Title: Director, Data Compliance and Privacy
Reports to: VP, Information Technologies
General Scope and Summary
Sage is looking for a talented and dedicated individual to provide direction and leadership for the protection and management of the company’s mission-critical data. The Director’s role is to coordinate the strategic planning, selection, implementation and support of the systems and processes that manage the retention and privacy of Sage’s information assets. The Director will assure that all internal information flows meet corporate data management, retention and privacy requirements, using industry best-practices, and will develop solutions that assure the company meets all global regulatory requirements for pharmaceutical and business data compliance.
Roles and Responsibilities
- Prepare a long-term plan for electronic records management and preservation, including standards and guidelines, based on business goals.
- Develop and implement policies and procedures for standardizing records management throughout the enterprise.
- Work with legal counsel to evaluate, and create strategies for complying with, established and emerging government regulations regarding records storage and maintenance.
- Develop and implement standards and guidelines for the acquisition and appropriate use of electronic records management tools and resources.
- Assess compatibility of electronic record formats with statutory regulations; propose changes where necessary.
- Ensure that authorized personnel or government agencies, as applicable to the situation, can rapidly and efficiently retrieve stored electronic records for examination.
- Formulate and execute plans for records retention and disposal, including business documents, financial statements, and any other collateral classified as a record of business transaction.
- Evaluate electronic records management tools and resources; make recommendations based on findings; track standards and technologies.
- Assist the senior management team in governance processes of the organization’s privacy strategies.
- Develop and communicate privacy policies, procedures, and plans to executive team, staff, partners, customers, and stakeholders.
- Implement policies, procedures, and associated plans for the maintenance of information privacy based on industry-standard best practices.
- Audit existing privacy practices across the organization, isolate potential risks or liabilities, and develop mitigation plans.
- Collaborate with the organization’s IT leader, security officer, human resources department, and legal counsel to ensure full legal compliance of company’s privacy policies, procedures, forms, notices, and materials.
- Devise and implement compliance monitoring of all business partners, associates, vendors, and service providers to ensure that privacy requirements are met.
- Prepare and deliver – or administrate deliverance of – privacy training and awareness to all staff members, contractors, interns, and consultants.
- Develop and implement a system for tracking, documenting, investigating, and acting on all complaints (internal or external) regarding the company’s privacy policies and/or practices.
- Advocate company’s privacy policies via regular written and in-person communications with company executives, department heads, and staff.
- Work closely with the IT department on corporate technology development to fully secure information and information-processing/gathering systems.
- Perform other duties as required.
Experience, Education and Specialized Knowledge and Skills
Must thrive working in a fast-paced, innovative environment while remaining flexible, proactive, resourceful and efficient. Excellent interpersonal skills, ability to develop important relationships with key stakeholders, good conflict management and negotiation skills, ability to analyze complex issues to develop relevant and realistic plans, programs and recommendations. Demonstrated ability to translate strategy into action; excellent analytical skills and an ability to communicate complex issues in a simple way and to orchestrate plans to resolve issues and mitigate risks.
- College diploma or university degree in the field of informatics, computer science or data management or equivalent work experience; Graduate Degree preferred.
- 8-plus years of records management experience in a commercial environment; direct experience in the life science industries preferred.
- Advanced knowledge of data retention and data privacy technologies, protocols, and discovery tools including SharePoint, Exchange, Box, etc.
- Working knowledge of data archiving, encryption, and reporting tools.
- Working knowledge of Federal, State, and FDA privacy and data retention regulations, both in the U.S., and in Europe.
- Experience in gathering, analyzing, and meeting business requirements.
- Understanding of basic project management principles.
- Thorough understanding of the organization’s goals and objectives.
- Excellent knowledge of applicable data privacy practices and laws.
- Excellent written, oral, and interpersonal communication skills.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed, with keen attention to detail.
- Good analytical and problem-solving abilities.
- Able to prioritize and execute tasks in a high-pressure environment.
- Very strong customer service orientation.
- Experience working in a team-oriented, collaborative environment.
- Embrace our core values: Put People First, Do Big, Be Accountable, Grow through Learning and Change, and Work Fun.
- Excitement about the vision and mission of Sage.