Director, US Privacy

Job Description

Position Description:

Director, US Privacy

The Global Privacy Office (GPO) is part of the Ethics and Compliance Organization (ECO) and manages the Company's privacy program.

We are a diverse, international team which aims to create confidence in a changing world so that our organization is supported, and employees are empowered to innovate. We utilize our technical competencies and global experience to create an environment of effective and efficient privacy practices.

In the Privacy Office, we pride ourselves on our focused and collaborative approach. Throughout our privacy deployment processes, we continue to focus on what matters and listen to useful insights from our Privacy Stewards and Stakeholders. Through our continuous improvement approach and utilization of digital tools, we strive for greater effectiveness and efficiencies.

Key Responsibilities:

• Responsible for leading and overseeing the Global Privacy Program for the United States, including Human Health, Animal Health, and appropriate HQ-based marketing operations.
• Proactively works with U.S. Government Affairs and Legal to monitor and track the changing state and federal regulatory landscape and industry best practices.
• Ensure the U.S. Market remains ahead of the curve and compliant with U.S. privacy requirements by operationalizing the existing and new U.S. regulatory privacy landscape into a U.S. privacy compliance program.
• Updating contract provisions and privacy notices, helping the business develop privacy-compliant marketing tools, web applications, and initiatives, among others.
• As a GPO leader, provide program management and leadership to a global or regional privacy program or process, such as the oversight of the US data subjects request process and US support center response.
• Proactively represent Privacy and regularly engage with senior leadership teams and defined business stakeholders.
• Understands our Company's evolving business priorities and provides Privacy guidance, advice, and issue resolution for the Company's collection, use, handling and sharing of personally identifiable information.
• Reports to the Global Privacy Office with U.S. Human Heath Ethics & Compliance as a key stakeholder.
• Serves as a member of the Privacy & Data Protection Board and partners closely with senior colleagues in Ethics & Compliance, Legal, Procurement, IT Risk Management & Security, U.S. Government Affairs, and Internal Audit in upholding compliance to appropriate Company policies and standards, and mitigating risks and gaps identified for Privacy.
• Directly leads the U.S./HQ Privacy Steward Networks, including ongoing communications, training, organizing in-person meetings and uplifting of capabilities.
• Leads the Cookie Governance & Online Tracking Committee, advising the business on recent rulings, MarTech, data transfers, and other important privacy and technology issues.
• Responsible for engaging in the Incident Response Action Team and leading defined aspects of responsibility in the event of a crisis or data breach.
• Acts as a thought leader within and outside the Company on the topics of Privacy.
• Responsible for the leadership and change management associated with integrating the Company's Privacy Impact Assessment Process and Privacy by Design program into the US Human Health Promotion Review Process.

Location:

• Preferred location at the Upper Gwynedd, PA office, with an alternative location in our Rahway, NJ Office.

Travel:

• Travel for this role will be 25% or less but will include travel between our Company's facilities in Pennsylvania and New Jersey. There will be some travel for assigned internal and external engagements within the U.S., and may include limited travel for meetings outside the U.S.

Position Qualifications:

Education Minimum Requirement:

• Bachelors degree is required, with (ideally) a Juris Doctorate (i.e., a law degree) as well.

Required Experience and Skills:

• The candidate should have at least 5-7 years direct experience advising on privacy regulations, compliance, and data protection, with first-hand knowledge of the U.S. privacy system.
• Demonstrated knowledge and experience in U.S. privacy laws, including, but not limited to: CCPA, HIPAA, and recent U.S. privacy laws active in 2023 and thereafter.

Preferred Experience and Skills:

• Ideally, the candidate will have 5-7 years direct experience as an attorney with a focus on privacy and contracting.
• The candidate should have 5-10 years of relevant and related experience, including proven experience managing sophisticated, complex cross-organizational programs.
• Knowledge of business practices that involve the collection, use, and processing of personal information (PI), sensitive PI (SPI), and Protected Health Information (PHI).
• Experience creating and implementing policies and procedures to help the business govern its use and collection of personal information. The ability to operationalize compliance within a company, including working with IT, clinical operations, commercial operations, digital publishing, media and other functional teams.
• The candidate should be CIPP/US certified. If the candidate is not a Privacy professional (CIPP Certified), they must have experience that has included components of Privacy and a base understanding of the concepts - and be willing to become certified with time.
• Experience working with a diverse set of stakeholders while navigating a fast-paced environment during transformational and technological change.

NOTICE FOR INTERNAL APPLICANTS

In accordance with Managers' Policy - Job Posting and Employee Placement, all employees subject to this policy are required to have a minimum of twelve (12) months of service in current position prior to applying for open positions.

If you have been offered a separation benefits package, but have not yet reached your separation date and are offered a position within the salary and geographical parameters as set forth in the Summary Plan Description (SPD) of your separation package, then you are no longer eligible for your separation benefits package. To discuss in more detail, please contact your HRBP or Talent Acquisition Advisor.

#EBRG

Employees working in roles that the Company determines require routine collaboration with external stakeholders, such as customer-facing commercial, or research-based roles, will be expected to comply not only with Company policy but also with policies established by such external stakeholders (for example, a requirement to be vaccinated against COVID-19 in order to access a facility or meet with stakeholders). Please understand that, as permitted by applicable law, if you have not been vaccinated against COVID-19 and an essential function of your job is to call on external stakeholders who require vaccination to enter their premises or engage in face-to-face meetings, then your employment may pose an undue burden to business operations, in which case you may not be offered employment, or your employment could be terminated. Please also note that, where permitted by applicable law, the Company reserves the right to require COVID-19 vaccinations for positions, such as in Global Employee Health, where the Company determines in its discretion that the nature of the role presents an increased risk of disease transmission.

Current Employees apply HERE

Current Contingent Workers apply HERE

US and Puerto Rico Residents Only:

Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here if you need an accommodation during the application or hiring process.

For more information about personal rights under Equal Employment Opportunity, visit:

EEOC Know Your Rights

EEOC GINA Supplement

Pay Transparency Nondiscrimination

We are proud to be a company that embraces the value of bringing diverse, talented, and committed people together. The fastest way to breakthrough innovation is when diverse ideas come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another's thinking and approach problems collectively. We are an equal opportunity employer, committed to fostering an inclusive and diverse workplace.

U.S. Hybrid Work Model

Effective September 5,2023 our U.S. Hybrid work model will be as follows: 1. Three total days on site per week: Tuesday and Wednesday - plus one additional day of choice based on what works best for organizations and/or teams. 2. Fridays will formally be a remote-working day unless business critical tasks require onsite presence.

Under New York City, Colorado State, Washington State, and California State law, the Company is required to provide a reasonable estimate of the salary range for this job. Final determinations with respect to salary will take into account a number of factors, which may include, but not be limited to the primary work location and the chosen candidate's relevant skills, experience, and education.

Expected salary range:
$159,200.00 - $250,700.00

Available benefits include bonus eligibility, health care and other insurance benefits (for employee and family), retirement benefits, paid holidays, vacation, and sick days. For Washington State Jobs, a summary of benefits is listed here.

Learn more about your rights, including under California, Colorado and other US State Acts

Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:
Regular

Relocation:
No relocation

VISA Sponsorship:
No

Travel Requirements:
No Travel Required

Flexible Work Arrangements:
Hybrid

Shift:
1st - Day

Valid Driving License:
No

Hazardous Material(s):
N/A

Requisition ID:R250742