Sr Director, IT Data Privacy

Gilead Sciences is continuing to hire for all open roles. Our interview process may be conducted virtually and some roles will be asked to temporarily work from home. Over the coming weeks and months, we will be implementing a phased approach to bringing employees back to site to ensure the health and safety of our teams. **For Current Gilead Employees and Contractors:** Please log onto your Internal Career Site at to apply for this job. **Job Description** Senior Director, IT Data Privacy is a key member of the IT Security and Privacy leadership team and manages the data privacy team. This Senior Director will spearhead efforts around vendor security and privacy assessments, contract reviews, data security controls and processes, and will work with various technology leaders and system managers to ensure that appropriate data privacy controls and processes are in place in our dynamic and growing environment. The role entails working collaboratively with the cybersecurity branch of our team to lead discovery, prioritization, and implementation of privacy solutions; ensuring that they are up to date and optimized; and containing and responding to suspected privacy incidents. In addition, the role also include working closely with the Legal / Privacy & Information Governance teams to ensure that Gilead stays abreast of worldwide data privacy requirements in countries and markets that we operate in, and strategically plan for appropriate compliance measures. Senior Director, IT Data Privacy is expected to: + Collaborate with management, Legal, Marketing, IT, Human Resources, and other appropriate departments to develop and continuously improve upon Gilead's comprehensive privacy program, consistent with relevant laws and regulations, including but not limited to the EU's General Data Protection Regulation. + Lead and functionally/administratively manage a team of employees and contractors with global privacy focus. + Evaluate and improve upon processes for investigating, documenting, and reporting unauthorized access or disclosure of personal information. + Develop and implement, or update (as the case may be) data related privacy policies, standards and procedures. + Develop and implement corrective actions as needed in response to complaints concerning the organization's processing of personal information, and develop and apply appropriate corrective action where needed. + Establish and maintain a close working relationship with Gilead's EU and worldwide Data Protection Officers, ensuring collaboration and aligned objectives for data privacy works. + Ability to act as a primary point of escalation and subject matter expert for any prioritized data privacy related matters from all countries Gilead operates in. + Act as a data privacy advocate and liaise as a trusted advisor with business leaders to increase awareness and stakeholder engagement throughout all departments, whilst delivering support to business led projects and initiatives. + Maintain and update the IT Privacy Program Strategy and Roadmap in collaboration with Legal Privacy & Information Governance team. + Create and deliver privacy-related training programs for all employees, contractors, and any appropriate third parties. + Participate in the Gilead table top exercises to primarily address data privacy incident response activities + Oversee privacy program risk assessments and resulting mitigation and remediation plans. In-scope assessments include Vendor Security & Privacy Assessment, Privacy Impact Assessments as well as evaluation / review / approval of any policy exceptions impacting personal information handling. + Maintain current knowledge of applicable US federal, state, EU and additional global data protection laws and accreditation standards. + Execute data privacy Incident response activity stages of Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned, in the event of any suspected breach of personal information privacy/security. + Ensure that Gilead's framework for data privacy complies with applicable privacy and security laws. + Implement and maintain proper preventive, detective, and remediation controls related to the protection of personal information. + Execute privacy program workflow activities consistent with relevant policies and procedures, testing, auditing, monitoring, tracking, and reporting. + Work with global legal groups in an advisory capacity with regard to IT data privacy contracts. Focus may include development and/or periodic updating of contract template language, and/or consultation on specific contract engagements in progress. **Qualifications:** + 15+ years' experience working in an information security, data privacy, or risk management related field + 5+years working within Governance, Risk and Compliance tools and processes r in a global enterprise + Bachelor of Science degree in management of information systems, computer science, computer engineering, or other IT-related