Director Privacy R&D and CPO at GSK

Job Purpose

A Director Privacy for R&D/CPO ensures compliance with global data protection laws like GDPR and HIPAA. They mitigate privacy risks and safeguard sensitive health data to ensure patient privacy right are respected and right avoid legal and reputational damage. The role fosters study participants trust by ensuring confidentiality and ethical data handling in research. They oversee data governance, ensuring secure and appropriate use of information. The Director provides strategic guidance in product development, partnerships, and mergers, integrating privacy into innovation. They lead training initiatives to build a privacy-conscious organizational culture across R&D and CPO. The role enhances security and supports digital health initiatives. Ultimately, it protects both the company and patient interests in a highly regulated sector.

The role will also have line management responsibilities. The job holder will report to the Head of Bioethics and CMO Oversight.

Key Responsibilities

• Develop and implement a strategy to ensure Privacy by Design into R&D & CPO processes. This includes completing new or adjusting existing privacy inventories and/or privacy risk assessments and developing and implementing mitigating controls.
• Oversee the privacy strategy to ensure timely create and review existing R&D & CPO privacy inventories and privacy impact assessments to identify gaps, assign appropriate actions, and track actions to completion.  Ensure new innovative areas are timely addressed and risk identified including adequate review of third-party global process relevant to the enterprise risk.
• Provide inventory and monitor R&D/CPO privacy gaps, risks and issues as well as developing adequate risk minimization measures, corrective and preventative actions.  Provide status updates to senior governance bodies such as R&D’s Risk Management and Compliance Board (RDCB) and Data Ethic and Governance Council as well as CPO related board.
• Support the design of privacy-related training for R&D & CPO staff to foster a privacy by design culture.
• Analyze and implement process changes required to enhance R&D/CPO Privacy framework.
• Maintain ongoing communication with relevant LOC stakeholders, Privacy Legal, Data Privacy Officer and enterprise risk ensuring continued alignment between global and local R&D/CPO Privacy processes.
• Coordinate efforts with the privacy lead needed to respond to Data Privacy Regulators in the event of Data Privacy Breaches. Monitor frequency and resolution of breach as well as implement remediation strategy to avoid recurrence. Coordinate with privacy lead responses to Individual Rights Management requests, ensuring engagement of the right R&D stakeholders in the information collection.
• Oversee and ensure adequate privacy expertise related to the data and human biological sample reuse (including adequate support to the DSAP panel).
• Create and maintain R&D/CPO’s approach to the GSK Privacy Enterprise Risk Plan and maintain ongoing communication with Privacy professionals in other GSK business areas as well as maintain the R&D/CPO privacy champion network.
• Provide Risk Management expertise and oversight for R&D/CPO Privacy covering all therapy areas and with global-regional-local span. 
• Cocreate with GSK Enterprise Risk Owner, R&D Enterprise Risk owner, and R&D Enterprise Risk Coordinator, and Risk Council Business members to define R&D’s risk strategy, appetite, the nature and scope of risk, and the approach to embed, assess and enhance the internal control framework maturity which encompasses Risk Management, Management Monitoring, Control Document(s), Training and Independent Business Monitoring.
• Lead the review of R&D/CPO risks and updates the Risk Register with the privacy leaders and, performs risk assessments related to control deficiencies, root cause analysis, after action reviews, process detailed reviews, etc.
• Ensure a sustainable, controlled, R&D/CPO enterprise risk management plan is in place and that decision making is applied in a consistent manner across similar issues. Ensure a mechanism of lessons learned is in place to share with privacy leads and community of parctise as appropriate stakeholders within the organization.
• Escalate any relevant risks to appropriate bodies within the organization - R&D RDCB (R&D Risk Management Compliance Board) and GSK boards (ROCC, ARC, CRC, Science Committee). Oversee the escalation process.
• Maintain up to date and in-depth knowledge of appropriate national and international regulatory legislation and guidelines; and the impact to business area processes and procedures. Additionally, ensure intelligence is utilized for continuous improvement of Internal Control Framework of business processes relevant to the enterprise risk.
• Educate, guide and influence GSK management and staff on best quality and compliance policy and practices, especially as they relate to areas of identified responsibility.
• Support the development, management, and implementation of processes, associated written standards and job aides specific to Privacy to support effective management of Regulatory Inspections and Issue Investigations across GSK R&D/CPO.

Why you?

Basic Qualifications:

We are looking for professionals with these required skills to achieve our goals:

• Expertise in essential regulation guidelines and medical governance policies and procedures applicable to R&D.
• Broad scientific/ pharmaceutical industry background with more than 10 years of experience in privacy EU and ex EU.
• Previous experience in implementing / embedding Privacy risk controls into a worldwide organization
• Proven success in developing and executing activities that improve the application of the internal control framework
• Good understanding of privacy regulatory framework
• Relevant experience in governance type activities with understanding of the R&D, medical, commercial and compliance functions.

Preferred Qualifications:

If you have the following characteristics, it would be a plus:

• Accreditation/qualification in Privacy
• Strong Bioethical mindset, and ability to evaluate complex cases.  Able to substantial and leverage various bioethical options in autonomy.
• Ability to incorporate strategy & organizational considerations and to operationalize them.
• Performance and results driven with Proven sense of urgency.
• Possesses excellent English language written and verbal communication skills in addition to proven negotiation skills.
• Excellent communication and presentations skills, ability to facilitate interfaces within an extended network including Senior Leaders and external experts, proven experience in negotiating and influencing at different levels of the organization.
• Ability to resolve problems with use of knowledge, information and networks in a flexible way and to be successful in a matrix environment.
• Self-motivated with the ability to work independently, to develop credibility with colleagues within and outside GSK.
• Act as a role model in line with GSK core values and behaviours.
• Comfortable to evolve in changing and challenging environment.
• Ability to set directions, lead and motivate a team to deliver in a changing and challenging environment. Mentoring and coaching of staff to manage performance, motivation, talent and knowledge building.
• Risk management or business experience with Privacy