Jobs · Management · California

Vice President, Global Privacy

Revolution Medicines · San Francisco Bay Area · 2 wk ago
HybridManagement$311k–$357k/yrFull-time

Key Responsibilities

  • Lead the development and execution of a comprehensive global privacy strategy aligned with business objectives and the broader compliance program.
  • Serve as a senior advisor to the General Counsel (GC) and other senior executives on global privacy risks, regulatory developments, and data governance.
  • Establish and maintain enterprise-wide global privacy governance frameworks, policies, and standards.
  • Set the enterprise privacy vision, roadmap, budget, and multi-year priorities to support RevMed's global growth, clinical development, and commercialization strategy.
  • Establish regional privacy governance, escalation paths, and privacy champion networks to ensure consistent execution and accountability across geographies.
  • Advise executive leadership on strategic data initiatives, including global data use, digital capabilities, AI/ML governance, and cross-border data strategy.
  • Build, scale, and lead the global privacy function across all regions in which Revolution Medicines operates, including the operating model, regional coverage, resourcing plan, and talent strategy.
  • Provide regular updates to the General Counsel and other senior executives on global privacy program performance, risks, and mitigation strategies.
  • Design, implement, and continuously enhance a global privacy program aligned with international laws and best practices.
  • Ensure compliance with global privacy and data protection regulations, including GDPR, UK GDPR, HIPAA, CCPA/CPRA, and other applicable international and local laws.
  • Oversee Data Privacy Impact Assessments (DPIAs), cross-border data transfer mechanisms, and global risk assessments.
  • Monitor and report on privacy metrics, trends, and program effectiveness across regions.
  • Serve as the primary privacy lead for all clinical trial-related activities, including data collected from clinical sites, investigators, and patients.
  • Partner with R&D and clinical teams to ensure compliant handling of sensitive clinical and health data.
  • Collaborate with Commercialization teams to advise on processes, controls, and risks related to data-driven activities, including analytics, digital initiatives, and commercialization strategies.
  • Embed privacy-by-design and privacy-by-default principles into systems, products, and business processes globally.
  • Support global initiatives involving sensitive data, including clinical, digital, and analytics-driven programs.
  • Work closely with HR and Information Security (IS) to address employee and internal data privacy matters, including monitoring, investigations, and governance of workforce data.
  • Lead or oversee global privacy incident response, including breach assessment, notification, and remediation across jurisdictions.
  • Lead and/or oversee privacy-related investigations, including internal reviews and regulatory-driven inquiries.
  • Collaborate with Compliance and Information Security to ensure consistent global controls and preparedness.
  • Identify, assess, and mitigate global privacy risks in alignment with enterprise risk management priorities.
  • Serve as a key point of contact for global data protection authorities and regulators, in coordination with Compliance and Legal.
  • Support global regulatory inquiries, audits, and inspections related to privacy.
  • Own and maintain privacy-related standards across the organization, including templates and playbooks.
  • Review, negotiate, or oversee negotiation of privacy and data protection terms in contracts, including data processing agreements (DPAs), standard contractual clauses (SCCs), and related provisions.
  • Ensure consistent and appropriate privacy language across all contractual forms and third-party engagements.
  • Develop and deliver global privacy training and awareness programs aligned with compliance initiatives.
  • Promote a culture of privacy, ethics, and accountability across all geographies.

Required Skills, Experience and Education

  • Juris Doctor (JD); active bar membership a plus.
  • Privacy certifications (e.g., CIPP/E, CIPP/US, CIPM, CIPT).
  • 18+ years of experience in privacy, data protection, legal, compliance, or risk management, including senior leadership accountability for global programs.
  • Significant experience building, scaling, and leading global privacy programs and teams in multi-jurisdictional environments.
  • Experience in regulated industries (e.g., biotech, pharmaceutical, healthcare, or technology) preferred.
  • Deep knowledge of global privacy regulations and frameworks (e.g., GDPR, UK GDPR, HIPAA, CCPA/CPRA, and other international laws).
  • Experience with cross-border data transfers, data localization requirements, and global data governance.
  • Strong understanding of privacy risk assessments, data lifecycle management, and compliance program integration.
  • Familiarity with emerging areas such as AI/ML governance, digital health, and global data strategy.
  • Ability to influence the executive team and senior leadership and drive global, cross-functional initiatives.
  • Strong strategic thinking with practical, business-oriented judgment.
  • Excellent communication and stakeholder management skills across diverse geographies.
  • Proven ability to build and lead high-performing teams and operate effectively in a matrixed, global organization.
  • Strong organizational and project management capabilities.

Similar jobs