Main responsibilities
The Senior Privacy manager of RD, Johnson Johnson Innovative Medicine CHINA is responsible for implementing and monitoring the privacy compliance program for all RD activities in China, identifying privacy risks and developing policies and procedures, training, and controls to ensure RD is operating in compliance with applicable privacy laws as well as JJ policies and privacy framework.
In this role, the senior privacy manager will have the opportunity to actively support and shape all projects related activities of RD in China that involve privacy considerations, including providing advice on any questions related to Privacy to Business stakeholders and key functional partners.
In this position, the individual shall act as the personal information protection officer of RD, Johnson Johnson Innovative Medicine in China and represent RD legal entities in China towards the authorities in the event of data breach notification, investigations, and controls.
The position will have a direct line of reporting to the China Privacy Director.
Core Responsibilities include:
• Deploy local Privacy Compliance Program adapted to specific China privacy regulations and RD sector needs. Ensures company compliance with China applicable privacy and cybersecurity laws, as well as all applicable Johnson and Johnson privacy and data protection policies and procedures. Align with related stakeholders. Advises executive and senior management team of their responsibilities and obligations and helps them develop a culture of compliance.
• Appointment and responsibility towards the authorities as the Personal Information protection officer of RD in charge of implementing, maintaining and monitoring the privacy compliance program for RD.
• Handles Data subject access requests and response process in RD.
• Incidents, breaches and enforcement: Processes complaints and implements remediations related to personal information processing and leakages.
• Notifies and reports to local authorities’ data breaches in a timely manner, acts as point of contact towards the authorities for RD in case of investigation and control.
• Partner with Information Security team to establish internal control systems that prevents leakage, abuse, misuse of personal information and protects the confidentiality of personal information files.
• Provide Daily base business privacy support for RD projects
• Review projects involving collection of PI by JNJ with project owner: e.g Mobiles apps, digital assets, new educational platforms, digital engagement initiatives for HCPs, social media engagement, creation of CRM data base, data analytics initiatives.
• Review data classification, compliance analysis, participate in internal compliance review processes with copy review of necessary stakeholders before digital asset launch.
• Drafting necessary privacy notices, policies and consents, disclaimers, reflecting these requirements as part of the IT architecture of the system with support of JJT
• Contract review: Collaborates with procurement team to manage risks with third parties processing PI: review and negotiation of privacy exhibits and related contractual privacy provisions.
• Assists Law Dept and Procurement with regard to the review and recommendation of adequate Privacy language in contracts with hospitals, HCPs, third party service providers, patients (ICF) as well as necessary contractual schemes to implement ( data sharing, data processing agreement, inter affiliated agreements).
• Assists business process owners with documenting and preparing privacy impact assessments.
Develop local Training and Communication plan to LT and stakeholders,
• Prepare and issue Training plan adapted to RD China needs
• Participation in company’s sector compliance committee
• Participation at local level in global initiatives (e.g Internal privacy day)
In this role, the Senior Privacy manager liaises with:
- Representatives from business process owners who collect or process personal information
- Global Privacy Team
- key functional partners, like
a) the Law Department, to assess risks related to new laws and regulations, assess responsibilities and obligations of partners, third parties, HCPs when conducting contract review
b) IT Security including information security, to ensure adequate security and access controls on systems that process personal information and to partner on an adequate response to security incidents with a Privacy impact
c) company’s responsible person for Records and Information Management, on issues pertaining to retention and purging of records that contain personal information
d) Healthcare Compliance, to ensure a Privacy program that fits into the overall compliance program roll out for the company
e) Corporate internal audit function to support the engagement and regularly assess the personal information processing and make improvements
f) GA P, to support in monitoring and shaping new privacy regulations in alignment with JJ position.
Main responsibilities
The Senior Privacy manager of RD, Johnson Johnson Innovative Medicine CHINA is responsible for implementing and monitoring the privacy compliance program for all RD activities in China, identifying privacy risks and developing policies and procedures, training, and controls to ensure RD is operating in compliance with applicable privacy laws as well as JJ policies and privacy framework.
In this role, the senior privacy manager will have the opportunity to actively support and shape all projects related activities of RD in China that involve privacy considerations, including providing advice on any questions related to Privacy to Business stakeholders and key functional partners.
