Global Data And Privacy Senior Advisor

Careers that Change Lives

The Global Data and Privacy Senior Advisor provides leadership and direct support to the assigned Operating Units (OU) for the strategy, design, development, implementation, and ongoing management of Medtronic's Global Data and Privacy Program activities that address and support US and OUS legal and regulatory requirements. Additionally, the Global Data and Privacy Senior Advisor will provide advice and counsel to the R&D organization, work closely with the Operation Units Legal Partner(s) to help bring ideas to commercialization.

The Global Data and Privacy Senior Advisor reports into the Deputy Chief Privacy Officer and is a key member of the Data & Privacy Center of Excellence ("COE").

In cooperation with the Senior Director, this seasoned professional actively engages with the assigned Operating Units with regional and business unit personnel and leaders to provide strategic privacy expertise, direct support, and influence management for operational execution and compliance with US and OUS based legal, regulatory and business data protection and privacy requirements. The Global Data and Privacy Senior Advisor ensures appropriate triaging of transactional and operational data and privacy work to Privacy Operations and regional Data & Privacy teams and provides strategic oversight and direction for bespoke Privacy by Design work and advising performed by Privacy. The Global Data and Privacy Senior Advisor provide support for the execution and implementation in the assigned Operating Units. The Global Data and Privacy Senior Advisor works closely together with the Operating Unit Legal Counsel to ensure strategic alignment on data and privacy.

In alignment with the Global Data Protection and Privacy Program policies, standards and requirements, this position focuses on a wide range of business operations activities, practices and standards to meet US and OUS privacy regulatory requirements such as HIPAA, COPPA, CCPA, CPRA, Breach Notification laws, PIPEDA,EU GDPR, ISO and other standards bodies and international standards.

The Data and Privacy COE team operates as a high functioning team within a relatively flat team structure. Members of this team are innovative, highly flexible; enthusiastic collaborators; results orientated; independent; actively engaged; and able to influence without direct authority.

There is a strong preference for this role to reside in Minneapolis, MN or Boulder, CO and work in the office per the hybrid guidelines (3 days/week in the office).

A Day in the Life

Responsibilities may include the following and other duties may be assigned.

The Global Data and Privacy Senior Advisor provides strategic data and privacy advice and closely aligns with multiple partner stakeholders and the global data protection professionals to design, and execute standards and practices for effective data protection and privacy across the assigned Operating Units. Key responsibilities include:

• Lead by example to model a culture of ethics and integrity; exercise sound judgment and courage as a trusted advisor to the assigned Operating Units;

• "Face" of program for the assigned (teams within) Operating Units & key point of contact/access into program;

• Be point of contact towards the assigned Operating Units for (global and regional) privacy teams of the COE;

• Engage with Operating Unit stakeholders to provide data protection and privacy program and requirements subject matter expertise as key resource and point of contact to regional, business, partner functions, and other key stakeholders, drive awareness, share knowledge, and ensure accountability for both data and privacy legal/regulatory compliance as well as strategic advising;

• Be strategic partner on all things data and privacy for the Operating Unit Legal Counsel and work with them to ensure stakeholder alignment with the Operating Unit, including on prioritization, remediation and other;

• On point to speak about Privacy risks to OU leadership, in consultation with OU Legal Partner;

• Lead or direct OU level assessments that results in program enhancement, mitigation and remediation activities as appropriate;

• Collaborate with Operating Unit leadership, OU Legal Partner, and other key stakeholders to implement new legal and regulatory requirements relating to data protection and privacy impacting Medtronic businesses. Provide communication and guidance to OU personnel for implementation of identified requirements. Design and implement effectiveness testing for high risk implementation activities as appropriate;

• Keep Data & Privacy COE informed about strategic objectives, projects and timelines of the assigned Operating Units, on global and regional level, to allow for proper planning of OU data and privacy work by the COE;

• In close cooperation with OU Legal, Privacy Operations, coordinate program operations at respective OU/function level, where applicable with SLAs with Privacy Operations and/or regional teams:

o Spot issues and ensure appropriate triaging of transactional and operational data and privacy work to Privacy Operations and regional Data & Privacy teams;

o This may include e privacy impact assessment (PIA) activities and/or business consulting for new product development, material changes to existing products, third party vendor privacy assessments and business consultation requests as required by standards and procedures. On behalf of the Operating Unit, analyze results of assessments to identify trends and patterns that can be used to improve review efficiencies, existing processes, and standards:

