Vice President, Global Privacy
Revolution Medicines · San Francisco Bay Area · 2 wk ago
HybridManagement$311k–$357k/yrFull-time
Key Responsibilities
- Lead the development and execution of a comprehensive global privacy strategy aligned with business objectives and the broader compliance program.
- Serve as a senior advisor to the General Counsel (GC) and other senior executives on global privacy risks, regulatory developments, and data governance.
- Establish and maintain enterprise-wide global privacy governance frameworks, policies, and standards.
- Set the enterprise privacy vision, roadmap, budget, and multi-year priorities to support RevMed's global growth, clinical development, and commercialization strategy.
- Establish regional privacy governance, escalation paths, and privacy champion networks to ensure consistent execution and accountability across geographies.
- Advise executive leadership on strategic data initiatives, including global data use, digital capabilities, AI/ML governance, and cross-border data strategy.
- Build, scale, and lead the global privacy function across all regions in which Revolution Medicines operates, including the operating model, regional coverage, resourcing plan, and talent strategy.
- Provide regular updates to the General Counsel and other senior executives on global privacy program performance, risks, and mitigation strategies.
- Design, implement, and continuously enhance a global privacy program aligned with international laws and best practices.
- Ensure compliance with global privacy and data protection regulations, including GDPR, UK GDPR, HIPAA, CCPA/CPRA, and other applicable international and local laws.
- Oversee Data Privacy Impact Assessments (DPIAs), cross-border data transfer mechanisms, and global risk assessments.
- Monitor and report on privacy metrics, trends, and program effectiveness across regions.
- Serve as the primary privacy lead for all clinical trial-related activities, including data collected from clinical sites, investigators, and patients.
- Partner with R&D and clinical teams to ensure compliant handling of sensitive clinical and health data.
- Collaborate with Commercialization teams to advise on processes, controls, and risks related to data-driven activities, including analytics, digital initiatives, and commercialization strategies.
- Embed privacy-by-design and privacy-by-default principles into systems, products, and business processes globally.
- Support global initiatives involving sensitive data, including clinical, digital, and analytics-driven programs.
- Work closely with HR and Information Security (IS) to address employee and internal data privacy matters, including monitoring, investigations, and governance of workforce data.
- Lead or oversee global privacy incident response, including breach assessment, notification, and remediation across jurisdictions.
- Lead and/or oversee privacy-related investigations, including internal reviews and regulatory-driven inquiries.
- Collaborate with Compliance and Information Security to ensure consistent global controls and preparedness.
- Identify, assess, and mitigate global privacy risks in alignment with enterprise risk management priorities.
- Serve as a key point of contact for global data protection authorities and regulators, in coordination with Compliance and Legal.
- Support global regulatory inquiries, audits, and inspections related to privacy.
- Own and maintain privacy-related standards across the organization, including templates and playbooks.
- Review, negotiate, or oversee negotiation of privacy and data protection terms in contracts, including data processing agreements (DPAs), standard contractual clauses (SCCs), and related provisions.
- Ensure consistent and appropriate privacy language across all contractual forms and third-party engagements.
- Develop and deliver global privacy training and awareness programs aligned with compliance initiatives.
- Promote a culture of privacy, ethics, and accountability across all geographies.
Required Skills, Experience and Education
- Juris Doctor (JD); active bar membership a plus.
- Privacy certifications (e.g., CIPP/E, CIPP/US, CIPM, CIPT).
- 18+ years of experience in privacy, data protection, legal, compliance, or risk management, including senior leadership accountability for global programs.
- Significant experience building, scaling, and leading global privacy programs and teams in multi-jurisdictional environments.
- Experience in regulated industries (e.g., biotech, pharmaceutical, healthcare, or technology) preferred.
- Deep knowledge of global privacy regulations and frameworks (e.g., GDPR, UK GDPR, HIPAA, CCPA/CPRA, and other international laws).
- Experience with cross-border data transfers, data localization requirements, and global data governance.
- Strong understanding of privacy risk assessments, data lifecycle management, and compliance program integration.
- Familiarity with emerging areas such as AI/ML governance, digital health, and global data strategy.
- Ability to influence the executive team and senior leadership and drive global, cross-functional initiatives.
- Strong strategic thinking with practical, business-oriented judgment.
- Excellent communication and stakeholder management skills across diverse geographies.
- Proven ability to build and lead high-performing teams and operate effectively in a matrixed, global organization.
- Strong organizational and project management capabilities.