responses to Individual Rights Management requests, ensuring engagement of the right R&D stakeholders in the information collection.
• Oversee and ensure adequate privacy expertise related to the data and human biological sample reuse.
• Create and maintain R&D / CPO’s approach to the GSK Privacy Enterprise Risk Plan and maintain ongoing communication with Privacy professionals in other GSK business areas.
• Provide Risk Management expertise and oversight for R&D / CPO Privacy covering all therapy areas and with global-regional-local span.
• Co-create with GSK Enterprise Risk Owner, R&D Enterprise Risk owner, and R&D Enterprise Risk Coordinator, and Risk Council Business members to define R&D’s risk strategy, appetite, the nature and scope of risk, and the approach to embed, assess and enhance the internal control framework maturity.
• Lead the review of R&D / CPO risks and update the Risk Register with the privacy leaders, performing risk assessments related to control deficiencies, root cause analysis, after action reviews, process detailed reviews, etc.
• Ensure a sustainable, controlled, R&D / CPO enterprise risk management plan is in place and that decision making is applied consistently across similar issues.
• Ensure a mechanism of lessons learned is in place to share with privacy leads and community of practice as appropriate stakeholders within the organisation.
• Escalate any relevant risks to appropriate bodies within the organisation.
• Maintain up to date and in-depth knowledge of appropriate national and international regulatory legislation and guidelines; and the impact on business area processes and procedures.
• Educate, guide and influence GSK management and staff on best quality and compliance policy and practices, especially as they relate to areas of identified responsibility.
• Support the development, management, and implementation of processes, associated written standards and job aides specific to Privacy to support effective management of Regulatory Inspections and Issue Investigations across GSK R&D / CPO.

Basic Qualifications

We are looking for professionals with these required skills to achieve our goals:

• Expertise in essential regulation guidelines and medical governance policies and procedures applicable to R&D.
• Broad scientific / pharmaceutical industry background with more than 10 years of experience in privacy EU and ex EU.
• Previous experience in implementing / embedding Privacy risk controls into a worldwide organisation.
• Proven success in developing and executing activities that improve the application of the internal control framework.
• Good understanding of privacy regulatory framework.
• Relevant experience in governance type activities with understanding of the R&D, medical, commercial and compliance functions.

Preferred Qualifications

If you have the following characteristics, it would be a plus:

• Accreditation / qualification in Privacy.
• Strong Bioethical mindset, and ability to evaluate complex cases.
• Able to substantiate and leverage various bioethical options autonomously.
• Ability to incorporate strategy & organisational considerations and to operationalise them.
• Performance and results driven with proven sense of urgency.
• Excellent English language written and verbal communication skills in addition to proven negotiation skills.
• Excellent communication and presentation skills, ability to facilitate interfaces within an extended network including Senior Leaders and external experts.
• Ability to resolve problems using knowledge, information and networks flexibly and to be successful in a matrix environment.
• Self-motivated with the ability to work independently, to develop credibility with colleagues within and outside GSK.
• Act as a role model in line with GSK core values and behaviours.
• Comfortable evolving in a changing and challenging environment.
• Ability to set directions, lead and motivate a team to deliver in a changing and challenging environment.
• Mentoring and coaching of staff to manage performance, motivation, talent and knowledge building.
• Risk management or business experience with Privacy.

If you have a disability and require assistance during the course of the selection process, you will have the opportunity to let us know what specific assistance you require in order to make suitable arrangements.

Why GSK?

Uniting science, technology and talent to get ahead of disease together. GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive. We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases – to impact health at scale. People and patients around the world count on the medicines and vaccines we make, so we’re committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people.