Data Protection Manager

For over 90 years, Topcon’s vision has been to solve societal challenges around the globe. In healthcare, we are developing innovations that improve patients’ health and quality of life. 

We empower eye care providers with advanced imaging, diagnostic solutions, and intelligent data technology. Our robotic devices deliver simplicity without compromise, by capturing clear images with the push of a button. 

By joining Topcon Healthcare, you become part of a growing, diverse, global team. With office locations throughout North America, whether you are on-site, remote, or hybrid, our culture empowers you to contribute to company and personal success each day. At Topcon Healthcare, you can grow your career, gain new perspectives, and help address society’s most pressing challenges.  If you have drive, passion, and a desire to be part of a collaborative team, we want to hear from you.

At Topcon Healthcare, we don’t wait for the future. We invent it. Join us.

Topcon is seeking a Data Protection Manager to lead the organization’s privacy and compliance efforts, ensuring adherence to global data protection laws and regulations. This role will drive privacy risk assessments, maintain data inventories, and oversee vendor/supplier privacy risk management. This role will interface with cross-functional teams to guide the implementation of privacy-by-design principles and respond to emerging privacy matters across the organization.

The position will be based at the Topcon Healthcare Innovation Center (THINC) in La Jolla, California, and will report to the Chief Compliance and Data Privacy Officer.

Key Responsibilities:

• Privacy Risk Assessment and Compliance: Conduct and oversee privacy risk assessments for products, services, and operations to ensure compliance with global data protection regulations (e.g., GDPR, HIPAA, CCPA).
• Data Inventory Management: Maintain and update the company’s data inventory and records of processing activities (RoPA) to ensure an accurate understanding of data flows.
• Vendor Privacy Oversight: Oversee vendor and supplier privacy due diligence, contract reviews, and ongoing monitoring to ensure compliance with privacy obligations.
• Guidance on Privacy by Design: Serve as the primary advisor to product and engineering teams, embedding privacy-by-design principles into product development and operations.
• AI Privacy Risk and Compliance: Develop policies and processes to identify and mitigate privacy risks associated with artificial intelligence, ensuring compliance with applicable regulations and supporting ethical use of AI in medical devices and cloud-based services.
• Regulatory and Customer Interaction: Respond to customer and regulatory inquiries related to privacy, providing clear and informed guidance.
• Collaboration with Security: Collaborate closely with the Director of Information Security to address overlapping risks related to privacy and security.
• Employee Training and Awareness: Develop and deliver privacy training programs for employees and relevant stakeholders to promote a culture of privacy compliance.
• Regulatory Monitoring and Reporting: Monitor developments in privacy laws and standards, ensuring the company remains compliant, and report regularly to the Chief Compliance and Data Privacy Officer on privacy risks, initiatives, and compliance gaps.

Required Skills and Experience:

• Educational Foundation or Equivalent Experience: A bachelor’s degree in a computer science, information systems, business administration, cybersecurity, public policy, or pre-law is preferred, but substantial professional experience in privacy or technology compliance roles will be considered.
• Relevant Experience: Demonstrated expertise in privacy laws and frameworks, including GDPR, HIPAA, and CCPA, with experience managing privacy risks in healthcare, biomedical, or technology industries.
• Industry Knowledge: Familiarity with privacy and security considerations for hardware (medical devices), software, and cloud services, including data inventory management and privacy risk assessments.
• Framework Proficiency: Strong knowledge of security frameworks and standards (ISO 27001, FedRAMP, HITRUST, NIST).
• Professional Certifications: Privacy certifications such as CIPP, CIPM, CIPT, AIGP, or equivalent are strongly preferred.
• Skills and Communication: Strong project management skills, the ability to build relationships with cross-functional teams, and the capacity to convey complex privacy concepts clearly and effectively.

Join Topcon Healthcare and THINC and be a part of a dynamic team that is driving innovation in the healthcare technology sector!

Base Pay:

Expected Base Pay Range: $110,000 to $130,000 Annualized

The base pay range included is a projected hiring range for a position, level and potential work location(s) listed.  Topcon provides the compensation range that it in good faith believes it might pay and/or offer for this position. This compensation range is based on a full-time schedule.   

Bonus eligible:

 In addition to base pay, compensation for this position includes eligibility for a 10% annual bonus.

Benefits*:

Topcon offers a comprehensive benefit package for this position including medical, dental, vision, life insurance, disability insurance, tax saving spending accounts a 401(k) plan with employer match, tuition reimbursement in addition to other perks and benefits.  We also offer time off for our employees to recharge.  Our employees are eligible for paid company holidays, paid personal time off, and paid sick time that meets or exceeds state/local requirements. 

Topcon reserves the right to ultimately pay more or less than the posted range and offer additional benefits and other compensation; individual candidate compensation may be determined based on individual skills, experience, training, certifications, education, final work location and other factors not related to an applicant’s sex or other status protected by local, state, or federal law. Changes in the position level, location or other factors associated with the role may change the final determined compensation.  The recruiter can provide additional information during the hiring process.

*Topcon time off policies can vary between roles which are exempt or non-exempt.  For hourly (“non-exempt”) employees, we offer personal paid time off which accrues in accordance with local standards.  For salaried (“exempt”) employees, we offer a flexible paid time off policy giving you flexibility to take time when needed, while supporting business needs.  All paid time off policies are in accordance with or exceeding local law.  Employees working at least 30 hours per week are eligible for our Health and Welfare benefit package.

EEO Statement:

We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.