Senior Privacy Specialist

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 114,000 colleagues serve people in more than 160 countries.

JOB DESCRIPTION:

THE OPPORTUNITY 

This Senior Privacy Specialist position can work remotely within the U.S.

The Senior Privacy Specialist is responsible for supporting the review and design of privacy and compliance controls, mechanisms and protocols across the organization and product line, and will support an important global digital transformation initiative. This team member will work cross-functionally with the Privacy, Legal, Compliance, Engineering, and Product Teams. The ideal candidate will have a clear ability to coordinate with application and system owners to help them understand and implement privacy by design and compliance obligations and solutions for the full lifecycle of applications and systems, from proof of concept, business analysis and financial modeling, architecture design, user acceptance testing to solution deployment. This person will assist their leadership with ensuring engineering and data privacy solutions and technologies are properly supported, implemented, and sufficiently meets the needs for which they are deployed to protect confidential and proprietary data. This individual will assist in the planning, design, implementation and ongoing support of engineering privacy control systems, compliance and processes to fulfill commercial needs.

WHAT YOU’LL WORK ON 

• Develop and implement standards, processes and technical solutions to ensure privacy policies are correctly implemented. The implementations should advance compliance with legal and business forms of data processing.
• Work to align advanced technologies and Privacy by Design principles from the first stages of development and collaborate with legal and privacy colleagues to ensure that the data processing meets established regulatory compliance needs. 
• Collaborate with product and system development teams creating new data processing that employ privacy features.
• Analyze and provide design requirements for processing for personal information with a goal of implementing technical solutions to help mitigate privacy vulnerabilities and prevent potential future privacy risks.
• Interact with users to define system requirements and/or necessary modifications to new or existing software. 
• Guide the development of new privacy products and features, as well as the review of in place products and technology to ensure persistence of privacy controls.
• Identify areas of improvement in local practices relative to managing data privacy.
• Assist with regular privacy assessments of operational processes, identifying, and mitigating risks through effective tools, training, and guidance.
• Assist with tracking categories of privacy threats and vulnerabilities to proactively address potential future variances.
• Communicate program progress, escalations, and issue analysis to key stakeholders.
• Increase privacy maturity in the technical and compliance teams by providing privacy education, training, and mentoring.
• Closely interact with local teams in case of regulator inquiries or addressing data subject rights and drive for delivering system related / technical information and analysis needed to work up the cases and draft responses.
• Advise on technical features of systems and applications for Data Protection Impact Assessments.
• Conduct technical and quantitative analysis to drive scalable, efficient, and data-driven privacy decision-making.
• Design, architect, and lead implementation of privacy-enhancing solutions alongside Engineering teams including privacy design and strategy across ADC.
• Conduct privacy impact assessments of multiple product components, and determine how to bridge between data regulations, governance, practical engineering practices, and policy practices.
• Develop, maintain, and publish design or technical documentation to drive consistency in privacy decisions and practices.
• Drive and develop executive-level briefings on progress across major privacy control development frameworks.
• Ability to manage risk in ambiguous and complex situations.

CRITICAL SUCCESS FACTORS:

• Assist with compliance audits, oversee the fulfillment of auditors' requests, act as a liaison between business and auditors during on-site activities, evaluate and respond to preliminary findings and recommendations, guide the business in preparing corrective action to address moderately complex findings and recommendations, and ensure timely completion.
• Participate in Compliance Review Committee meetings and provide input on the violation process. Assist with tracking and trending and propose recommendations for corrective actions.
• Provide guidance on proposed commercial programs, identify moderately complex legal and regulatory issues, analyze alternatives, and work with legal, as appropriate, to propose solutions to the business.

REQUIRED QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Privacy Engineering, Information Technology, or a related technical field
• 3+ years of experience with privacy in an engineering and or technical implementation context.
• 5+ years of progressive privacy program management, compliance, and or program management experience (healthcare or tech preferred).
• Fluency and proficiency in privacy-preserving methods and technology
• Strong verbal and presentation skills to facilitate communicating complex topics with diverse stakeholders during trainings or meetings.
• Be detail-oriented, highly organized, and independent; capable of managing a wide range of diverse projects with minimal supervision.
• Experience implementing and managing applicable regulatory frameworks (e.g., GDPR, HIPAA, CPRA, and other U.S. state laws).

PREFERRED:

• Experience driving changes across multiple business units with competing priorities.
• Experience supporting product launches or familiarity with product launch lifecycle.
• Experience scaling out privacy controls and capabilities
• Experience in program management, consulting, or internal regulatory compliance.
• Experience and understanding of compliance practices related to data security and privacy, including common risks and controls.
• Professional certification in privacy (e.g., CIPP, CIPM, CIPT, CDPSE)
• OneTrust expertise.
• Familiarity with information governance standards, such as the National Institute of Standards and Technology (NIST) Privacy and Cybersecurity Frameworks.
• Experience with privacy-enhancing technologies (PETs).
• Ability to identify stakeholders and points of view, bringing people together to agree on and execute a strategy.
• Prior exposure to regulated healthcare and life sciences companies.

The base pay for this position is

$95,000.00 – $190,000.00

In specific locations, the pay range may vary from the range posted.

JOB FAMILY:Product Development

DIVISION:ADC Diabetes Care

LOCATION:United States of America : Remote

ADDITIONAL LOCATIONS:

WORK SHIFT:Standard

TRAVEL:Yes, 5 % of the Time

MEDICAL SURVEILLANCE:Not Applicable

SIGNIFICANT WORK ACTIVITIES:Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day), Keyboard use (greater or equal to 50% of the workday)

Abbott is an Equal Opportunity Employer of Minorities/Women/Individuals with Disabilities/Protected Veterans.

EEO is the Law link - English: http://webstorage.abbott.com/common/External/EEO_English.pdf

EEO is the Law link - Espanol: http://webstorage.abbott.com/common/External/EEO_Spanish.pdf