Chief Privacy Officer

Tarrytown, NY
Mar 22, 2019
Required Education
Masters Degree/MBA
Position Type
Full time
Known for its scientific and operational excellence, Regeneron is a leading science-based biopharmaceutical company that discovers, invents, develops, manufactures, and commercializes medicines for the treatment of serious medical conditions. Regeneron commercializes medicines for eye diseases, high LDL-cholesterol, atopic dermatitis and a rare inflammatory condition and has product candidates in development in other areas of high unmet medical need, including rheumatoid arthritis, asthma, pain, cancer and infectious diseases.


The Chief Privacy Officer ("CPO") will ensure full compliance with all applicable privacy laws and regulations globally. The CPO will lead the Company's Privacy Office and oversee all ongoing activities related to the development, implementation and maintenance of the Company's privacy program and policies in accordance with applicable laws. In particular, the CPO will provide strategic direction to the Company regarding existing and emerging privacy and data protection laws.


• Build and enhance a strategic and comprehensive privacy program, including appropriate policies and procedures, to enable consistent, effective data privacy practices, to minimize privacy risk and to ensure the confidentiality of personal data. Ensure privacy forms, policies, standards, and procedures are up-to-date and compliant with laws applicable to the organization.

• Working closely with the Chief Information Security Officer (CISO) and Chief Compliance Officer (CCO) and other individuals with privacy and data handling responsibilities in the organization to set strategy, and develop global and regional approaches to complex privacy matters involving systems, data handling and data processing activities.

• Work with senior management and the CCO to establish governance for the privacy program.

• Collaborate with the Information Technology (IT) department to ensure alignment between security and privacy compliance programs including policies, practices, and investigations.

• Establish, with the IT department, systems to track, investigate and report inappropriate or unauthorized access, loss or disclosure of personal data.

• Collaborate with the Company's business development/transactions and contracting teams to address data privacy issues with third parties.

• Maintain and periodically update the Company's data processing documentation including privacy risk assessments/analysis, mitigation and remediation.

• Cooperate and collaborate with the Company's compliance monitoring team in connection with periodic compliance and operational assessment of the Company's privacy program.

• Oversee and develop ongoing privacy training and communications to ensure that the Company's employees understand how to comply with applicable privacy laws.

• Where necessary or appropriate, represent the Company before data protection authorities and other relevant regulators and agencies.

• Manage all required breach determination and notification processes under laws applicable to the organization.

• Serve as the Company's data privacy resource and expert regarding sharing of personal information and for all privacy related issues/activities.

• In collaboration with the Compliance Department's investigations team, establish and administer a process for investigating and acting on privacy and security complaints and potential violations of the Company's privacy policies.

• Initiate, facilitate and promote activities to foster data privacy awareness within the organization and related entities.

• Must be knowledgeable of applicable global data privacy and security laws including federal, state and international privacy laws such as the GDPR.

• Monitor advancements in information privacy technologies to ensure organizational adaptation of beneficial emerging technologies.

• Work with the Legal and Compliance Departments, government affairs, and other related internal functions to represent the Company's interests with regulators regarding data privacy legislation, regulations, or standards.

• Manage and Chair the Company's Privacy Steering Committee and report on a periodic basis regarding the status of the Company's privacy program and privacy risks to senior management.


• Law degree and/or Masters degree in regulatory/healthcare compliance preferred

• At least 12+ years' experience in the legal / privacy profession, including time in or advising pharmaceutical companies on healthcare privacy related activities

• In-depth knowledge of global privacy laws related to the pharmaceutical industry and genetics

• In-depth knowledge of legal, regulatory, compliance and business environment for the pharmaceutical industry

• Experience with building and implementing a global privacy program

• Experience dealing with European entities and data protection authorities

• Demonstrated ability to work collaboratively within an organization and with all levels of the workforce

• Excellent oral and written communication skills

This is an opportunity to join our select team that is already leading the way in the Pharmaceutical/Biotech industry. Apply today and learn more about Regeneron's unwavering commitment to combining good science & good business.

To all agencies: Please, no phone calls or emails to any employee of Regeneron about this opening. All resumes submitted by search firms/employment agencies to any employee at Regeneron via-email, the internet or in any form and/or method will be deemed the sole property of Regeneron, unless such search firms/employment agencies were engaged by Regeneron for this position and a valid agreement with Regeneron is in place. In the event a candidate who was submitted outside of the Regeneron agency engagement process is hired, no fee or payment of any kind will be paid #LI-RE1

Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability status, protected veteran status, or any other characteristic protected by law.