Privacy Officer - US

Werfen is a growing, family-owned, innovative company founded in 1966 in Barcelona, Spain. We are a worldwide leader in specialized diagnostics in the areas of Hemostasis, Acute Care Diagnostics, Transfusion, Autoimmunity, and Transplant. Through our Original Equipment Manufacturing (OEM) business line, we research, develop, and manufacture customized assays and biomaterials. We operate directly in 30 countries, and in more than 100 territories through distributors. Our Headquarters and Technology Centers are located in the US and Europe, and our workforce is more than 7,000 strong.

Our success comes from a specific focus in these rapidly evolving diagnostic areas, our commitment to customers, and our dedication to innovation and quality. We're passionate about providing healthcare professionals the most valuable and complete solutions to improve hospital efficiency and enhance patient care.

This position is part of the Chief Information Security Officer Group (CISO Group) with worldwide responsibility for cybersecurity for IT, business systems, and the network which extends to affiliates and security of products and services. The Privacy Officer oversees data privacy and protection policies to ensure that the entire organization processes the personal data of their customers, employees, and partners, in accordance with company policies and regulatory compliance requirements.

Key Accountabilities

• Expand and implement Werfen's global privacy program. Proactively serve as a privacy subject matter expert, promoting best practices and developing internal privacy policies and procedures that are consistent with the corporate privacy program.
• Evaluate new US, Canada, Mexico, Central and South America privacy laws and other regulatory changes worldwide. Monitor, analyze and communicate updates to relevant stakeholders and make recommendations as necessary to ensure ongoing compliance.
• Support day-to-day business operations to ensure compliance with applicable US privacy laws, including HIPAA.
• Maintain a robust inventory of privacy-related artifacts (ie: data flows, data registers, records of processing activities) for both business systems and product offers.
• Collaborate with global teams to monitor and ensure end-to-end compliance with applicable privacy and security laws.
• Collaborate cross-functionally with the relevant partners to support and ensure the integration of privacy by design into delivered services and the product development lifecycle. Address privacy compliance gaps.
• Assist teams to develop and implement processes and technical controls to uphold the privacy strategy.
• Regular execution of data protection impact assessments (DPIAs) and privacy assessments for marketed products and services delivered to evaluate the impact on data privacy and propose necessary mitigation measures.
• Provide regular privacy training and awareness to stakeholders. Contribute to raise a privacy compliance culture.
• Conduct 3rd party/vendor risk assessments. Work with Legal to ensure that contracts include all necessary clauses to meet legal requirements.
• Respond to individual rights requests and regulatory inquiries.
• Present complex technical or legal concepts to non-technical partners in order to promote the value proposition of integrating security.
• Manage privacy incident response process, including notifications to affected individuals and authorities, and work with affected departments on the remediation plans.
• Collect, maintain and report metrics that illustrate privacy program maturity for business systems and product offers, to drive data-related continuous improvement.

Networking/Key relationships

Able to identify and resolve common legal issues and build strong relationships with other global business stakeholders, including IT, HR, Marketing, Product Privacy & Security, and other departments.

Key users in each of the functional areas.

Minimum Knowledge & Experience required for the position:

Bachelor's degree in Computer Science, Cybersecurity, Law or related field is preferred. Industry experience may compensate for a degree.

Minimum of 15 years in the fields of security and privacy, including in-depth understanding of the GDPR and other relevant laws such as HIPAA, CCPA and CPRA, with a background in information security principles, technologies & practices, information risk analysis, and risk management in an international company or comparable activity in a consulting company.

10+ years implementing and managing a corporate privacy program.

HIPAA and GDPR experience. Cybersecurity controls experience is a plus.

CIPP/CIPM/CIPT certification a plus.

Knowledge of medical devices a plus.

Skills & Capabilities:

• Teamwork and collaboration
• Thinking and problem-solving skills
• Curiosity and analytica skills
• Ability to work independently managing assigned projects, exercise leadership and influence change.
• Adaptable to change
• lntegrity and trust
• Time management
• Fluent English in verbal and written communication, Spanish and additional language skills are a benefit.

Travel requirements:

• 15% of time

If you are interested in constantly learning and being challenged on a daily basis we encourage you to submit your resume or CV.

Werfen is an Equal Opportunity employer and is committed to a diverse workplace. Werfen strictly prohibits unlawful discrimination, harassment or retaliation based upon an individual's race, color, religion, gender, sexual orientation, gender identity/expression, national origin/ancestry, age, mental/physical disability, medical condition, marital status, veteran status, or any other protected characteristic as defined by applicable state or federal law. If you have a disability and need an accommodation in relation to the online application process, please contact NAtalentacquisition@werfen.com for assistance.

We operate directly in over 30 countries, and in more than 100 territories through distributors. Annual revenue is approximately $2 billion and more than 7,000 employees around the world comprise our Werfen team.

www.werfen.com