§ Provide strategic oversight and direction for bespoke Privacy by Design work and advising performed by Privacy Operations;

§ Implement and further mature Privacy by Design processes in the assigned Operating Unitst;

§ Provide support for the execution and implementation in the assigned Operating Units;

§ Lead or direct the development and implementation of regional or business unit corrective action for identified gaps, privacy incidents or breaches; provide routine remediation status reporting for management and governance oversight;

§ Lead and direct the design and implementation of standards and processes for OU response to individual rights requests such as data access requests, accounting of disclosures, the right to inspect and copy, restrictions on disclosures, opt-in or opt-out requirements and other related individual rights; support Privacy Operations in execution of the requests

• Implement Go-to-market and Customer-go-to models in the assigned Operating Units

• Establish relationships with OUs/Functions teams that are heavy data users and gain up-front alignment on data usage and how to balance different constraints;

• In close cooperation with OU Legla, and the Global Data & Privacy Program and Privacy Operations, oversee and support Data & Privacy programmatic activities in the OU:

o Design, direct and support data protection and privacy operational compliance monitoring activities in collaboration and coordination with the organization's security, compliance, audit, risk management and other related corporate functions as appropriate; this may include, for the US, design and implement business unit privacy "Covered Entity", "Business Associate" or similar privacy related contracting requirements;

o Oversee development and support implementation of business level data protection and privacy policies, standards and procedures, as required;

• Provide subject matter expertise to Privacy Operations for development and implementation of role-based data protection and privacy training as required. Perform module review as necessary to confirm alignment of content and approach;

• Oversee data protection and privacy efforts for the due diligence and integration of acquisitions within the businesses;

• Provide input and detail for budget planning, monitoring, and function metrics and reporting as requested;

• Provide subject matter expertise for the Global Data and Privacy Program in development and implementation of core privacy program elements as requested.

• Other responsibilities as assigned.

Must Have: Minimum Requirements

• Bachelor's degree with 10+ years of privacy experience, or an advanced degree with 8+ years of privacy experience

Nice to Have

• Advanced degree

• Knowledge of and experience supporting business understanding and compliance with privacy laws both within and outside of the US

• Experience in the healthcare industry

• Experience supporting R&D or other technical functions

• Experience supporting a data privacy, security or equivalent function directly or indirectly for a large, regulated and matrixed organization

• Experience with business operations requirements implementation

• Experience with privacy requirements related to mobile applications and websites in a healthcare or related setting

• Experience directly or indirectly with compliance or similar function

• Experience supporting change management projects

• Strong knowledge of, and experience in program and project management

• Experience working with global and/or matrixed IT systems, services, operations or other related management environment

• Demonstrated cross-functional team execution skills

• Experience assessing and defining system specifications preferably in relation to compliance with data protection and privacy regulations

• Demonstrated advocate for proper data management systems

• Demonstrated influence management skills, exceptional interpersonal and communication skills

• Demonstrated experience building positive relationships with a variety of stakeholders, including with employees, clients, senior management, external parties/authorities and suppliers.

• Demonstrated results orientation (driving to deadlines, financial targets, project goals, etc.)

• Strong ability to work collaboratively and partner with employees, other leaders, clients, and vendors.

• Demonstrated ability to work across many levels of an organization, from VP to non-exempt staff

• Demonstrated ability to work across a matrixed or virtual organization and still meet objectives

• Demonstrated ability to manage multiple priorities simultaneously.

• Demonstrated ability to utilize excellent decision-making skills.

• Experience and demonstrated ability to present to a variety of audiences including the ability to translate technical information

• Lean Sigma or Six-Sigma training/experience

• Vendor management experience

• Familiarity with FDA and FTC regulations, HIPAA, CCPA, COPPA, CPRA, Breach Notification laws, PIPEDA, EU GDPR, ISO and other standards bodies and international standards

About Medtronic

Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.

We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let's work together to address universal healthcare needs and improve patients' lives. Help us shape the future.

Physical Job Requirements

The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role. (ADA-United States of America)

A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage. Learn more about our benefits here.

This position is eligible for a short-term incentive plan. Learn more about Medtronic Incentive Plan (MIP) here.

The base salary range is applicable across the United States, excluding Puerto Rico and specific locations in California. The offered rate complies with federal and local regulations and may vary based on factors such as experience, certification/education, market conditions, and location. Compensation and benefits information pertains solely to candidates hired within the United States (local market compensation and benefits will apply for others).