In this position, the individual shall act as the personal information protection officer of RD, Johnson Johnson Innovative Medicine in China and represent RD legal entities in China towards the authorities in the event of data breach notification, investigations, and controls.
The position will have a direct line of reporting to the China Privacy Director.
Core Responsibilities include:
• Deploy local Privacy Compliance Program adapted to specific China privacy regulations and RD sector needs. Ensures company compliance with China applicable privacy and cybersecurity laws, as well as all applicable Johnson and Johnson privacy and data protection policies and procedures. Align with related stakeholders. Advises executive and senior management team of their responsibilities and obligations and helps them develop a culture of compliance.
• Appointment and responsibility towards the authorities as the Personal Information protection officer of RD in charge of implementing, maintaining and monitoring the privacy compliance program for RD.
• Handles Data subject access requests and response process in RD.
• Incidents, breaches and enforcement: Processes complaints and implements remediations related to personal information processing and leakages.
• Notifies and reports to local authorities’ data breaches in a timely manner, acts as point of contact towards the authorities for RD in case of investigation and control.
• Partner with Information Security team to establish internal control systems that prevents leakage, abuse, misuse of personal information and protects the confidentiality of personal information files.
• Provide Daily base business privacy support for RD projects
• Review projects involving collection of PI by JNJ with project owner: e.g Mobiles apps, digital assets, new educational platforms, digital engagement initiatives for HCPs, social media engagement, creation of CRM data base, data analytics initiatives.
• Review data classification, compliance analysis, participate in internal compliance review processes with copy review of necessary stakeholders before digital asset launch.
• Drafting necessary privacy notices, policies and consents, disclaimers, reflecting these requirements as part of the IT architecture of the system with support of JJT
• Contract review: Collaborates with procurement team to manage risks with third parties processing PI: review and negotiation of privacy exhibits and related contractual privacy provisions.
• Assists Law Dept and Procurement with regard to the review and recommendation of adequate Privacy language in contracts with hospitals, HCPs, third party service providers, patients (ICF) as well as necessary contractual schemes to implement ( data sharing, data processing agreement, inter affiliated agreements).
• Assists business process owners with documenting and preparing privacy impact assessments.
Develop local Training and Communication plan to LT and stakeholders,
• Prepare and issue Training plan adapted to RD China needs
• Participation in company’s sector compliance committee
• Participation at local level in global initiatives (e.g Internal privacy day)
In this role, the Senior Privacy manager liaises with:
- Representatives from business process owners who collect or process personal information
- Global Privacy Team
- key functional partners, like
a) the Law Department, to assess risks related to new laws and regulations, assess responsibilities and obligations of partners, third parties, HCPs when conducting contract review
b) IT Security including information security, to ensure adequate security and access controls on systems that process personal information and to partner on an adequate response to security incidents with a Privacy impact
c) company’s responsible person for Records and Information Management, on issues pertaining to retention and purging of records that contain personal information
d) Healthcare Compliance, to ensure a Privacy program that fits into the overall compliance program roll out for the company
e) Corporate internal audit function to support the engagement and regularly assess the personal information processing and make improvements
f) GA P, to support in monitoring and shaping new privacy regulations in alignment with JJ position.
Requirements
• 8 to 10 years’ experience working in privacy program management, internal audit, legal, compliance with healthcare industry background preferred.
• Strong interpersonal, verbal and written communication and leadership skills.
• Functional understanding and expertise of applicable Privacy laws and regulations.
• Experience with developing privacy policies and procedures.
• Demonstrates excellent business judgment, ability to make decisions, and pragmatic approach to problem solving.
• Project Management skills, experience in rolling out compliance programs.
• Ability to establish relationships and communicate with all levels of JJ organization, external third parties, and to collaborate effectively with cross-functional teams across the enterprise.
• Chinese native, English Fluency required
Requirements
• 8 to 10 years’ experience working in privacy program management, internal audit, legal, compliance with healthcare industry background preferred.
• Strong interpersonal, verbal and written communication and leadership skills.
• Functional understanding and expertise of applicable Privacy laws and regulations.
• Experience with developing privacy policies and procedures.
• Demonstrates excellent business judgment, ability to make decisions, and pragmatic approach to problem solving.
• Project Management skills, experience in rolling out compliance programs.
• Ability to establish relationships and communicate with all levels of JJ organization, external third parties, and to collaborate effectively with cross-functional teams across the enterprise.
• Chinese native, English Fluency required