Chief Privacy Officer Jobs (NOW HIRING)

At Johnson & Johnson,we believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented, treated, and cured,where treatments are smarter and less invasive, andsolutions are personal.Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.Learn more at jnj.com

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Legal & Compliance

Job Sub Function:

Enterprise Compliance

Job Category:

People Leader

All Job Posting Locations:

New Jersey (Any City), Pennsylvania (Any City), Raynham, Massachusetts, United States of America

Job Description:

DePuy Synthes is recruiting for a VP, Chief Privacy Officer, located in Raynham, MA, Raritan, NJ, Westchester, PA; Ireland or Switzerland.

Johnson & Johnson announced plans to separate our Orthopaedics business toestablisha standalone orthopaedics company,operatingas DePuy Synthes. The process of the planned separation isanticipatedto be completed within 18 to24 months, subject to legal requirements, including consultation with works councils and other employee representative bodies, as may berequired, regulatory approvals and other customary conditions and approvals. Should you accept this position, it isanticipatedthat, following conclusion of the transaction, you would be an employee of DePuySynthes,and your employment would be governed by DePuy Synthes employment processes, programs, policies, and benefit plans. In that case, details of any planned changes would be provided to you by DePuy Synthes atan appropriate timeand subject to any necessary consultation processes.

Please note that this role is available across multiple countries and may be posted under different requisition numbers to comply with local requirements. While you are welcome to apply to any or all of the postings, we recommend focusing on the specific country(s) that align with your preferred location(s):

Ireland - Requisition Number: R-077642

Switzerland - Requisition Number: R-077678

Remember, whether you apply to one or all of these requisition numbers, your applications will be considered as a single submission.

About DePuy Synthes

DePuy Synthes is a global leader in Orthopaedics, advancing patient care through innovative solutions across joint reconstruction, trauma, spine, sports medicine, and related surgical technologies. As DePuy Synthes separates from Johnson & Johnson to become the world's largest, most comprehensive Orthopaedics-focused company, the organization is entering a defining chapter-establishingits own corporate identity, voice, culture, and reputation while continuing to serve patients, customers, and healthcare systems around the world.

The VP, Chief Privacy Officer (CPO) provides enterprisewide leadership for privacy strategy, governance, and compliance across DePuy Synthes. This role plays a critical part in protecting patient, customer, employee, and business data while enabling innovation and growth in a highly regulated global healthcare environment. The CPO partners closely with Legal, IT, Cybersecurity, R&D, Commercial, and Operations leaders to embed privacybydesign principles into products, systems, marketing and other business processes. This is a highimpact leadership role with direct influence on trust, reputation, and regulatory readiness as DePuy Synthes operates as a standalone company.

Key Responsibilities

Set and execute the global privacy strategy, policies, and governance framework for DePuy Synthes.

Ensure compliance with global privacy, data protection and cybersecurity laws and regulations (including, e.g., GDPR, U.S. state privacy laws, digital product standards and laws and other applicable international requirements).

Serve as the primary executive leader for privacy risk management, including oversight of privacy impact assessments and mitigation plans.

Partner with Legal, R&D, Cybersecurity, and Technology teams to integrate privacybydesign and privacybydefault into systems, products, and digital initiatives.

Monitor new and proposed privacy laws and regulations and provide strategic guidance to senior leaders and the Board on privacy risks, trends, and regulatory developments.

Lead and develop a global privacy organization, including talent development and succession planning, to operationalize privacy requirements and to promote a strong culture of privacy and data protection.

Oversee privacy contracting practices to ensure compliance with applicable laws, guidelines and best practices.

Direct the development and implementation of a company-wide privacy training program, including the institution and instruction of named privacy stewards in the relevant functions.

Together with Cybersecurity, oversee privacy incident response, investigations, and support regulatory interactions as needed.

Working together with Government Affairs, develop and maintain trusted relationships with data protection commissioners and government enforcement agencies and execute a strategy for impacting the evolving privacy laws affecting the company.

Qualifications

JD in the United States or in a European jurisdiction.

14+ years of progressive experience in privacy, data protection, cybersecurity, or related risk functions including in private practice or within a complex, global organization in a healthcare field (e.g., hospital system, medical device or medtech company, pharmaceutical industry).

Demonstrated expertise interpreting and applying global privacy regulations in a regulated industry, including GDPR and the U.S. federal and state privacy laws, including HIPAA, and relevant FDCA regulations.

Experience advising senior executives on privacy strategy and enterprise risk.

Demonstrated ability to build, operationalize, and improve processes and high-performing teams.

Proven ability to lead global, crossfunctional teams and influence without direct authority.

Strong strategic thinking, judgment, and decisionmaking capabilities.

Preferred:

Prior experience supporting or managing a data incident management and response process, including data subject and regulatory enforcement agency notifications.

Background partnering with information systems, cybersecurity, and digital technology teams.

Experience supporting business transformation or operatingmodel changes.

Degree in Information Systems, Master of Business Administration or Master of Public Policy a plus.

Other:

Travel: Up to 20%, domestic and international.

Language: Fluency in English required; additional languages a plus.

Certifications such as CIPP, CIPM, or equivalent preferred.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants' needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center (ra-employeehealthsup@its.jnj.com) or contact AskGS to be directed to your accommodation resource.

For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.

#DePuySynthesCareers

Required Skills:

Preferred Skills:

Audit and Compliance Trends, Compliance Frameworks, Compliance Management, Compliance Policies, Compliance Risk, Consulting, Controls Compliance, Corporate Compliance Helpline Administration, Developing Others, Fact-Based Decision Making, Inclusive Leadership, Leadership, Legal Function, Legal Services, Risk Management, Standard Operating Procedure (SOP), Tactical Planning

The anticipated base pay range for this position is :

$199,000.00 - $366,850.00

Additional Description for Pay Transparency:

Subject to the terms of their respective plans, employees are eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)).
This position is eligible to participate in the Company's long-term incentive program.
Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:
Vacation -120 hours per calendar year
Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado -48 hours per calendar year; for employees who reside in the State of Washington -56 hours per calendar year
Holiday pay, including Floating Holidays -13 days per calendar year
Work, Personal and Family Time - up to 40 hours per calendar year
Parental Leave - 480 hours within one year of the birth/adoption/foster care of a child
Bereavement Leave - 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
Caregiver Leave - 80 hours in a 52-week rolling period10 days
Volunteer Leave - 32 hours per calendar year
Military Spouse Time-Off - 80 hours per calendar year