This position will serve as Privacy Officer and be a member of the Company’s Compliance Department.
- This position can be based in Natick, MA or Arden Hills, MN
The Privacy Leader has primary responsibility for overseeing, maintaining, and further enhancing Boston Scientific’s global privacy program. The scope of this position is expansive, and this individual will interface enterprise-wide on a business, facility and regional basis.
Foster company compliance with global privacy and data protection laws and regulations as well as privacy and information security best practices and standards. Identify, implement, maintain and update privacy policies and procedures in coordination with Global Compliance colleagues, the Legal Department and outside counsel, Global Security, Human Resources including the Group Health Plan, Corporate Analysis and Control and Information Systems; interact with program and product management across Boston Scientific to provide direction and guidance on company-wide privacy and information security projects. Work to ensure appropriate policy and operational implementation of the requirements under HIPAA, including negotiation of Business Associate Agreements and development of related education Coordinate information privacy risk assessments, data audits and implementation of recommendations resulting from same, including HIPAA Privacy and Security Assessments Develop privacy training and education materials focused on specific needs and legal requirements. Facilitate and promote activities to foster information privacy awareness within Boston Scientific Review privacy and information security implications of proposed business changes, including of mergers and acquisitions and outsourcing activities In collaboration with Global Compliance colleagues, Human Resources, the Chief Information Officer, Global Security and the Legal Department, assist with the processes for receiving, managing and appropriately responding to potential and actual security/privacy breach incidents, complaints related to privacy and security issues, and government authorities’ inquiries into the company’s privacy policies and procedures Work with program and product management and Global Compliance colleagues to administer the Data Governance Council, an organization-wide, cross-functional privacy and data governance group, and its various related sub-groups based on business function and/or region (Data Governance Committees). Serve in a leadership role for the Data Governance Council’s activities Remain current on privacy developments and best practices and report on emerging legislation/regulations and how the company is currently addressing privacy issues Provide input for information security policies and procedures to ensure alignment between privacy and information security working with the Director, IS (IS Risk Management). Work with IS Department (and Legal Department support) concerning vendor management and BSC Data Privacy and Security Requirements Research privacy and information security issues with regard to company policies and procedures to ensure compliance with applicable national, federal and state laws and regulations regarding privacy and data protection Oversight of administration of global privacy policies
Quality System Requirement
In all actions, demonstrates a primary commitment to patient safety and product quality by maintaining compliance to the Quality Policy and all other documented quality processes and procedures.
The above statements are intended to describe the general nature and level of work being performed
- Advanced understanding of U.S. (federal and state), European (European Union and Member State), and additional international privacy and data protection laws
- An accomplished privacy and data security background, including a minimum of 5 years experience of in-house privacy experience and 8 years in the privacy field
- Bachelor’s degree required, Advanced degree (e.g., JD or MBA) preferred
- Practical and in-depth experience developing and implementing actionable and practical global privacy solutions for a global organization
- Thorough knowledge of laws affecting privacy and security, such as, HIPAA, , CAN SPAM, PIPEDA (Canada), the EU Data Protection Directive, the APEC privacy framework, and various state and local laws governing privacy and information security (including Mass. 201 CMR 17.00)
- Knowledge of industry standards affecting privacy and information security, such as PCI, DSS and FISMA standards
- Professional certification preferred, such as CIPP (Certified Information Privacy Professional) or Security professional (CISM, CISSP)
by people assigned to this classification. They are not intended to be construed as an exhaustive list
of all responsibilities, duties and skills required of personnel so classified.
Boston Scientific Corporation - 18 months ago
Boston Scientific knows that nothing is simple in matters of the heart. The company makes medical supplies and devices used to diagnose and...