Department: Legal & Compliance
Reports To: Assistant General Counsel
Juris Doctor from an accredited U.S. law school; admitted to at least one State Bar 5-10 years of relevant experience in the area of data privacy, security and data governance
We are seeking a sophisticated data privacy and security specialist to complement BeiGene’s growing internal Legal & Compliance team as we further our vision to develop and commercialize molecularly targeted and immuno-oncology cancer therapeutics. Reporting to the Assistant General Counsel, this position will be instrumental in providing strategic direction to support BeiGene’s compliance with existing and emerging global privacy and data protection laws and regulations.
- Develop and execute overall global privacy strategy and serve as the key privacyand resource for the Company.
- Design and establish a global privacy program, including processes for identifying, and inventorying and classifying relevant personal information contained in Company systems, conducting privacy impact and risk assessments, and establishing and/or updating privacy, security and information management policies and procedures.
- Ensure ongoing monitoring, auditing, and testing of the privacy program to confirm all facets are functioning as intended.
- Develop and implement a vendor management privacy program to ensure appropriate vetting and auditing of vendors and other business collaborators for compliance with Company-wide privacy requirements.
- Support and develop privacy liaisons in each region and/or key functions (e.g., HR, clinical operations) to support consistent privacy program adoption.
- Serve as resource to Legal contracting team to ensure appropriate privacy provisions and protections (e.g., data subject notices, data subject consents, data processorrequirements, etc.) are included in legal templates and properly negotiated. into relevant Company agreement templates
- Coordinate with IT and other business stakeholders to ensure existing and new Company programs, services and processes involving the processing of personal information comply with applicable privacy requirements.
- Develop global privacy training materials and other communications to increase employee understanding and awareness of privacy issues and conduct initial and on-going global privacy training.
- Maintain knowledge of and monitor developments in global privacyrequirements and best practices.
- Create and oversee internal policies and processes for the handling of privacy complaints, suspected data breaches, providing required breach notifications, and data subject information access and deletion requests.
- Where necessary or appropriate, participates in the representation of the Company before data protection authorities and other relevant regulators and agencies.
- In conjunction with IT, Legal and Compliance, HR, and where appropriate, outside legal counsel or consultants, manage investigations relating to the Company’s privacy and security programs.
- Respond to data subject inquiries and requests.
- Work with outside and internal legal counsel and other related internal functions to represent the Company’s interests with regulators regarding data privacy legislation, regulations, or standards.
- Ensure all data processing activities and/or databases are registered with the local privacy/data protection authorities where required.
- Coordinate with IT to further develop and refine BeiGene security programs.
- Review all system-related information security plans to ensure alignment between security and privacy practices.
- Report on a periodic basis regarding the status of the privacy program and privacy risks to senior management, the Board of Directors and other responsible committees.
Supervisory Responsibilities: This position does not have managerial responsibility or budgetary discretion.
Travel: Work related travel approximately 20-30%
Ethics – Treats people with respect; Inspires the trust of others; Works with integrity and ethically; Upholds organizational values.
Planning/Organizing – Prioritizes and plans work activities; Uses time efficiently. Completes administrative tasks correctly and on time. Follows instructions and responds to management direction.
Communication – Listens and gets clarification; Responds well to questions; Speaks clearly and persuasively in positive or negative situations. Writes clearly and informatively. Able to read and interpret written information.
Teamwork – Balances team and individual responsibilities; Gives and welcomes feedback; Contributes to building a positive team spirit; Puts success of team above own interests; Supports everyone’s efforts to succeed. Contributes to building a positive team spirit; Shares expertise with others.
Adaptability – Able to adapt to changes in the work environment. Manages competing demands. Changes approach or method to best fit the situation. Able to deal with frequent change, delays, or unexpected events.
Technical Skills – Assesses own strengths and development areas; Pursues training and opportunities for growth; Strives to continuously build knowledge and skills; Shares expertise with others.
Dependability – Follows instructions, responds to management direction; Takes responsibility for own actions; Keeps commitments; Commits to long hours of work when necessary to reach goals; Completes tasks on time or notifies appropriate person with an alternate plan.
Quality – Demonstrates accuracy and thoroughness; Looks for ways to improve and promote quality; Applies feedback to improve performance; Monitors own work to ensure quality.
Analytical – Synthesizes complex or diverse information; Collects and researches data; Uses intuition and experience to complement data.
Problem Solving – Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully.
Project Management – Communicates changes and progress; Completes projects on time and budget
- Proficiency in the Microsoft Office Suite, Outlook, Word, Excel, SharePoint
- Bachelor’s degree required. JD and lAPP Certifications such as CIPP/US, CIPP/ITand/or CIPP/M a strong asset.
- Deep understanding of global privacy and security laws, regulations and best practices, particularly the GDPR, HIPAA, and other national privacy laws in the U.S., Europe and China.
- Experience in the pharmaceutical or medical device industry and general familiarity with and strong understanding of pharmaceutical operations, core healthcare laws and regulations (e.g., Good Clinical Practice (GCP), Food Drug and Cosmetics Act).